[openstack-dev] [Keystone][Mistral][Devstack] Confusion between auth_url and auth_uri in keystone middleware

Harry Rybacki hrybacki at redhat.com
Thu Jun 15 18:12:56 UTC 2017


On Thu, Jun 15, 2017 at 1:57 PM, Brant Knudson <blk at acm.org> wrote:
>
>
> On Thu, Jun 15, 2017 at 5:14 AM, Mikhail Fedosin <mfedosin at gmail.com> wrote:
>>
>> Recently I decided to remove deprecated parameters from keystone_authtoken
>> mistral config and replace them with recommended function of devstack [1].
>> In doing so, I discovered a strange behavior of configuration mechanism, and
>> specifically parameters auth_uri and auth_url.
>>
>> 1. The parameter auth_url is not included in the list of the middleware
>> parameters, there is auth_uri only [2]. Nevertheless, it must be present,
>> because it's required by identity plugin [3]. Attempts to remove or replace
>> it with the recommended auth_uri result with these stacktraces [4]
>>
>> 2. Even if auth_url is set, it can't be used later, because it is not
>> registered in oslo_config [5]
>>
>> So I would like to get an advise from keystone team and understand what I
>> should do in such cases. Official documentation doesn't add clarity on the
>> matter because it recommends to use auth_uri in some cases and auth_url in
>> others.
>
>
> While to a human auth_uri and auth_url might look very similar they're
> treated completely differently by auth_token / keystoneauth. One doesn't
> replace the other in any way. So it shouldn't be surprising that
> documentation would say to use auth_uri for one thing and auth_url for
> something else.
>
In this case it's probably worth filing a docs bug against Keystone.
If one person is confused by this, others likely are or will be.

- Harry

>  - Brant
>
>
>>
>> My suggestion is to add auth_url in the list of keystone authtoken
>> middleware config options, so that the parameter can be used by the others.
>>
>> Best,
>> Mike
>>
>> [1] https://review.openstack.org/#/c/473796/
>> [2]
>> https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/_opts.py#L31
>> [3]
>> https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/identity.py#L37
>> [4] http://paste.openstack.org/show/612662/
>> [5] http://paste.openstack.org/show/612664/
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list