<div dir="ltr">Hi <span style="color:rgb(33,33,33);font-family:"helvetica neue",helvetica,arial,sans-serif">Aimee,</span><div><span style="color:rgb(33,33,33);font-family:"helvetica neue",helvetica,arial,sans-serif"><br></span></div><div><span style="color:rgb(33,33,33);font-family:"helvetica neue",helvetica,arial,sans-serif">Do the other APIs work?  That is, is it a general problem authenticating, or is the problem limited to list_policies?  </span></div><div><span style="color:rgb(33,33,33);font-family:"helvetica neue",helvetica,arial,sans-serif"><br></span></div><div><font color="#212121" face="helvetica neue, helvetica, arial, sans-serif">Tim</font></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Jul 20, 2016 at 3:54 PM Aimee Ukasick <<a href="mailto:aimeeu.opensource@gmail.com">aimeeu.opensource@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I've been working on Policy UI (Horizon): Unable to get policies<br>
list (devstack) (<a href="https://bugs.launchpad.net/congress/+bug/1602837" rel="noreferrer" target="_blank">https://bugs.launchpad.net/congress/+bug/1602837</a>)<br>
for the past 3 days. Anusha is correct - it's an authentication<br>
problem, but I have not been able to fix it.<br>
<br>
I grabbed the relevant code in congress.py from Anusha's horizon<br>
plugin model patchset (<a href="https://review.openstack.org/#/c/305063/3" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/305063/3</a>) and<br>
added try/catch blocks, logging statements (with error because I<br>
haven't figured out how to set the horizon log level).<br>
<br>
<br>
I am testing the code on devstack, which I cloned on 19 July 2016.<br>
<br>
With both v2 and v3 auth, congressclient.v1.client is created.<br>
The failure happens trying to call<br>
congressclient.v1.client.Client.list_policies().<br>
When using v2 auth, the error message is "Unable to get policies list:<br>
The resource could not be found"<br>
When using v3 auth, the error message is "Cannot authorize API client"<br>
<br>
I am assuming that congressclient.v1.client.Client is<br>
<a href="https://github.com/openstack/python-congressclient/blob/master/congressclient/v1/client.py" rel="noreferrer" target="_blank">https://github.com/openstack/python-congressclient/blob/master/congressclient/v1/client.py</a><br>
and that client.list_policy() calls list_policy()in the python-congressclient<br>
which in turn calls the Congress API. Is this correct?<br>
<br>
Any ideas why with v3 auth, the python-congressclient cannot authorize the<br>
call to the API?<br>
<br>
I looked at other horizon plugin models (ceilometer, neutron, nova,<br>
cerberus, cloudkitty, trove, designate, manila) to see how they created<br>
the client. While the code to create a client is not identical,<br>
it is vastly different from the code to create a client<br>
in contrib/horizon/congress.py.<br>
<br>
Thanks in advance for any pointers.<br>
<br>
aimee<br>
<br>
Aimee Ukasick (aimeeu)<br>
<br>
v2 log:<br>
2016-07-20 22:13:56.501455<br>
2016-07-20 22:14:30.238233 ***** view.get_data calling policies =<br>
congress.policies_list(self.request) *****<br>
2016-07-20 22:14:30.238318 ***** self.request.path= /dashboard/admin/policies/<br>
2016-07-20 22:14:30.238352 ***** congress.policies_list(request) BEGIN*****<br>
2016-07-20 22:14:30.238376 ***** calling client = congressclient(request)*****<br>
2016-07-20 22:14:30.238399 ***** congress.congressclient BEGIN*****<br>
2016-07-20 22:14:30.238454 ***** auth_url= <a href="http://192.168.56.103/identity2016-07-20" rel="noreferrer" target="_blank">http://192.168.56.103/identity<br>
2016-07-20</a> 22:14:30.238479 ***** calling get_keystone_session *****<br>
2016-07-20 22:14:30.238505 ***** congress.get_keystone_session BEGIN<br>
auth_url *****<a href="http://192.168.56.103/identity" rel="noreferrer" target="_blank">http://192.168.56.103/identity</a><br>
2016-07-20 22:14:30.238554 ***** path= /identity<br>
2016-07-20 22:14:30.238578 ***** using V2 plugin to authenticate*****<br>
2016-07-20 22:14:30.238630 ***** v2 auth.get_auth_state=<br>
2016-07-20 22:14:30.238656 None<br>
2016-07-20 22:14:30.238677 ***** finished using V2 plugin to authenticate*****<br>
2016-07-20 22:14:30.238698 ***** creating session with auth *****<br>
2016-07-20 22:14:30.244407 ***** congress.get_keystone_session END*****<br>
2016-07-20 22:14:30.244462 ***** regtion_name= RegionOne<br>
2016-07-20 22:14:30.244491 ***** calling congress_client.Client(**kwargs)<br>
2016-07-20 22:14:30.247830 ***** congress.congressclient END*****<br>
2016-07-20 22:14:30.247902 ***** calling policies_list =<br>
client.list_policy()*****<br>
2016-07-20 22:14:30.248012 DEBUG:keystoneauth.identity.v2:Making<br>
authentication request to <a href="http://192.168.56.103/identity/tokens" rel="noreferrer" target="_blank">http://192.168.56.103/identity/tokens</a><br>
2016-07-20 22:14:30.255023 DEBUG:keystoneauth.session:Request returned<br>
failure status: 404<br>
2016-07-20 22:14:30.257546 Unable to get policies list: The resource<br>
could not be found.<br>
<br>
<br>
v3 log:<br>
2016-07-20 22:09:22.912969<br>
2016-07-20 22:09:31.907119 ***** view.get_data calling policies =<br>
congress.policies_list(self.request) *****<br>
2016-07-20 22:09:31.907973 ***** self.request.path= /dashboard/admin/policies/<br>
2016-07-20 22:09:31.908122 ***** congress.policies_list(request) BEGIN*****<br>
2016-07-20 22:09:31.908250 ***** calling client = congressclient(request)*****<br>
2016-07-20 22:09:31.908386 ***** congress.congressclient BEGIN*****<br>
2016-07-20 22:09:31.909034 ***** auth_url= <a href="http://192.168.56.103/identity2016-07-20" rel="noreferrer" target="_blank">http://192.168.56.103/identity<br>
2016-07-20</a> 22:09:31.909217 ***** calling get_keystone_session *****<br>
2016-07-20 22:09:31.909356 ***** congress.get_keystone_session BEGIN<br>
auth_url *****<a href="http://192.168.56.103/identity" rel="noreferrer" target="_blank">http://192.168.56.103/identity</a><br>
2016-07-20 22:09:31.909527 ***** path= /identity<br>
2016-07-20 22:09:31.909795 ***** using V3 plugin to authenticate*****<br>
2016-07-20 22:09:31.910042 auth_url=<a href="http://192.168.56.103/identity2016-07-20" rel="noreferrer" target="_blank">http://192.168.56.103/identity<br>
2016-07-20</a> 22:09:31.910175 token=d46339f2d0b5455db54909d6ed95a9cc<br>
2016-07-20 22:09:31.910301 project_name=alt_demo<br>
2016-07-20 22:09:31.910426 domain_name=Default<br>
2016-07-20 22:09:31.910676 project_domain_name=default<br>
2016-07-20 22:09:31.910866 ***** v3 auth.get_auth_state=<br>
2016-07-20 22:09:31.910992 None<br>
2016-07-20 22:09:31.914053 ***** finished using V3 plugin to authenticate*****<br>
2016-07-20 22:09:31.914100 ***** creating session with auth *****<br>
2016-07-20 22:09:31.922260 ***** congress.get_keystone_session END*****<br>
2016-07-20 22:09:31.922542 ***** regtion_name= RegionOne<br>
2016-07-20 22:09:31.922676 ***** calling congress_client.Client(**kwargs)<br>
2016-07-20 22:09:31.922822 ***** congress.congressclient END*****<br>
2016-07-20 22:09:31.922949 ***** calling policies_list =<br>
client.list_policy()*****<br>
2016-07-20 22:09:31.924732 Unable to get policies list: Cannot<br>
authorize API client.<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div>