Opened on May 9, 2015 at 1:31:14 PM
Closed on Jan 6, 2016 at 10:25:55 AM
Last modified on Jan 7, 2016 at 8:19:18 AM
#8813 closed enhancement (fixed)
Support for authentication with Keystone v3 API
Reported by: | bill_az | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 4.8 |
Component: | openstack | Version: | 4.7 |
Severity: | normal | Keywords: | OpenStack |
Cc: | dag@… | Architecture: | |
Platform: |
Description
I am using Cyberduck and am able to connect to OpenStack deployments that use keystone v2, but not keystone v3. Is keystone v3 api supported, and if not when is it expected?
Attachments (2)
Change History (56)
comment:1 Changed on May 9, 2015 at 5:53:20 PM by dkocher
- Component changed from core to openstack
- Milestone set to 4.8
- Owner set to dkocher
- Status changed from new to assigned
- Summary changed from Cyberduck support for OpenStack Keystone v3 API to Support for OpenStack Keystone v3 API
- Type changed from defect to enhancement
comment:2 Changed on May 13, 2015 at 12:24:57 PM by dkocher
comment:3 Changed on May 13, 2015 at 12:25:32 PM by dkocher
comment:4 Changed on May 13, 2015 at 1:20:16 PM by dkocher
- Summary changed from Support for OpenStack Keystone v3 API to Support for authentication with Keystone v3 API
comment:5 Changed on May 13, 2015 at 1:23:57 PM by dkocher
You will need to create a custom connection profile with the authentication path /v3/tokens set in Context Path. Adapt from Openstack Swift (Keystone).cyberduckprofile.
comment:6 Changed on May 13, 2015 at 1:24:29 PM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
In r17511.
comment:7 Changed on May 13, 2015 at 9:30:38 PM by bill_az
@dkocher thanks for the fast reply. Is there a way to test with this code now? Or if not, when will v4.8 be available?
comment:8 Changed on May 14, 2015 at 7:02:03 AM by dkocher
Please update to the latest snapshot build available.
comment:9 Changed on May 14, 2015 at 7:02:50 AM by dkocher
Please confirm if this works as we haven't done any integration testing with a Keystone v3 deployment.
comment:10 Changed on May 20, 2015 at 12:49:07 PM by dkocher
New profile in r17553.
comment:11 Changed on May 21, 2015 at 7:31:38 PM by ariday
Test Results on Cyberduck Version 4.8 (17513) .
Tried out Version 4.8 (17513) with 2 different Profiles for HTTP without success
Profile Keystone v3 HTTP(/v3/tokens)
<plist version="1.0"> <dict> <key>Protocol</key> <string>swift</string> <key>Vendor</key> <string>cyberduck</string> <key>Context</key> <string>/v3/tokens</string> <key>Description</key> <string>Openstack Swift (Keystone 3)</string> <key>Username Placeholder</key> <string>Project:Username</string> <key>Password Placeholder</key> <string>Password</string> <key>Scheme</key> <string>http</string> </dict> </plist>
Log output (/v3/tokens)
POST /v3/tokens HTTP/1.1 Accept: application/json Content-Type: application/json Content-Length: 197 Host: 9.18.76.136:35357 Connection: Keep-Alive User-Agent: Cyberduck/4.8 (17513).17513 (Windows 7/6.1) (x86) HTTP/1.1 404 Not Found Vary: X-Auth-Token Content-Type: application/json Content-Length: 93 X-Openstack-Request-Id: req-063b7068-1efd-474b-8183-3ec7745a6843 Date: Thu, 21 May 2015 19:19:49 GMT Connection: keep-alive Error: File not found Not found. 404 Not Found. Please contact your web hosting service provider for assistance.
Profile Keystone v3 HTTP(/v3/auth/tokens)
Note: We may need a Placeholder to support domain
<plist version="1.0"> <dict> <key>Protocol</key> <string>swift</string> <key>Vendor</key> <string>cyberduck</string> <key>Context</key> <string>v3/auth/tokens</string> <key>Description</key> <string>Openstack Swift (Keystone HTTP)</string> <key>Username Placeholder</key> <string>Tenant ID:Access Key</string> <key>Password Placeholder</key> <string>Secret Key</string> <key>Scheme</key> <string>http</string> <key>Default Port</key> <string>35357</string> </dict> </plist>
Log output (/v3/auth/tokens)
POST /v3/auth/tokens HTTP/1.1 Accept: application/json Content-Type: application/json Content-Length: 197 Host: 9.18.76.136:35357 Connection: Keep-Alive User-Agent: Cyberduck/4.8 (17513).17513 (Windows 7/6.1) (x86) HTTP/1.1 201 Created X-Subject-Token: 83b0c04a331e4cc3abde981ae15c5c27 Vary: X-Auth-Token Content-Type: application/json Content-Length: 1691 X-Openstack-Request-Id: req-c378121d-a748-4f99-b4d6-53c169f05b29 Date: Thu, 21 May 2015 19:21:19 GMT Connection: keep-alive Error: Connection failed Created. 201 Created.
comment:12 Changed on May 21, 2015 at 8:28:26 PM by dkocher
Fixed context path in r17603.
comment:13 Changed on May 21, 2015 at 8:39:24 PM by dkocher
Fix expecting 201 response code in r17604.
comment:14 follow-up: ↓ 15 Changed on Jun 3, 2015 at 1:22:09 PM by bill_az
@dkocher we are still not able to connect to keystone v3 using cyberduck (17608). Any suggestions on how to debug further?
comment:15 in reply to: ↑ 14 Changed on Jun 3, 2015 at 1:26:46 PM by dkocher
- Resolution fixed deleted
- Status changed from closed to reopened
Replying to bill_az:
@dkocher we are still not able to connect to keystone v3 using cyberduck (17608). Any suggestions on how to debug further?
Please again post the log output in the Transcript.
comment:16 Changed on Jun 3, 2015 at 3:31:10 PM by ariday
@dkocher I am receiving a "201 Created" Response with Connection Failed (please see Attachment 17608.jpg)
Log output:
POST /v3/auth/tokens HTTP/1.1 Accept: application/json Content-Type: application/json Content-Length: 196 Host: 9.18.76.126:35357 Connection: Keep-Alive User-Agent: '''Cyberduck/4.8.17696''' (Windows 7/6.1) (x86) HTTP/1.1 201 Created X-Subject-Token: b6634117e4f341babcff31ac406a1623 Vary: X-Auth-Token Content-Type: application/json Content-Length: 1691 X-Openstack-Request-Id: req-550bfd38-d585-4ac6-8d9e-1ac075a9de67 Date: Wed, 03 Jun 2015 15:18:56 GMT Connection: keep-alive
comment:17 Changed on Jun 16, 2015 at 12:34:03 PM by dkocher
Fix upstream in 3db505511c1bc100baeb2ee1d862fa4d89c860e1.
comment:18 Changed on Jun 16, 2015 at 12:35:25 PM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
In r17750.
comment:19 follow-up: ↓ 20 Changed on Jun 17, 2015 at 10:58:39 PM by ariday
I would like to try the fix, but I am not able to find the build for this change. The latest nightly build for windows is Cyberduck-Installer-4.8.17726.exe, and by trying Preference ->Update ->Snapshot Builds it says "You're up to date!" with User-Agent: Cyberduck/4.8.17726 (Windows 7/6.1) (x86).
comment:20 in reply to: ↑ 19 ; follow-up: ↓ 21 Changed on Jun 18, 2015 at 9:15:41 AM by dkocher
Replying to ariday:
I would like to try the fix, but I am not able to find the build for this change. The latest nightly build for windows is Cyberduck-Installer-4.8.17726.exe, and by trying Preference ->Update ->Snapshot Builds it says "You're up to date!" with User-Agent: Cyberduck/4.8.17726 (Windows 7/6.1) (x86).
A new build is now available. Thanks for testing!
comment:21 in reply to: ↑ 20 Changed on Jun 23, 2015 at 3:05:28 PM by ariday
Replying to dkocher:
Replying to ariday:
I would like to try the fix, but I am not able to find the build for this change. The latest nightly build for windows is Cyberduck-Installer-4.8.17726.exe, and by trying Preference ->Update ->Snapshot Builds it says "You're up to date!" with User-Agent: Cyberduck/4.8.17726 (Windows 7/6.1) (x86).
A new build is now available. Thanks for testing!
Tested Build 4.7.1.17798. Now I do not see any Error Message, but the connection is not established.
Log output:
POST /v3/auth/tokens HTTP/1.1 Accept: application/json Content-Type: application/json Content-Length: 194 Host: 9.18.76.17:35357 Connection: Keep-Alive User-Agent: Cyberduck/4.7.1.17798 (Windows 7/6.1) (x86) HTTP/1.1 201 Created X-Subject-Token: 0abf709c013449ca963c38bfb64a5d73 Vary: X-Auth-Token Content-Type: application/json Content-Length: 1606 X-Openstack-Request-Id: req-1d7e869b-9c90-4900-8190-76a1cd256ffe Date: Tue, 23 Jun 2015 16:24:52 GMT Connection: keep-alive
Changed on Jun 23, 2015 at 4:32:43 PM by ariday
Log file for Swift Keystonev3 Connection not established 4.7.1.17798
comment:22 Changed on Jun 26, 2015 at 9:28:53 AM by dkocher
- Resolution fixed deleted
- Status changed from closed to reopened
1428 Caused by: java.lang.UnsupportedOperationException: JsonNull 1429 at com.google.gson.JsonElement.getAsString(JsonElement.java:191) 1430 at ch.iterate.openstack.swift.handler.AuthenticationJson3ResponseHandler.handleResponse(AuthenticationJson3ResponseHandler.java:81) 1431 at ch.iterate.openstack.swift.handler.AuthenticationJson3ResponseHandler.handleResponse(AuthenticationJson3ResponseHandler.java:29) 1432 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:222) 1433 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164) 1434 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139) 1435 at ch.iterate.openstack.swift.Client.authenticate(Client.java:211) 1436 at ch.iterate.openstack.swift.Client.authenticate(Client.java:204) 1437 at ch.cyberduck.core.openstack.SwiftSession.login(SwiftSession.java:132) 1438 at ch.cyberduck.core.KeychainLoginService.authenticate(KeychainLoginService.java:71) 1439 at ch.cyberduck.core.LoginConnectionService.authenticate(LoginConnectionService.java:201) 1440 at ch.cyberduck.core.LoginConnectionService.authenticate(LoginConnectionService.java:213) 1441 at ch.cyberduck.core.LoginConnectionService.connect(LoginConnectionService.java:191) 1442 at ch.cyberduck.core.LoginConnectionService.check(LoginConnectionService.java:129) 1443 at ch.cyberduck.core.LoginConnectionService.check(LoginConnectionService.java:136) 1444 at ch.cyberduck.core.threading.SessionBackgroundAction.connect(SessionBackgroundAction.java:220) 1445 at ch.cyberduck.core.threading.BrowserBackgroundAction.connect(BrowserBackgroundAction.java:108) 1446 at ch.cyberduck.core.threading.SessionBackgroundAction.call(SessionBackgroundAction.java:186) 1447 at ch.cyberduck.core.AbstractController$BackgroundCallable.call(AbstractController.java:174) 1448 at java.util.concurrent.FutureTask.run(FutureTask.java:266) 1449 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 1450 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:618) 1451 at ch.cyberduck.core.threading.NamedThreadFactory$1.run(NamedThreadFactory.java:58) 1452 at java.lang.Thread.run(Thread.java:961)
comment:23 Changed on Jun 26, 2015 at 9:50:04 AM by dkocher
There seems to be a confusion with naming the region in the response XML. We have taken an example from https://github.com/openstack/python-keystoneclient/blob/master/examples/pki/cms/auth_v3_token_scoped.json for a testcase where the field is named regionwhereas in the documentation at http://developer.openstack.org/api-ref-identity-v3.html the field is named region_id. The downside of all these JSON blobs with no validation that we would have for free with XML Schema.
comment:24 Changed on Jun 26, 2015 at 10:12:41 AM by dkocher
We can find no example at http://docs.openstack.org/developer/keystone/api_curl_examples.html with a object-store type in the service catalog result set.
comment:25 follow-up: ↓ 34 Changed on Jun 26, 2015 at 10:15:26 AM by dkocher
- Milestone changed from 4.7.1 to 4.8
comment:26 Changed on Jul 1, 2015 at 12:08:58 PM by dkocher
Can you provide a temporary integration testing environment?
comment:27 Changed on Jul 9, 2015 at 12:14:51 AM by bill_az
@dkocher - can we schedule a joint debug session? We can share screen/conference call to debug. If this works, let me know a day / time that would be convenient.
comment:28 follow-up: ↓ 29 Changed on Jul 23, 2015 at 1:05:16 AM by bill_az
@dkocher hi, still want to see if we can set up a meeting with shared screen to debug. Would that work? What time zone are you in?
comment:29 in reply to: ↑ 28 Changed on Jul 29, 2015 at 8:12:42 AM by dkocher
Replying to bill_az:
@dkocher hi, still want to see if we can set up a meeting with shared screen to debug. Would that work? What time zone are you in?
We are in UTC+1.
comment:30 Changed on Jul 29, 2015 at 8:13:12 AM by dkocher
Please try build r17986 or later.
comment:31 Changed on Jul 29, 2015 at 8:14:27 AM by dkocher
Is it possible for you to provide the HTTP response body (JSON formatted) the server sends possibly using the Swift command line tools?
comment:32 Changed on Aug 10, 2015 at 8:21:58 PM by danizar
comment:33 Changed on Aug 10, 2015 at 8:26:41 PM by danizar
Log file for Swift Keystonev3 Connection not established 4.7.2 despite HTTP/1.1 200 OK
DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to /<IPADDR> [[BR]] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established <IPADDR>:63814<-><IPADDR>:35357 [[BR]] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /v2.0/tokens HTTP/1.1 [[BR]] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED [[BR]] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED [[BR]] INFO ch.cyberduck.core.Session - POST /v2.0/tokens HTTP/1.1 [[BR]] INFO ch.cyberduck.core.Session - Accept: application/json [[BR]] INFO ch.cyberduck.core.Session - Content-Type: application/json [[BR]] INFO ch.cyberduck.core.Session - Content-Length: 96 [[BR]] INFO ch.cyberduck.core.Session - Host: <IPADDR>0:35357 [[BR]] INFO ch.cyberduck.core.Session - Connection: Keep-Alive [[BR]] INFO ch.cyberduck.core.Session - User-Agent: Cyberduck/4.7.2.18004 (Windows 7/6.1) (x86) [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /v2.0/tokens HTTP/1.1 [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept: application/json [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Type: application/json [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Length: 96 [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: <IPADDR>:35357 [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Cyberduck/4.7.2.18004 (Windows 7/6.1) (x86) [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 OK [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 << Vary: X-Auth-Token [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: application/json [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 1284 [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 << X-Openstack-Request-Id: req-dab2ae62-b226-4c52-bfca-73d3995f42a1 [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Mon, 10 Aug 2015 19:36:08 GMT [[BR]] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: keep-alive [[BR]] INFO ch.cyberduck.core.Session - HTTP/1.1 200 OK [[BR]] INFO ch.cyberduck.core.Session - Vary: X-Auth-Token [[BR]] INFO ch.cyberduck.core.Session - Content-Type: application/json [[BR]] INFO ch.cyberduck.core.Session - Content-Length: 1284 [[BR]] INFO ch.cyberduck.core.Session - X-Openstack-Request-Id: req-dab2ae62-b226-4c52-bfca-73d3995f42a1 [[BR]] INFO ch.cyberduck.core.Session - Date: Mon, 10 Aug 2015 19:36:08 GMT [[BR]] INFO ch.cyberduck.core.Session - Connection: keep-alive [[BR]] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive indefinitely [[BR]] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {}->http://<IPADDR>:35357] can be kept alive indefinitely [[BR]] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {}->http://<IPADDR>:35357][total kept alive: 1; route allocated: 1 of 10; total allocated: 1 of 2147483647] [[BR]] ERROR ch.cyberduck.core.AbstractController - Unhandled exception running background task JsonNull [[BR]]
comment:34 in reply to: ↑ 25 Changed on Aug 11, 2015 at 6:24:26 PM by dkocher
comment:35 follow-up: ↓ 36 Changed on Aug 20, 2015 at 9:36:37 PM by danizar
Connection successful with V3 but when trying to create containers a 401 response is shown
(region should be specified in profile to connect successfully)
401 might be a domain issue
POST /v3/auth/tokens HTTP/1.1\\ Accept: application/json\\ Content-Type: application/json\\ Content-Length: 194\\ Host: <ipaddress>:35357\\ Connection: Keep-Alive\\ User-Agent: Cyberduck/4.8.18022 (Windows 7/6.1) (x86)\\ HTTP/1.1 201 Created\\ X-Subject-Token: 685e0d061b764c33a97e7bed342b77dc\\ Vary: X-Auth-Token\\ Content-Type: application/json\\ Content-Length: 1666\\ X-Openstack-Request-Id: req-71ce95ec-6faa-4dfd-8f4b-3a5e7fc50c5b\\ Date: Thu, 20 Aug 2015 21:18:34 GMT\\ Connection: keep-alive\\ HEAD /v1/AUTH_02c0745ea4e044d1bd672f5be8b327f9 HTTP/1.1\\ X-Auth-Token: ee447665eaaf41cc9a88ee91330ef6d9\\ Host: <ipaddress>:8080\\ Connection: Keep-Alive\\ User-Agent: Cyberduck/4.8.18022 (Windows 7/6.1) (x86)\\ HTTP/1.1 401 Unauthorized\\ Content-Type: text/html; charset=UTF-8\\ Www-Authenticate: Swift realm="AUTH_02c0745ea4e044d1bd672f5be8b327f9"\\ WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'\\ X-Trans-Id: tx74d8aae64d014a54a22d5-0055d6442a\\ Content-Length: 0\\ Date: Thu, 20 Aug 2015 21:18:34 GMT\\ Connection: keep-alive\\ POST /v3/auth/tokens HTTP/1.1\\ Accept: application/json\\ Content-Type: application/json\\ Content-Length: 194\\ Host: 9.18.76.100:35357\\ Connection: Keep-Alive\\ User-Agent: Cyberduck/4.8.18022 (Windows 7/6.1) (x86)\\ HTTP/1.1 201 Created\\ X-Subject-Token: 18e4a4d879d2489d822059b12f28e63d\\ Vary: X-Auth-Token\\ Content-Type: application/json\\ Content-Length: 1666\\ X-Openstack-Request-Id: req-b874ec71-2070-490b-a061-78de597b701f\\ Date: Thu, 20 Aug 2015 21:18:34 GMT\\ Connection: keep-alive\\ HEAD /v1/AUTH_02c0745ea4e044d1bd672f5be8b327f9 HTTP/1.1\\ X-Auth-Token: ee447665eaaf41cc9a88ee91330ef6d9\\ Host: <ipaddress>:8080\\ Connection: Keep-Alive\\ User-Agent: Cyberduck/4.8.18022 (Windows 7/6.1) (x86)\\ HTTP/1.1 401 Unauthorized\\ Content-Type: text/html; charset=UTF-8\\ Www-Authenticate: Swift realm="AUTH_02c0745ea4e044d1bd672f5be8b327f9"\\ WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'\\ X-Trans-Id: tx6698aeea5bf8497fb42a4-0055d6442a\\ Content-Length: 0\\ Date: Thu, 20 Aug 2015 21:18:34 GMT\\ Connection: keep-alive\\ Profile: <plist version="1.0">\\ <dict>\\ <key>Protocol</key>\\ <string>swift</string>\\ <key>Vendor</key>\\ <string>cyberduck</string>\\ <key>Context</key>\\ <string>/v3/auth/tokens</string>\\ <key>Region</key>\\ <string>regionOne</string>\\ <key>Scheme</key>\\ <string>http</string>\\ <key>Description</key>\\ <string>Openstack Swift 3(HTTP)</string>\\ </dict>\\ </plist>\\
comment:36 in reply to: ↑ 35 ; follow-up: ↓ 37 Changed on Aug 24, 2015 at 1:03:51 PM by dkocher
Replying to danizar:
Connection successful with V3 but when trying to create containers a 401 response is shown
(region should be specified in profile to connect successfully)
401 might be a domain issue
Do other operations such as listing containers and keys succeed?
comment:37 in reply to: ↑ 36 Changed on Aug 26, 2015 at 4:13:30 AM by danizar
Replying to dkocher:
Replying to danizar:
Connection successful with V3 but when trying to create containers a 401 response is shown
(region should be specified in profile to connect successfully)
401 might be a domain issueDo other operations such as listing containers and keys succeed?
No other operation succeed, it is only possible to establish the connection.
comment:38 Changed on Nov 25, 2015 at 1:01:42 PM by Falk Reimann
Hi together,
Not sure about the current state of this. But besides the region, the profile should also contain an option to specify the used domain (ideally separating user domain and project domain).
The domain should be forwarded to ch.cyberduck.core.openstack.SwiftAuthenticationService were ch.iterate.openstack.swift.method.Authentication3UsernamePasswordProjectRequest is used without specifying the domain. So Authentication3UsernamePasswordProjectRequest is already able to handle domains I would assume.
This leads to the fact, that only projects in default domain are accessible. Having customers isolated by domain in keystone v3, is one benefit someone would use v3.
Would you agree?
Many Thanks in advance,
Falk
comment:39 follow-up: ↓ 40 Changed on Nov 30, 2015 at 2:15:00 PM by stenstad
I would be more than happy to provide you with a test account for a public cloud with Openstack Swift and Identity v3 with domains and projects. Who should I send it to?
comment:40 in reply to: ↑ 39 Changed on Nov 30, 2015 at 2:19:47 PM by dkocher
Replying to stenstad:
I would be more than happy to provide you with a test account for a public cloud with Openstack Swift and Identity v3 with domains and projects. Who should I send it to?
Please write to feedback@….
comment:41 Changed on Nov 30, 2015 at 2:40:29 PM by stenstad
- Cc dag@… added
comment:42 Changed on Dec 16, 2015 at 12:28:55 PM by dkocher
We have been sending requests with a domain identified by id instead of name.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "domain": { "id": "cyberduck.io" }, "name": "cyberduck", "password": "-----------------" } } }, "scope": { "project": { "domain": { "id": "cyberduck.io" }, "name": "Production" } } } }
should instead be
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "domain": { "name": "cyberduck.io" }, "name": "cyberduck", "password": "-----------------" } } }, "scope": { "project": { "domain": { "name": "cyberduck.io" }, "name": "Production" } } } }
comment:43 Changed on Dec 16, 2015 at 12:33:17 PM by dkocher
Reference upstream changeset.
comment:44 Changed on Dec 16, 2015 at 1:05:38 PM by dkocher
A sample profile for zetta.io.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Protocol</key> <string>swift</string> <key>Vendor</key> <string>zetta.io</string> <key>Default Hostname</key> <string>identity.api.zetta.io</string> <key>Context</key> <string>/v3/auth/tokens</string> <key>Description</key> <string>Zetta.IO (OpenStack Swift Keystone v3)</string> <key>Username Placeholder</key> <string>Project Name:Project Domain:Username</string> <key>Password Placeholder</key> <string>Password</string> </dict> </plist>
comment:45 Changed on Dec 16, 2015 at 1:09:36 PM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
Fix in da4aa75f81b.
comment:46 follow-up: ↓ 47 Changed on Dec 22, 2015 at 1:27:08 PM by Falk Reimann
Hi. Great news. Would it be possible to have a nightly build with this fix included?
comment:47 in reply to: ↑ 46 Changed on Dec 26, 2015 at 11:11:48 PM by dkocher
Replying to Falk Reimann:
Hi. Great news. Would it be possible to have a nightly build with this fix included?
New snapshot builds will become available this week.
comment:48 Changed on Dec 31, 2015 at 3:22:50 PM by dkocher
Version 4.8.0.18437 is now available as a snapshot build.
comment:49 Changed on Jan 6, 2016 at 8:40:09 AM by Falk Reimann
Hi. I did a quick check with Cyberduck connecting to a OpenStack devstack with keystone v3 enabled. It is still not working for me. I think the main issue is, that Cyberduck uses the UserID as Auth Token instead of the X-Subject-Token after issuing an token from keystone and therefore Swift will not authorize the request. I attached the main information from the log drawer. Can you please revisit this?
Thanks in advance, Falk
Token issued from keystone:
X-Subject-Token: 4c29d27f7c2e46b6bc82708d6060311b
Token provided to Swift:
X-Auth-Token: e239b9d1a16b4d6ea37770beabe06fea
User Id:
id: e239b9d1a16b4d6ea37770beabe06fea
Log Drawer output (truncated):
POST /v3/auth/tokens HTTP/1.1 Host: devstack:5000 User-Agent: Cyberduck/4.8.0.18437 (Mac OS X/10.11.2) (x86_64) HTTP/1.1 201 Created X-Subject-Token: 4c29d27f7c2e46b6bc82708d6060311b Vary: X-Auth-Token x-openstack-request-id: req-4cc53034-b79f-4545-ac6f-302c4d160d45 HEAD /v1/AUTH_0a9834e6208948fabd35f1497d71bcd6 HTTP/1.1 X-Auth-Token: e239b9d1a16b4d6ea37770beabe06fea Host: devstack:8090 User-Agent: Cyberduck/4.8.0.18437 (Mac OS X/10.11.2) (x86_64) HTTP/1.1 401 Unauthorized
And the user details I used for connection:
$ openstack user show swift +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | email | None | | enabled | True | | id | e239b9d1a16b4d6ea37770beabe06fea | | name | swift | +-----------+----------------------------------+
comment:50 Changed on Jan 6, 2016 at 8:44:56 AM by dkocher
- Resolution fixed deleted
- Status changed from closed to reopened
comment:51 Changed on Jan 6, 2016 at 9:54:40 AM by dkocher
The documentation documentation has to say
In v3, your token is returned to you in an X-Subject-Token header, instead of as part of the request body. You should still authenticate yourself to other services using the X-Auth-Token header.
comment:52 Changed on Jan 6, 2016 at 10:22:27 AM by dkocher
Fix in upstream.
comment:53 follow-up: ↓ 54 Changed on Jan 6, 2016 at 10:25:55 AM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
In r18867.
Reference in Identity API v3.