Create OAUTH request token gives 401 error when request url is admin endpoint
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Committed
|
Medium
|
Hemanth Nakkina | ||
Newton |
Won't Fix
|
High
|
Lance Bragstad | ||
Ocata |
Won't Fix
|
High
|
Lance Bragstad | ||
python-keystoneclient |
Won't Fix
|
Undecided
|
xuhaigang |
Bug Description
Create request token API returns 401 error when the request URL is admin endpoint.
Error scenario:
URL used to generate OAUTH signature and for POST request is Keystone admin endpoint
http://<keystone ip:port>
Working scenario:
When the URL used to generate OAUTH signature is public endpoint, then the response is 201.
http://<keystone ip:port>
Endpoints in devstack for identity:
ocata@ocata-
| 549f73e17b0e471
| 739cda51666f4ab
| a0eb39c0ecff46c
Steps to reproduce the problem:
Run the python script in the below link (by changing the necessary credentials and IP address)
https:/
If #L38 is modified to public endpoint (http://<keystone ip:port>
Seems like Keystone code verifies the OAUTH signature using Public endpoint irrespective of the request URL.
no longer affects: | python-keystoneclient (Ubuntu) |
Changed in python-keystoneclient: | |
assignee: | xuhaigang (rocky0722) → Hemanth Nakkina (hemanth-n) |
Changed in python-keystoneclient: | |
assignee: | Hemanth Nakkina (hemanth-n) → xuhaigang (rocky0722) |
Changed in keystone: | |
status: | In Progress → Fix Committed |
milestone: | none → pike-3 |
Changed in python-keystoneclient: | |
status: | In Progress → Won't Fix |
This bug fix will affect Python keystoneclient as in the current version 'openstack request token create' always uses Public endpoint during OAUTH signature irrespective of --os-interface specified.