[openstack-dev] [keystone] Help consuming trusts
Steven Hardy
shardy at redhat.com
Sat Aug 17 12:18:30 UTC 2013
On Fri, Aug 16, 2013 at 11:42:52AM -0400, Steve Martinelli wrote:
>
> Hi Steven,
>
> You can look at the unit tests being run.
> https://github.com/openstack/keystone/blob/master/keystone/tests/test_v3_auth.py#L1782
>
> It looks like you need to provide the trustee uname/password and the trust
> id. Keep digging into 'build_authentication_request" to see how it's
> structured, then it's just a call to /auth/tokens.
Thanks for the pointers, I've looked at the tests, and it seems like most
of them are error path tests, I'm not sure which one demonstrates a
successful response from the v3 /auth/tokens with a trust ID specified in
the scope section of the request?
I've raised two bugs related to this issue:
https://bugs.launchpad.net/keystone/+bug/1213340
https://bugs.launchpad.net/keystone/+bug/1212778
The latter was discussed on IRC yesterday and I've tested the fix and the
500 error is fixed, but now I get the same 401 response for both token and
username/password requests. If I don't specify a trust ID in the request,
I get a token back without any problem.
It may be that there is an issue with my keystoneclient patch:
https://review.openstack.org/#/c/39899/
However, despite looking carefully at the requests generated, I can't spot
any problem, the requests appear to match the required format in the API
docs AFAICS:
https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-trust-ext.md#consuming-a-trust-with-post-authtokens
There are reproducers on each of the bugs above, showing the failure in
both token and password methods, if anyone has time to take a look and help
me figure out the next step, that would be much appreciated as atm I'm a
bit stumped!
Thanks!
Steve
More information about the OpenStack-dev
mailing list