Reverting default keystone API to v2.0

Although keystone v2 has been deprecated, no services use v3 for authorization. So passing a v3 token_id to other services results in authorization errors. If the user logs into a domain other than "default" the user see only unauthorized errors. Currently, when logging into the "default" domain these authorization errors do not occur merely because of a bug in keystone that does not validate the token version. This will likely change some time in the non-distant future. Setting the keystone API version to v2.0 is the safest path for now. Not doing a full revert because the rest of the fixes the previous patch were valid and required. Closes-Bug: #1294396 Change-Id: I3583e729b5a006f9b7f5cbbe3388908c15de39ae
2014-03-18 17:23:23 -06:00
parent aa79d1ad05
commit 7ff623638d
1 changed files with 1 additions and 1 deletions
--- a/openstack_auth/utils.py
+++ b/openstack_auth/utils.py
@@ -141,7 +141,7 @@ def is_safe_url(url, host=None):
 # Helper for figuring out keystone version
 # Implementation will change when API version discovery is available
 def get_keystone_version():
-    return getattr(settings, 'OPENSTACK_API_VERSIONS', {}).get('identity', 3)
+    return getattr(settings, 'OPENSTACK_API_VERSIONS', {}).get('identity', 2.0)


 def get_keystone_client():