[openstack-dev] [Keystone][Mistral][Devstack] Confusion between auth_url and auth_uri in keystone middleware

Mikhail Fedosin mfedosin at gmail.com
Thu Jun 15 14:44:34 UTC 2017


Thanks György!

On Thu, Jun 15, 2017 at 1:55 PM, Gyorgy Szombathelyi <
gyorgy.szombathelyi at doclerholding.com> wrote:

> Hi Mikhail,
>
> (I'm not from the Keystone team, but did some patches for using
> keystonauth1).
>
> >
> > 2. Even if auth_url is set, it can't be used later, because it is not
> registered in
> > oslo_config [5]
>
> auth_url is actually a dynamic parameter and depends on the keystone auth
> plugin used
> (auth_type=xxx). The plugin which needs this parameter, registers it.
>

Based on this http://paste.openstack.org/show/612664/ I would say that the
plugin doesn't register it :(
It either can be a bug, or it was done intentionally, I don't know.


>
> >
> > So I would like to get an advise from keystone team and understand what I
> > should do in such cases. Official documentation doesn't add clarity on
> the
> > matter because it recommends to use auth_uri in some cases and auth_url
> in
> > others.
> > My suggestion is to add auth_url in the list of keystone authtoken
> > middleware config options, so that the parameter can be used by the
> others.
>
> Yepp, this makes some confusion, but adding auth_url will make a clash with
> most (all?) authentication plugins. auth_url can be considered as an
> 'internal'
> option for the keystoneauth1 modules, and not used by anything else (like
> the keystonemiddleware itself). However if there would be a more elagant
> solution, I would also hear about it.
>
> >
> > Best,
> > Mike
> >
> Br,
> György
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


My final thought that we have to use both (auth_url and auth_uri) options
in mistral config, which looks ugly, but necessary.

Best,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170615/bbd2d71b/attachment.html>


More information about the OpenStack-dev mailing list