openstack/python-keystoneclient
Code Issues Proposed changes

auth_uri (public ep) should not default to auth_* values (admin ep)

Browse Source 
Fixes bug 1207517 by logging a warning when auth_uri (which should point
to the public identity endpoint) falls back on auth_* values (which
should point to the admin identity endpoint).

Change-Id: I2b051ae10197206f6954672f22e5bff32e3f6c2a
This commit is contained in:
Dolph Mathews
2013-08-01 15:53:51 -05:00
committed by Gerrit Code Review
parent 5c6378c29c
commit 734ef6eb83
1 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
keystoneclient/middleware/auth_token.py
View File

@@ -197,24 +197,26 @@ if not CONF:
opts = [ opts = [
cfg.StrOpt('auth_admin_prefix', cfg.StrOpt('auth_admin_prefix',
default='', default='',
help='Prefix to prepend at the begining of the URL'), help='Prefix to prepend at the beginning of the path'),
cfg.StrOpt('auth_host', cfg.StrOpt('auth_host',
default='127.0.0.1', default='127.0.0.1',
help='Host providing the public Identity API endpoint'), help='Host providing the admin Identity API endpoint'),
cfg.IntOpt('auth_port', cfg.IntOpt('auth_port',
default=35357, default=35357,
help='Port of the public Identity API endpoint'), help='Port of the admin Identity API endpoint'),
cfg.StrOpt('auth_protocol', cfg.StrOpt('auth_protocol',
default='https', default='https',
help='Protocol of the public Identity API endpoint' help='Protocol of the admin Identity API endpoint'
'(http or https)'), '(http or https)'),
cfg.StrOpt('auth_uri', cfg.StrOpt('auth_uri',
default=None, default=None,
help='(optional) Complete public Identity API endpoint;' # FIXME(dolph): should be default='http://127.0.0.1:5000/v2.0/',
' defaults to auth_protocol://auth_host:auth_port'), # or (depending on client support) an unversioned, publicly
# accessible identity endpoint (see bug 1207517)
help='Complete public Identity API endpoint'),
cfg.StrOpt('auth_version', cfg.StrOpt('auth_version',
default=None, default=None,
help='API version of the public Identity API endpoint'), help='API version of the admin Identity API endpoint'),
cfg.BoolOpt('delay_auth_decision', cfg.BoolOpt('delay_auth_decision',
default=False, default=False,
help='Do not handle authorization requests within the' help='Do not handle authorization requests within the'
@@ -360,6 +362,13 @@ class AuthProtocol(object):
self.auth_admin_prefix = self._conf_get('auth_admin_prefix') self.auth_admin_prefix = self._conf_get('auth_admin_prefix')
self.auth_uri = self._conf_get('auth_uri') self.auth_uri = self._conf_get('auth_uri')
if self.auth_uri is None: if self.auth_uri is None:
self.LOG.warning(
'Configuring auth_uri to point to the public identity '
'endpoint is required; clients may not be able to '
'authenticate against an admin endpoint')
# FIXME(dolph): drop support for this fallback behavior as
# documented in bug 1207517
self.auth_uri = '%s://%s:%s' % (self.auth_protocol, self.auth_uri = '%s://%s:%s' % (self.auth_protocol,
self.auth_host, self.auth_host,
self.auth_port) self.auth_port)