Change path logic when openstack identity prefix is 'v2.0' #361
Conversation
lib/fog/identity/openstack.rb
Outdated
| @@ -69,7 +69,10 @@ def initialize(options = {}) | |||
|
|
|||
| authenticate | |||
|
|
|||
| if options[:openstack_identity_prefix] | |||
| case options[:openstack_identity_prefix] | |||
There was a problem hiding this comment.
Use the return of the conditional for variable assignment and comparison.
|
ping @Ladas |
|
@alexander-demichev can you find the exact place setting the '/v3' ? We might need to find a more generic fix. Also this breaks a lot of specs it seems. |
|
@alexander-demichev the problem might be here https://github.com/alexander-demichev/fog-openstack/blob/c307ead493ca1d1b68cfdf1f15b53f505fdc6eef/lib/fog/identity/openstack.rb#L26, where we decide if we should build V2 or V3 service |
|
@Ladas So overcloud allows me to use both v2 and v3 for Identity service. Provider is added to MiQ with keystone v2, created fog object is v2 and path is anyway set to |
alexander-demicev
force-pushed
the
fix-path
branch
from
c307ead
to
f0c3c2c
Compare
|
@petrblaho @aufi Hi, can you test this? |
| @@ -73,6 +73,8 @@ def initialize(options = {}) | |||
| @path = "/#{options[:openstack_identity_prefix]}/#{@path}" | |||
| end | |||
|
|
|||
| @path = "/#{options[:openstack_identity_prefix]}/" if options[:openstack_identity_prefix] == "v2.0" | |||
There was a problem hiding this comment.
This change doesn't look good to me, when there is "v2.0" prefix, then path is dropped. Could you test some API calls (or ManageIQ refresh) first?
There was a problem hiding this comment.
Yes, you're right it should actually be:
@path = "/#{options[:openstack_identity_prefix]}/#{@path}" if options[:openstack_identity_prefix] == "v2.0"
There was a problem hiding this comment.
The first version is wrong, but that proposed fix seems to make the line identical to the conditional above-- @path = "/#{options[:openstack_identity_prefix]}/#{@path}"
|
@alexander-demichev, first off, thanks for tracking that one. Effectively v2.0 needs to be added to the path when using Identity version 2. We got used to it because that was the default. I confirm this works (with above fix), meanwhile per @Ladas comment to make it more generic, the equivalent should be added to V2 class, for instance: index 6529a93..df74d84 100644
--- a/lib/fog/identity/openstack/v2.rb
+++ b/lib/fog/identity/openstack/v2.rb
@@ -169,6 +169,11 @@ module Fog
end
class Real < Fog::Identity::OpenStack::Real
+ def initialize(options)
+ options[:openstack_identity_prefix] = 'v2.0' unless options[:openstack_identity_prefix]
+ super
+ end
+
private
def default_service_type(_) |
|
@gildub Hi, thanks for review. I tried solution from previous comment, it's not working for me. |
|
@alexander-demichev, hmm I've tested against OSP12 (Pike), not OSP11 because the issue is the same! Ok, so you're using code from #361 (comment), could you please provide the request details (path) you're obtaining? |
|
@gildub Hi, it works for me on OSP 12, and doesn't work on OSP 11. After using from your comment path becomes |
|
@alexander-demichev, yes please. |
|
@alexander-demichev, the reason this doesn't work on the osp11 you provided is because the identity endpoint is setup with "v3": {"endpoints"=>
[{"adminURL"=>"http://10.8.196.59:35357/v3",
"region"=>"RegionOne",
"internalURL"=>"http://10.8.196.59:5000/v3",
"id"=>"2c7f39dde4d343668e8a6a202fcfd616",
"publicURL"=>"http://10.8.196.59:5000/v3"}],
"endpoints_links"=>[],
"type"=>"identity",
"name"=>"keystone"}In order to use "v2.0" with such catalog is to change the endpoint to be version-less or provide another service endpoint dedicated to v2. |
|
To clarify, there are always 2 aspects to the Identity, the first one is the authentication part using And combining the 2 is possible, such as authenticating and obtaining a token against Keystone v3 (the default) and interacting with Keystone v2.0. The issue here is that fog-openstack is "guessing" from the URL path the version of the identity for both the authentication and the identity service. Although that's done separately. |
|
@alexander-demichev, I've tried to tackle this one but the outcome is far from ideal, the best result is when identity endpoint doesn't contain the version (like OSP12) because otherwise fog-openstack injects the version in the Alternatively one could consider Keystone v2 obsolete since it has been deprecated and therefore no fog-openstack user/client should be using it, attended fog-openstack could detect the version of OpenStack its dealing with. What do you think? |
|
ping @aufi |
|
@alexander-demichev, a work around is to change OSP11 identity endpoint to be like OSP12 without the verision is the url. Could you please try it? |
|
I'm closing this issue since it's happening because Keystone endpoint is wrongly set-up to "http://10.8.196.59:35357/v3" where it should be "http://10.8.196.59:35357". That said fog-openstack should be able to handle such scenario. The best way to do so would be for the user to be able to use an "endpoint-override" parameter to provide the right endpoint URL. Please let's discuss it (here](#381). Please feel free to re-open and challenge this if you disagree. |
There is an issue on RHOS 11 with identity service and keystone v2, when creating a tenant. Problem is that, path built by fog looks like this
/v2.0//v3, when needed path is/v2.0/. I believe this PR can fix it.I would like to mention this PR #99
P.S. In my case identity prefix comes from MiQ link
ping @aufi