[openstack-dev] [Keystone] Question regarding Service Catalog and Identity entries...
Ben Meyer
ben.meyer at rackspace.com
Tue Oct 7 14:31:16 UTC 2014
I am trying to use the Python Keystone client to integration
authentication functionality into a project I am contributing to
(https://github.com/rackerlabs/deuce-client).
However, I ran into a situation where if I do the following:
>>> c = keystoneclient.v2_0.client.Client(username='username',
password='password',
auth_url="https://keystone-compatible-service.example.com/v2.0/")
Failed to retrieve management_url from token
I traced it through the Python Keystoneclient code and it fails due to
not finding the "identity" service entry in the Service Catalog. The
authentication otherwise happens in that it has already received a
"successful" response and a full Service Catalog, aside from the
"missing" identity service. This happens with both version 0.10 and 0.11
python keystone clients; I did not try older clients.
Talking with the service provider, their version does not include itself
in the Service Catalog, and they learned the Keystone itself inserts
itself into the Service Catalog.
I can certainly understand why it having the identity service entry be
part of the Service Catalog, but for them it is (at least for now) not
desirable to do so.
Questions:
- Is it now a standard that Keystone inserts itself into the Service
Catalog?
- Or is the Python Keystone Client broken because it is forcing it to be so?
Thanks,
Benjamen R. Meyer
More information about the OpenStack-dev
mailing list