[openstack-dev] [keystone] keystoneauth1 3.0.0 broken keystonemiddleware

Lance Bragstad lbragstad at gmail.com
Fri Jul 21 22:14:31 UTC 2017

After a little head scratching and a Pantera playlist later, we ended up
figuring out the main causes. The failures can be found in the gate [0].
The two failures are detailed below:

1.) Keystoneauth version 3.0.0 added a lot of functionality and might
return a different url depending on discovery. Keystonemiddleware use to
be able to mock urls to keystone in this case because keystoneauth
didn't modify the url in between. Keystonemiddleware didn't know how to
deal with the new url and the result was a Mock failure. This is
something that we can fix in keystonemiddleware once we have a version
of keystoneauth that covers all discovery cases and does the right
thing. NOTE: If you're mocking requests to keystone and using
keystoneauth somewhere in your project's tests, you'll have to deal with
this. More on that below.

2.) The other set of failures were because keystoneauth wasn't expecting
a URL without a path [1], causing an index error. I tested the fix [2]
against keystonemiddleware and it seems to take care of the issue. Eric
is working on a fix. Once that patch is fully tested and vetted we'll
roll another keystoneauth release (3.0.1) and use that to test
keystonemiddleware to handle the mocking issues described in #1. From
there we should be able to safely bump the minimum version to 3.0.1, and
avoid 3.0.0 all together.

Let me know if you see anything else suspicious with respect to
keystoneauth. Thanks!

[2] https://review.openstack.org/#/c/486231/1

On 07/21/2017 04:43 PM, Lance Bragstad wrote:
> The patch to blacklist version 3.0.0 is working through the moment [0].
> We also have a WIP patch proposed to handled the cases exposed by
> keystonemiddleware [1].
> [0] https://review.openstack.org/#/c/486223/
> [1] https://review.openstack.org/#/c/486231/
> On 07/21/2017 03:58 PM, Lance Bragstad wrote:
>> We have a patch up to blacklist version 3.0.0 from global-requirements
>> [0]. We're also going to hold bumping the minimum version of
>> keystoneauth until we have things back to normal [1].
>> [0] https://review.openstack.org/#/c/486223/
>> [1] https://review.openstack.org/#/c/486160/1
>> On 07/21/2017 03:00 PM, Lance Bragstad wrote:
>>> I started noticing some trivial changes failing in the
>>> keystonemiddleware gate [0]. The failures are in tests that use the
>>> keystoneauth1 library (8 tests are failing by my count), which we
>>> released a new version of yesterday [1]. I've proposed a patch to
>>> blacklist keystoneauth1 3.0.0 from keystonemiddleware until we can
>>> figure out what happened [2]. Status is being tracked in a bug against
>>> keystonemiddleware [3], but might need to be broadened if these changes
>>> are affecting other projects.
>>> I'll be in -keystone working through some of the issues if you need me.
>>> Thanks,
>>> Lance
>>> [0] https://review.openstack.org/#/c/486184/
>>> [1] http://lists.openstack.org/pipermail/openstack-dev/2017-July/119969.html
>>> [2] https://review.openstack.org/#/c/486213/
>>> [3] https://bugs.launchpad.net/keystonemiddleware/+bug/1705770

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170721/8bb3c374/attachment.sig>

More information about the OpenStack-dev mailing list