Thanks, Henrique!
** Changed in: keystone
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1081221
Title:
Keystone POST /tokens response does not contain all endpoints
Status in OpenStack Identity (Keystone):
Invalid
Bug description:
This scenario occurs under the following conditions:
* A service of a given type (for example 'compute') is registered in keystone.
* There are more than 1 endpoints in keystone for the associated service's
type for a given region. For example there are 2 different endpoints in
keystone, both for the compute service of the 'compute' type and both in the
region 'RegionOne'.
In the above scenario a response from the POST /tokens API only
returns a single endpoint per service type (per region). So for
example in the above scenario my endpoint catalog in the POST /tokens
response would only include 1 'compute' service endpoint -- the other
is not returned.
Note that in this scenario you can still use the admin API for GET
/services -- this will return all endpoints regardless of if there are
multiple endpoints for a single service.
See keystone.catalog.backend.sql.get_catalog()
To repo use the SQL catalog driver:
* Define a service of type 'compute'
* Define 2 different endpoints which contain different urls but both endpoint
definitions are for the service created in the previous step. Both of these
endpoints should be defined using the same region.
* Use POST /tokens on keystone to to authenticate.
* Inspect the response token.
==> You will see it only includes 1 endpoint definition for the 'compute'
service.
Example from my system using MySQL backed catalog:
(1) My keystone.service table has the following service defined:
| d0912023a0304d5191ca95d59b19c8e0 | compute |
{"description": "Nova Compute Service", "name": "nova"}
(2) My keystone.endpoint table has the following endpoints associated
with that service:
| d2299650573a46cf8ff7eebb6f7871dc | RegionOne |
d0912023a0304d5191ca95d59b19c8e0 | {"adminurl":
"http://localhost:8774/v2/%(tenant_id)s", "internalurl":
"http://localhost:8774/v2/%(tenant_id)s", "publicurl":
"http://localhost:8774/v2/%(tenant_id)s"} |
| 80d2546f347d41f8b10a313f1bbf4726 | RegionOne |
d0912023a0304d5191ca95d59b19c8e0 |
{"publicurl":"http://somehost:8992/v2"}
|
| 27aeb73ff319405f946fe1fff785b3fb | us-southeast |
d0912023a0304d5191ca95d59b19c8e0 | {"adminurl": "http://us-
se.ibm.com:4302/v2.0", "internalurl": "http://us-
se.ibm.com:4301/v2.0", "publicurl": "http://us-se.ibm.com:4300/v2.0"}
|
(3) A POST /tokens response to obtain an admin user scoped token
contains the following endpoints for 'compute':
"endpoints":[
{
"adminURL":"http://localhost:8774/v2/6f8945f2d47f4abea149b7a0176b12a8";,
"region":"RegionOne",
"publicURL":"http://localhost:8774/v2/6f8945f2d47f4abea149b7a0176b12a8";,
"internalURL":"http://localhost:8774/v2/6f8945f2d47f4abea149b7a0176b12a8";,
"id":"d2299650573a46cf8ff7eebb6f7871dc"
},
{
"adminURL":"http://us-se.ibm.com:4302/v2.0";,
"region":"us-southeast",
"publicURL":"http://us-se.ibm.com:4300/v2.0";,
"internalURL":"http://us-se.ibm.com:4301/v2.0";,
"id":"27aeb73ff319405f946fe1fff785b3fb"
}
],
"type":"compute",
"name":"nova"
},
As shown in the JSON snippet below, only 1 of the RegionOne compute endpoints
is in the token's catalog.
Additional Notes:
* I don't believe this scenario is valid using the templated driver as it
appears the template format is not robust enough to allow you to define
multiple endpoint per service.. I could be wrong, but IMO something like SQL is
more realistic anyway.
* There is a similar issue here if you try to define multiple services of the
same type (for example 'compute') but each service having its own name and
description. In this case you only get 1 of the services since the catalog is
indexed by region/type and hence you get at most 1 service of a given type per
region.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1081221/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
