The functional tests that we added to verify this fix are being run
against the stable branches, causing them to break because neither
stable/ocata or stable/newton have the fix posted here. This was found
and reported in https://bugs.launchpad.net/keystone/+bug/1704148.
** Also affects: keystone/ocata
Importance: Undecided
Status: New
** Also affects: keystone/newton
Importance: Undecided
Status: New
** Changed in: keystone/newton
Status: New => In Progress
** Changed in: keystone/ocata
Status: New => In Progress
** Changed in: keystone/newton
Importance: Undecided => High
** Changed in: keystone/ocata
Importance: Undecided => High
** Changed in: keystone
Importance: Undecided => Medium
** Changed in: keystone/newton
Assignee: (unassigned) => Lance Bragstad (lbragstad)
** Changed in: keystone/ocata
Assignee: (unassigned) => Lance Bragstad (lbragstad)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1687593
Title:
Create OAUTH request token gives 401 error when request url is admin
endpoint
Status in OpenStack Identity (keystone):
Fix Committed
Status in OpenStack Identity (keystone) newton series:
In Progress
Status in OpenStack Identity (keystone) ocata series:
In Progress
Status in python-keystoneclient:
In Progress
Bug description:
Create request token API returns 401 error when the request URL is
admin endpoint.
Error scenario:
URL used to generate OAUTH signature and for POST request is Keystone admin
endpoint
http://<keystone ip:port>/identity_admin/v3/OS-OAUTH1/request_token
Working scenario:
When the URL used to generate OAUTH signature is public endpoint, then the
response is 201.
http://<keystone ip:port>/identity/v3/OS-OAUTH1/request_token
Endpoints in devstack for identity:
ocata@ocata-VirtualBox:~/devstack$ openstack endpoint list | grep identity
| 549f73e17b0e471e95176bb508561bb3 | RegionOne | keystone | identity
| True | internal | http://192.168.56.101/identity |
| 739cda51666f4ab197241beac5c5c14c | RegionOne | keystone | identity
| True | admin | http://192.168.56.101/identity_admin |
| a0eb39c0ecff46c3b61bc6184c42bc13 | RegionOne | keystone | identity
| True | public | http://192.168.56.101/identity
Steps to reproduce the problem:
Run the python script in the below link (by changing the necessary
credentials and IP address)
https://pastebin.com/AqL9674n
If #L38 is modified to public endpoint (http://<keystone
ip:port>/identity/v3/OS-OAUTH1/request_token), the status code is 201.
Seems like Keystone code verifies the OAUTH signature using Public
endpoint irrespective of the request URL.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1687593/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
