Triaging as high because I know that @Dzahn and others who work on Puppet cleanup rely on this feature of openstack-browser to get an idea of which manifests are in use.

In T274666#7932556, @bd808 wrote:

[17:11]  <  mutante> openstack-browser stopped showing puppet classes and clicking other links seems slow / working sometimes. should I make a ticket or ongoing work?
[17:12]  <  mutante> f.e. https://openstack-browser.toolforge.org/puppetclass/ seems empty
[17:12]  <  mutante> I see backlog about outage on horizon. so maybe it's that then ack
[17:13]  <  mutante> ok, i'll just check in later again

[17:50]  <    bd808> mutante: I think we need a bug report for the openstack-browser things. I don't have time to dig in deeper at the moment, but it looks to me like the puppet-enc backend is now requiring auth even for browsing and that is making all the anon queries done by the tool fail. This is possibly unintended fallout of work taavi has been doing to add better auth to that puppet-enc service.
[17:51]  <    bd808> the app is doing things that are functionally `curl https://puppet-enc.cloudinfra.wmcloud.org:8143/v1/roles` -- https://phabricator.wikimedia.org/source/tool-keystone-browser/browse/master/keystone_browser/puppetclasses.py
[17:57]  <  mutante> bd808: ACK! will do that in a bit. thanks
[17:59]  <    taavi> that sounds like the most likely explanation, I thought I already migrated openstack-browser to use keystone authentication with puppet-enc :/
[18:00]  <    taavi> patches welcome, the proxies.py might have useful code you can almost copy-paste. otherwise will try to find some time to fix that soon-ish, but no promises due to irl priorities
[18:05]  <    bd808> *nod* looks like the `proxy_client` magic from https://phabricator.wikimedia.org/source/tool-keystone-browser/browse/master/keystone_browser/proxies.py is what puppetclasses.py also needs.