[openstack-dev] [Keystone][Mistral][Devstack] Confusion between auth_url and auth_uri in keystone middleware
mfedosin at gmail.com
Wed Jun 21 09:12:46 UTC 2017
Thanks for your help folks!
I proposed a patch for mistral and it seems it works now
I'm not a great expert on this issue, so it will be great if someone from
keystone team could review the patch.
On Wed, Jun 21, 2017 at 4:15 AM, Jamie Lennox <jamielennox at gmail.com> wrote:
> On 16 June 2017 at 00:44, Mikhail Fedosin <mfedosin at gmail.com> wrote:
>> Thanks György!
>> On Thu, Jun 15, 2017 at 1:55 PM, Gyorgy Szombathelyi <
>> gyorgy.szombathelyi at doclerholding.com> wrote:
>>> Hi Mikhail,
>>> (I'm not from the Keystone team, but did some patches for using
>>> > 2. Even if auth_url is set, it can't be used later, because it is not
>>> registered in
>>> > oslo_config 
>>> auth_url is actually a dynamic parameter and depends on the keystone
>>> auth plugin used
>>> (auth_type=xxx). The plugin which needs this parameter, registers it.
>> Based on this http://paste.openstack.org/show/612664/ I would say that
>> the plugin doesn't register it :(
>> It either can be a bug, or it was done intentionally, I don't know.
>>> > So I would like to get an advise from keystone team and understand
>>> what I
>>> > should do in such cases. Official documentation doesn't add clarity on
>>> > matter because it recommends to use auth_uri in some cases and
>>> auth_url in
>>> > others.
>>> > My suggestion is to add auth_url in the list of keystone authtoken
>>> > middleware config options, so that the parameter can be used by the
>>> Yepp, this makes some confusion, but adding auth_url will make a clash
>>> most (all?) authentication plugins. auth_url can be considered as an
>>> option for the keystoneauth1 modules, and not used by anything else (like
>>> the keystonemiddleware itself). However if there would be a more elagant
>>> solution, I would also hear about it.
>>> > Best,
>>> > Mike
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: OpenStack-dev-request at lists.op
>> My final thought that we have to use both (auth_url and auth_uri) options
>> in mistral config, which looks ugly, but necessary.
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib
> I feel like the question has been answered in the thread, but as i'm
> largely responsible for this I thought i'd pipe up here.
> It's annoying and unfortunate that auth_uri and auth_url look so similar.
> They've actually existed for some time side by side and ended up like that
> out of evolution rather that any thought. Interestingly the first result
> for auth_uri in google is . I'd be happy to rename it for something else
> if we can agree on what.
> Regarding your paste (and the reason i popped up), i would consider this a
> bug in mistral. The auth options aren't registered into oslo.config until
> just before the plugin is loaded because depending on what you put in for
> auth_type the options may be different. In practice pretty much every
> plugin has an auth_url, but mistral shouldn't be assuming anything about
> the structure of [keystone_authtoken]. That's the sole responsibility of
> keystonemiddleware and it does change over time.
>  https://adam.younglogic.com/2016/06/auth_uri-vs-auth_url/
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev