Avoid appending duplicate '/v3' to Keystone endpoint URL in Heat to resolve authorization failures.

Heat incorrectly appends /v3 to the Keystone endpoint URL, leading to a malformed URL when the version is already present. This results in communication failures during Kubernetes cluster creation with Magnum, causing authorization errors in the Heat stack due to the duplicate /v3. The issue is tied to the server_keystone_endpoint_type setting in heat.conf and specifically occurs when the Keystone URL already ends with /v3. Story: [2011252](https://storyboard.openstack.org/#!/story/2011252) Task: [51247](https://storyboard.openstack.org/#!/task/51247) Change-Id: Ib05000ef0efcbf294a73c4a11a3a355c602b54d0
2024-11-02 19:23:39 +05:30
parent dbc298b4cc
commit c79e1dbe19
1 changed files with 6 additions and 2 deletions
--- a/heat/engine/clients/os/keystone/heat_keystoneclient.py
+++ b/heat/engine/clients/os/keystone/heat_keystoneclient.py
@@ -605,8 +605,12 @@ class KsClientWrapper(object):
                                service_type='identity',
                                interface=ks_endpoint_type))
                        if len(unversioned_sc_auth_uri) > 0:
-                            sc_auth_uri = (
-                                unversioned_sc_auth_uri[0] + "/v3")
+                            trimmed_unversioned_sc_auth_uri = unversioned_sc_auth_uri[0].rstrip('/')
+                            last_element = trimmed_unversioned_sc_auth_uri.split("/")[-1]
+                            if last_element != "v3":
+                                sc_auth_uri = trimmed_unversioned_sc_auth_uri + "/v3"
+                            else:
+                                sc_auth_uri = trimmed_unversioned_sc_auth_uri
                            return sc_auth_uri
                except ks_exception.Unauthorized:
                    LOG.error("Keystone client authentication failed")