Strange behaviour of OSC in keystone MFA context

Sean Mooney smooney at redhat.com
Tue Jan 26 19:00:57 UTC 2021


On Tue, 2021-01-26 at 17:46 +0000, Taltavull Jean-Francois wrote:
> Hello,
> 
> I'm experiencing the following strange behavior of openstack CLI with os-auth-methods option (most parameters are defined in clouds.yaml):
> 
> $ openstack token issue --os-auth-type v3multifactor --os-auth-methods password,totp
> 
--os-auth-methods does not appear to be a standard part of osc
infact i cant find it in any openstack repo with 

i think this is the implemtaions 
https://opendev.org/openstack/keystoneauth/src/branch/master/keystoneauth1/loading/_plugins/identity/v3.py#L303-L340

this presumable is where it generates teh optins 

  options.extend([
            loading.Opt(
                'auth_methods',
                required=True,
                help="Methods to authenticate with."),
        ])


if i do openstack help --os-auth-type v3multifactor it does show up with the following text

--os-auth-methods <auth-auth-methods>
                        With v3multifactor: Methods to authenticate with. (Env: OS_AUTH_METHODS)

that does not say much but

https://opendev.org/openstack/keystoneauth/src/branch/master/keystoneauth1/tests/unit/identity/test_identity_v3.py#L762-L800
implies its a list

with that said there are no test for multifactor as far as i can see like this one 
https://opendev.org/openstack/python-openstackclient/src/branch/master/openstackclient/tests/functional/common/test_args.py#L66-L79

there also does not seam too be a release note declaring support.

so while keystone auth support multi factor im not sure that osc actully does

i specpec that the fild type is not correct and it is indeed been parsed as a string instead of a list of stirng field.
it might be fixable via keystoneauth but  it proably need osc support and testing.

> The plugin p could not be found
> 
> Note that "p" is the first letter of "password". It looks like the option parser handled "password,totp" as a string instead of as a list of strings.
> 
> Version of openstack CLI is 5.4.0.
> 
> Any idea ?
> 
> Thanks !
> 
> Jean-François
> 
> 





More information about the openstack-discuss mailing list