Inject /v3 in token path for v3 plugins
Without this, it's possible to get HTTP 404 errors from keystone if OS_AUTH_URL isn't versioned (e.g., https://keystone.example.com/ instead of https://keystone.example.com/v3), even if OS_IDENTITY_API is set to 3. This commit works around this issue by checking the AUTH_URL before building the token_url and appending '/v3' to the URL before sending the request. Closes-Bug: 1876317 Change-Id: Ic75f0c9b36022b884105b87bfe05f4f8292d53b2 (cherry picked from commitad46262148
) (cherry picked from commit3ba2a3acf2
)
This commit is contained in:
parent
1d5f57258a
commit
7d7b9564ba
|
@ -173,9 +173,13 @@ class Auth(BaseAuth):
|
||||||
if self.system_scope == 'all':
|
if self.system_scope == 'all':
|
||||||
body['auth']['scope'] = {'system': {'all': True}}
|
body['auth']['scope'] = {'system': {'all': True}}
|
||||||
|
|
||||||
|
token_url = self.token_url
|
||||||
|
|
||||||
|
if not self.auth_url.rstrip('/').endswith('v3'):
|
||||||
|
token_url = '%s/v3/auth/tokens' % self.auth_url.rstrip('/')
|
||||||
|
|
||||||
# NOTE(jamielennox): we add nocatalog here rather than in token_url
|
# NOTE(jamielennox): we add nocatalog here rather than in token_url
|
||||||
# directly as some federation plugins require the base token_url
|
# directly as some federation plugins require the base token_url
|
||||||
token_url = self.token_url
|
|
||||||
if not self.include_catalog:
|
if not self.include_catalog:
|
||||||
token_url += '?nocatalog'
|
token_url += '?nocatalog'
|
||||||
|
|
||||||
|
|
|
@ -798,3 +798,27 @@ class V3IdentityPlugin(utils.TestCase):
|
||||||
self.assertRequestHeaderEqual("Content-Type", "application/json")
|
self.assertRequestHeaderEqual("Content-Type", "application/json")
|
||||||
self.assertRequestHeaderEqual("Accept", "application/json")
|
self.assertRequestHeaderEqual("Accept", "application/json")
|
||||||
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
|
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
|
||||||
|
|
||||||
|
def test_authenticate_with_unversioned_endpoint(self):
|
||||||
|
self.stub_auth(json=self.TEST_RESPONSE_DICT)
|
||||||
|
# We use the root url here because it doesn't reference the API version
|
||||||
|
# (e.g., '/v3'). We want to make sure the authentication plugin handles
|
||||||
|
# this and appends /v3 if it's not present.
|
||||||
|
a = v3.Password(self.TEST_ROOT_URL,
|
||||||
|
username=self.TEST_USER,
|
||||||
|
password=self.TEST_PASS)
|
||||||
|
self.assertFalse(a.has_scope_parameters)
|
||||||
|
s = session.Session(auth=a)
|
||||||
|
|
||||||
|
self.assertEqual({'X-Auth-Token': self.TEST_TOKEN},
|
||||||
|
s.get_auth_headers())
|
||||||
|
|
||||||
|
req = {'auth': {'identity':
|
||||||
|
{'methods': ['password'],
|
||||||
|
'password': {'user': {'name': self.TEST_USER,
|
||||||
|
'password': self.TEST_PASS}}}}}
|
||||||
|
|
||||||
|
self.assertRequestBodyIs(json=req)
|
||||||
|
self.assertRequestHeaderEqual('Content-Type', 'application/json')
|
||||||
|
self.assertRequestHeaderEqual('Accept', 'application/json')
|
||||||
|
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[`bug 1876317 <https://bugs.launchpad.net/keystoneauth/+bug/1876317>`_]
|
||||||
|
The v3 authentication plugins now attempt to add /v3 to the token path if
|
||||||
|
it's not present on the authentication URL.
|
Loading…
Reference in New Issue