Hi Aimee, Thanks for the investigation.
I remember testing congress client with V3 password based authentication , which worked fine .. but never tested with token based . Please go ahead and fix it , if you think there is any issue . On 22-Jul-2016 9:38 PM, "Aimee Ukasick" <aimeeu.opensou...@gmail.com> wrote: > All - I made the change to the auth_url that Anusha suggested. > Same problem as before " Cannot authorize API client" > 2016-07-22 14:13:50.835861 ***** calling policies_list = > client.list_policy()***** > 2016-07-22 14:13:50.836062 Unable to get policies list: Cannot > authorize API client. > > I used the token from the log output to query the Congress API with > the keystone v3 token - no issues. > curl -X GET -H "X-Auth-Token: 18ec54ac811b49aa8265c3d535ba0095" -H > "Cache-Control: no-cache" "http://192.168.56.103:1789/v1/policies"; > > So I really think the problem is that the python-congressclient > doesn't support identity v3. > I thought it did, but then I came across this: > "support keystone v3 api and session based authentication " > https://bugs.launchpad.net/python-congressclient/+bug/1564361 > This is currently assigned to Anusha. > I'd like to start work on it since I am becoming familiar with keystone v3. > > Thoughts? > > aimee > > > > > On Fri, Jul 22, 2016 at 8:07 AM, Aimee Ukasick > <aimeeu.opensou...@gmail.com> wrote: > > Thanks Anusha! I will retest this today. I guess I need to learn more > > about Horizon as well - thanks for pointing me in the right direction. > > > > aimee > > > > > > > > On Fri, Jul 22, 2016 at 6:30 AM, Anusha Ramineni <anusha.ii...@gmail.com> > wrote: > >> Hi Aimee, > >> > >> I think devstack by default configured horizon to use v3 . > >> For V2 authentication, from the logs , auth_url doesn't seem to be set > >> explicitly to v2 auth_url . > >> > >> I have always set explicit v2 auth which worked fine. > >> For eg:- auth_url = 'http://<host-ip>:5000/v2.0' , for V2 > authentication > >> > >> I have raised a patch, to take the auth_url from horizon settings > instead of > >> from request. > >> https://review.openstack.org/#/c/345828/1 > >> > >> Please set explict v2 auth_url as mentioned above in > OPENSTACK_KESYTONE_URL > >> in <horizon>/openstack_dashboard/local/local_settings.py and restart > apache2 > >> server . Then v2 authentication should go through fine. > >> > >> For v3 , need to add relevant code for v3 authentication in > contrib/horizon > >> as presently it is hardcoded to use only v2. but yes, the code from > plugin > >> model patch is still a WIP , so doesn't work for v3 authentication I > guess > >> I'll have a look at it and let you know . > >> > >> > >> Best Regards, > >> Anusha > >> > >> On 21 July 2016 at 21:56, Tim Hinrichs <t...@styra.com> wrote: > >>> > >>> So clearly an authentication problem then. > >>> > >>> Anusha, do you have any ideas? (Aimee, I think Anusha has worked with > >>> Keystone authentication most recently, so she's your best bet.) > >>> > >>> Tim > >>> > >>> On Thu, Jul 21, 2016 at 8:59 AM Aimee Ukasick > >>> <aimeeu.opensou...@gmail.com> wrote: > >>>> > >>>> The Policy/Data Sources web page throws the same errors. I am > >>>> planning to recheck direct API calls using v3 auth today or tomorrow. > >>>> > >>>> aimee > >>>> > >>>> On Thu, Jul 21, 2016 at 10:49 AM, Tim Hinrichs <t...@styra.com> wrote: > >>>> > Hi Aimee, > >>>> > > >>>> > Do the other APIs work? That is, is it a general problem > >>>> > authenticating, or > >>>> > is the problem limited to list_policies? > >>>> > > >>>> > Tim > >>>> > > >>>> > On Wed, Jul 20, 2016 at 3:54 PM Aimee Ukasick > >>>> > <aimeeu.opensou...@gmail.com> > >>>> > wrote: > >>>> >> > >>>> >> Hi all, > >>>> >> > >>>> >> I've been working on Policy UI (Horizon): Unable to get policies > >>>> >> list (devstack) (https://bugs.launchpad.net/congress/+bug/1602837) > >>>> >> for the past 3 days. Anusha is correct - it's an authentication > >>>> >> problem, but I have not been able to fix it. > >>>> >> > >>>> >> I grabbed the relevant code in congress.py from Anusha's horizon > >>>> >> plugin model patchset (https://review.openstack.org/#/c/305063/3) > and > >>>> >> added try/catch blocks, logging statements (with error because I > >>>> >> haven't figured out how to set the horizon log level). > >>>> >> > >>>> >> > >>>> >> I am testing the code on devstack, which I cloned on 19 July 2016. > >>>> >> > >>>> >> With both v2 and v3 auth, congressclient.v1.client is created. > >>>> >> The failure happens trying to call > >>>> >> congressclient.v1.client.Client.list_policies(). > >>>> >> When using v2 auth, the error message is "Unable to get policies > list: > >>>> >> The resource could not be found" > >>>> >> When using v3 auth, the error message is "Cannot authorize API > client" > >>>> >> > >>>> >> I am assuming that congressclient.v1.client.Client is > >>>> >> > >>>> >> > >>>> >> > https://github.com/openstack/python-congressclient/blob/master/congressclient/v1/client.py > >>>> >> and that client.list_policy() calls list_policy()in the > >>>> >> python-congressclient > >>>> >> which in turn calls the Congress API. Is this correct? > >>>> >> > >>>> >> Any ideas why with v3 auth, the python-congressclient cannot > authorize > >>>> >> the > >>>> >> call to the API? > >>>> >> > >>>> >> I looked at other horizon plugin models (ceilometer, neutron, nova, > >>>> >> cerberus, cloudkitty, trove, designate, manila) to see how they > >>>> >> created > >>>> >> the client. While the code to create a client is not identical, > >>>> >> it is vastly different from the code to create a client > >>>> >> in contrib/horizon/congress.py. > >>>> >> > >>>> >> Thanks in advance for any pointers. > >>>> >> > >>>> >> aimee > >>>> >> > >>>> >> Aimee Ukasick (aimeeu) > >>>> >> > >>>> >> v2 log: > >>>> >> 2016-07-20 22:13:56.501455 > >>>> >> 2016-07-20 22:14:30.238233 ***** view.get_data calling policies = > >>>> >> congress.policies_list(self.request) ***** > >>>> >> 2016-07-20 22:14:30.238318 ***** self.request.path= > >>>> >> /dashboard/admin/policies/ > >>>> >> 2016-07-20 22:14:30.238352 ***** congress.policies_list(request) > >>>> >> BEGIN***** > >>>> >> 2016-07-20 22:14:30.238376 ***** calling client = > >>>> >> congressclient(request)***** > >>>> >> 2016-07-20 22:14:30.238399 ***** congress.congressclient BEGIN***** > >>>> >> 2016-07-20 22:14:30.238454 ***** auth_url= > >>>> >> http://192.168.56.103/identity > >>>> >> 2016-07-20 22:14:30.238479 ***** calling get_keystone_session ***** > >>>> >> 2016-07-20 22:14:30.238505 ***** congress.get_keystone_session > BEGIN > >>>> >> auth_url *****http://192.168.56.103/identity > >>>> >> 2016-07-20 22:14:30.238554 ***** path= /identity > >>>> >> 2016-07-20 22:14:30.238578 ***** using V2 plugin to > authenticate***** > >>>> >> 2016-07-20 22:14:30.238630 ***** v2 auth.get_auth_state= > >>>> >> 2016-07-20 22:14:30.238656 None > >>>> >> 2016-07-20 22:14:30.238677 ***** finished using V2 plugin to > >>>> >> authenticate***** > >>>> >> 2016-07-20 22:14:30.238698 ***** creating session with auth ***** > >>>> >> 2016-07-20 22:14:30.244407 ***** congress.get_keystone_session > >>>> >> END***** > >>>> >> 2016-07-20 22:14:30.244462 ***** regtion_name= RegionOne > >>>> >> 2016-07-20 22:14:30.244491 ***** calling > >>>> >> congress_client.Client(**kwargs) > >>>> >> 2016-07-20 22:14:30.247830 ***** congress.congressclient END***** > >>>> >> 2016-07-20 22:14:30.247902 ***** calling policies_list = > >>>> >> client.list_policy()***** > >>>> >> 2016-07-20 22:14:30.248012 DEBUG:keystoneauth.identity.v2:Making > >>>> >> authentication request to http://192.168.56.103/identity/tokens > >>>> >> 2016-07-20 22:14:30.255023 DEBUG:keystoneauth.session:Request > returned > >>>> >> failure status: 404 > >>>> >> 2016-07-20 22:14:30.257546 Unable to get policies list: The > resource > >>>> >> could not be found. > >>>> >> > >>>> >> > >>>> >> v3 log: > >>>> >> 2016-07-20 22:09:22.912969 > >>>> >> 2016-07-20 22:09:31.907119 ***** view.get_data calling policies = > >>>> >> congress.policies_list(self.request) ***** > >>>> >> 2016-07-20 22:09:31.907973 ***** self.request.path= > >>>> >> /dashboard/admin/policies/ > >>>> >> 2016-07-20 22:09:31.908122 ***** congress.policies_list(request) > >>>> >> BEGIN***** > >>>> >> 2016-07-20 22:09:31.908250 ***** calling client = > >>>> >> congressclient(request)***** > >>>> >> 2016-07-20 22:09:31.908386 ***** congress.congressclient BEGIN***** > >>>> >> 2016-07-20 22:09:31.909034 ***** auth_url= > >>>> >> http://192.168.56.103/identity > >>>> >> 2016-07-20 22:09:31.909217 ***** calling get_keystone_session ***** > >>>> >> 2016-07-20 22:09:31.909356 ***** congress.get_keystone_session > BEGIN > >>>> >> auth_url *****http://192.168.56.103/identity > >>>> >> 2016-07-20 22:09:31.909527 ***** path= /identity > >>>> >> 2016-07-20 22:09:31.909795 ***** using V3 plugin to > authenticate***** > >>>> >> 2016-07-20 22:09:31.910042 auth_url=http://192.168.56.103/identity > >>>> >> 2016-07-20 22:09:31.910175 token=d46339f2d0b5455db54909d6ed95a9cc > >>>> >> 2016-07-20 22:09:31.910301 project_name=alt_demo > >>>> >> 2016-07-20 22:09:31.910426 domain_name=Default > >>>> >> 2016-07-20 22:09:31.910676 project_domain_name=default > >>>> >> 2016-07-20 22:09:31.910866 ***** v3 auth.get_auth_state= > >>>> >> 2016-07-20 22:09:31.910992 None > >>>> >> 2016-07-20 22:09:31.914053 ***** finished using V3 plugin to > >>>> >> authenticate***** > >>>> >> 2016-07-20 22:09:31.914100 ***** creating session with auth ***** > >>>> >> 2016-07-20 22:09:31.922260 ***** congress.get_keystone_session > >>>> >> END***** > >>>> >> 2016-07-20 22:09:31.922542 ***** regtion_name= RegionOne > >>>> >> 2016-07-20 22:09:31.922676 ***** calling > >>>> >> congress_client.Client(**kwargs) > >>>> >> 2016-07-20 22:09:31.922822 ***** congress.congressclient END***** > >>>> >> 2016-07-20 22:09:31.922949 ***** calling policies_list = > >>>> >> client.list_policy()***** > >>>> >> 2016-07-20 22:09:31.924732 Unable to get policies list: Cannot > >>>> >> authorize API client. > >>>> >> > >>>> >> > >>>> >> > __________________________________________________________________________ > >>>> >> OpenStack Development Mailing List (not for usage questions) > >>>> >> Unsubscribe: > >>>> >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >>>> > > >>>> > > >>>> > > >>>> > > __________________________________________________________________________ > >>>> > OpenStack Development Mailing List (not for usage questions) > >>>> > Unsubscribe: > >>>> > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >>>> > > >>>> > >>>> > >>>> > __________________________________________________________________________ > >>>> OpenStack Development Mailing List (not for usage questions) > >>>> Unsubscribe: > >>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >>> > >>> > >>> > __________________________________________________________________________ > >>> OpenStack Development Mailing List (not for usage questions) > >>> Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >>> > >> > >> > >> > __________________________________________________________________________ > >> OpenStack Development Mailing List (not for usage questions) > >> Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
