Reviewed: https://review.openstack.org/250032
Committed:
https://git.openstack.org/cgit/openstack/keystone/commit/?id=f86448a3113fc594e78d3d9410f44c1f64a9ad58
Submitter: Jenkins
Branch: master
commit f86448a3113fc594e78d3d9410f44c1f64a9ad58
Author: Dave Chen <wei.d.c...@intel.com>
Date: Thu Nov 26 05:39:59 2015 +0800
Ensure endpoints returned is filtered correctly
This patch move some logic to manager layer, so that endpoints
filtered by endpoint_group project association will be included
in catalog when issue a project scoped token and using
`endpoint_filter.sql` as catalog's backend driver.
This make sure that call `list_endpoints_for_project` API has
the same endpoints with that in catalog returned for project
scoped token.
Change-Id: I56f4eb6fc524650677b627295dd4338d55164c39
Closes-Bug: #1516469
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1516469
Title:
endpoints not show correctly when using "endpoint_filter.sql" as
catalog's backend driver
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
If the endpoint group project association was created, and set
"endpoint_filter.sql" as catalog's backend driver. All of the
endpoints associated with the project and match the criterion defined
in the "endpoint group" should be given after a project scoped token
was return.
But currently, those endpoints can *only* be show if using call
`list_endpoints_for_project` API explicitly by CURL but cannot get
back when the project scoped token was issued.
Steps to reproduce this issue.
-Create endpoint group.
$curl -g -i -X POST http://10.239.48.36:5000/v3/OS-EP-
FILTER/endpoint_groups -H "X-Auth-
Token:a85e07129aa54f61a46395543a3146af" -H "Content-Type:
application/json" -d '{"endpoint_group": {"description": "endpoint
group description", "filters": {"interface": "admin"}, "name":
"endpoint_group_name"}}'
- Create endpoint_group project association
$curl -g -i -X PUT http://10.239.48.36:5000/v3/OS-EP-
FILTER/endpoint_groups/ea1af6e153bf4b87a88b5962de8cdae8/projects/927e252fb44d4b5cac9d4fb24d85be41
-H "X-Auth-Token:a85e07129aa54f61a46395543a3146af" -H "Content-Type:
application/json"
- Get endpoint for the project, this will return all of the endpoints
matched the rule defined in the endpoint group.
$curl -g -i -X GET
http://10.239.48.36:5000/v3/OS-EP-FILTER/projects/927e252fb44d4b5cac9d4fb24d85be41/endpoints
-H "X-Auth-Token:a85e07129aa54f61a46395543a3146af" -H "Content-Type:
application/json"
...
{
"endpoints": [
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/3f6fb8738db8427a997dbcc791b7901d";
},
"url": "http://10.239.48.36:8773/";,
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "a3338a6847e94766831ea7d9d43598cc",
"id": "3f6fb8738db8427a997dbcc791b7901d"
},
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/dd69f161f8a24612a7ffe796b45b8cd2";
},
"url": "http://10.239.48.36:8774/v2.1/$(tenant_id)s",
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "a147aa8896c4429aacf0f2eefd39098e",
"id": "dd69f161f8a24612a7ffe796b45b8cd2"
},
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/0d70f9fd5a85446c99fee79388adf9dc";
},
"url": "http://10.239.48.36:9292";,
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "4c367805e2a147589a14310d1486ab01",
"id": "0d70f9fd5a85446c99fee79388adf9dc"
},
{
"region_id": null,
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/5be3023ddf984fcf942b2a396eb0167b";
},
"url": "http://127.0.0.0:20";,
"region": null,
"enabled": true,
"interface": "internal",
"service_id": "69da5bbf65aa4565b9833655075e7a8a",
"id": "5be3023ddf984fcf942b2a396eb0167b"
},
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/9393be9c7eda41d89a28f2ffb486dc7c";
},
"url": "http://10.239.48.36:35357/v2.0";,
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "ef49d941aed34d39b8b49fce27c83a50",
"id": "9393be9c7eda41d89a28f2ffb486dc7c"
},
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/151b9f8b132f4c26a562872e09389a69";
},
"url": "http://10.239.48.36:8774/v2/$(tenant_id)s",
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "8bb4bdc9fcac4fb5bec4f6779268f0d0",
"id": "151b9f8b132f4c26a562872e09389a69"
},
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/bff53486b72c44e9b00cf69184b66ce9";
},
"url": "http://10.239.48.36:3333";,
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "69da5bbf65aa4565b9833655075e7a8a",
"id": "bff53486b72c44e9b00cf69184b66ce9"
},
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/d0ee548da623477eb73b60018c3e5ab8";
},
"url": "http://10.239.48.36:8776/v1/$(tenant_id)s",
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "928eb1b536464e238e573284760e656a",
"id": "d0ee548da623477eb73b60018c3e5ab8"
},
{
"region_id": "RegionOne",
"links": {
"self":
"http://10.239.48.36:5000/v3/endpoints/44699ffc64274612a0c039531f66096d";
},
"url": "http://10.239.48.36:8776/v2/$(tenant_id)s",
"region": "RegionOne",
"enabled": true,
"interface": "admin",
"service_id": "ab4b7001ccaa4c3896407d4523466183",
"id": "44699ffc64274612a0c039531f66096d"
}
],
"links": {
"self":
"http://10.239.48.36:5000/v3/OS-EP-FILTER/projects/927e252fb44d4b5cac9d4fb24d85be41/endpoints";,
"previous": null,
"next": null
}
}
...
- Get a project scoped token, this will only return endpoints from
endpoint_project table.
$ curl -i -H "Content-Type: application/json" -d '{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "12345"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "id": "default" }
}
}
}
}' http://10.239.48.36:5000/v3/auth/tokens; echo
...
"catalog": [
{
"endpoints": [
{
"region_id": null,
"url": "http://127.0.0.0:20";,
"interface": "internal",
"id": "5be3023ddf984fcf942b2a396eb0167b"
}
],
"type": "s3",
"id": "69da5bbf65aa4565b9833655075e7a8a"
}
],
...
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1516469/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
