OpenStack Heat

ec2token filter should use keystone_authtoken conf section

Bug #1229674 reported by Steven Hardy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
High
Steven Hardy
OpenStack Heat 2013.2 "havana"

Bug Description

The ec2token middleware defines it's own config section:

[ec2authtoken]
#auth_uri=<None>
#multi_cloud=false
#allowed_auth_uris=

However the auth_uri is duplicated with that which may be specified via the keystone_authtoken section (used by the keystoneclient authtoken middleware which we use, and also by heat_keystoneclient)

This duplication is made worse by the fact that when you only specify auth_uri in keystone_authtoken, the Ec2Token filter silently fails, because it doesn't detect that auth_uri is None before calling _conf_get_keystone_ec2_uri

So we should allow reading keystone_authtoken for auth_uri if it's not specified in ec2authtoken, and ensure an appropriate error log is generated if no auth_uri is specified anywhere.

Steven Hardy (shardy)
Changed in heat:
status: New → Triaged
milestone: none → havana-rc1
importance: Undecided → High
assignee: nobody → Steven Hardy (shardy)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/48067

Changed in heat:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/48068

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/48067
Committed: http://github.com/openstack/heat/commit/1fdcc087b4110480bcb3817f298ddcd839fbbc67
Submitter: Jenkins
Branch: master

commit 1fdcc087b4110480bcb3817f298ddcd839fbbc67
Author: Steven Hardy <email address hidden>
Date: Tue Sep 24 12:38:54 2013 +0100

    api ec2token: Clear failure when no auth_uri specified

    Currently if the CFN API is misconfigured, such that no auth_uri
    is set in the config, we silently fail because we don't detect that
    auth_uri==None in the code. Instead catch this situation and assert
    that the service is misconfigured via a 500 response.

    Change-Id: I47a385aa6a34fe3133de00cf2b18fec6a4f6645a
    Partial-Bug: #1229674

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/48068
Committed: http://github.com/openstack/heat/commit/850e2ed240e60e18a26a9dc36655278a40dadd8b
Submitter: Jenkins
Branch: master

commit 850e2ed240e60e18a26a9dc36655278a40dadd8b
Author: Steven Hardy <email address hidden>
Date: Tue Sep 24 15:37:49 2013 +0100

    api ec2token: allow auth_uri conf to be set via keystone_authtoken

    We already require the keystone_authtoken heat.conf section for the
    auth_token middleware, and heat_keystoneclient.py. So this patch
    allows us to reuse the auth_uri specified in that section instead
    of requiring a duplicate auth_uri to be specified in [ec2authtoken]

    Change-Id: Ic5efafb7743aeddca990a4c560b423293108e1e0
    Closes-Bug: #1229674

Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in heat:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: havana-rc1 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.