Reviewed: https://review.openstack.org/428105 Committed: https://git.openstack.org/cgit/openstack/tripleo-quickstart/commit/?id=be99f58ab0c24cc1a0b4fe6a1644805c91ae8c2b Submitter: Jenkins Branch: master
commit be99f58ab0c24cc1a0b4fe6a1644805c91ae8c2b Author: Martin André <[email protected]> Date: Thu Feb 2 12:48:22 2017 +0100 Fix initialization of novaclient This commit applies fix from I106ee603e0853bbc2da4b99724e83587de3cb4ba in oooq. projectid argument of novaclient's(< 7.0) entry-point had several meaning in case of different cases. It is not a user-friendly behaviour, so it was fixed in 7.0 . Now projectid means project/tenant id in terms of keystone, like it should be from the beginning. tenant/project name should be transmitted viaa project_name or tenant_name keyword argument. Change-Id: If76afe56f3ff851089732748693f7d2dbd06e59e Closes-Bug: #1654183 ** Changed in: tripleo-quickstart Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1654183 Title: Token based authentication in Client class does not work Status in OpenStack Dashboard (Horizon): Invalid Status in python-novaclient: Fix Released Status in tripleo: Fix Released Status in tripleo-quickstart: Fix Released Status in OpenStack DBaaS (Trove): Fix Released Bug description: With newly released novaclient (7.0.0) it seems that token base authentication does not work in novaclient.client.Clinet. I have get back the following response from Nova server: Malformed request URL: URL's project_id 'e0beb44615f34d54b8a9a9203a3e5a1c' doesn't match Context's project_id 'None' (HTTP 400) I just created the Nova client in following way: Client( 2, endpoint_type="public", service_type='compute', auth_token=auth_token, tenant_id="devel", region_name="RegionOne", auth_url=keystone_url, insecure=True, endpoint_override=nova_endpoint #https://.../v2/e0beb44615f34d54b8a9a9203a3e5a1c ) After it nova client performs a new token based authentication without project_id (tenant_id) and it causes that the new token does not belong to any project. Anyway if we have a token already why novaclient requests a new one from keystone? (Other clients like Heat and Neutron for example does not requests any token from keystone if it is already provided for client class) The bug is introduced by follwoig commit: https://github.com/openstack/python-novaclient/commit/8409e006c5f362922baae9470f14c12e0443dd70 + if not auth and auth_token: + auth = identity.Token(auth_url=auth_url, + token=auth_token) When project_id is also passed into Token authentication than everything works fine. So newly requested token belongs to right project/tenant. Note: Originally this problem appears in Mistral project of OpenStack, which is using the client classes directly from their actions with token based authentication. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1654183/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
