In solum, we use glance to store the docker images that we create for an application. We are using glance client internally to upload these images. Till recently, 'glance image-create' with only token has been happily working for us (in devstack). Today started noticing that glance image-create with just token is not working anymore. It is also not working when os-auth-token and os-image-url are passed in. According to the documentation (http://docs.openstack.org/developer/python-glanceclient/), just passing token and image-url should work. It is asking username (and password, if username is specified). But Solum does not have access to enduser's password. So we need the ability to be able to talk with glance without providing password.
I investigated the issue a bit.
It seems to be in this call https://github.com/openstack/python-glanceclient/blob/d4e7f97e3ab8c42dfd544dfa9c1c504f1de4ec05/glanceclient/shell.py#L697 which calls _get_endpoint_and_token. The 'auth_reqd' flag is getting set to 'True' (most likely because the predicates on line 450 and 451 are true).
Note that the first call to _get_endpoint_and_token from the call in line 659 works as expected (i.e. 'auth_reqd' flag is not set to True, so the call returns without asking for username and password)
The reason is that the client try to check whether the action is authentication required everytime.
But now, every action is authentication required according to:
https:/
because every action doesn't have skip_authentication decorator. So I think we should have a discuess about:
1. Is it still need to check authentication required once user supply token and url?
2. If no, this only need a bug to fix.
2. If yes, which kind of action need to be check, and which not? We should add skip_authentication decorator to those who doesn't need check. In this case , I think we need a bp.