Blazar

Keystone client fails to authorize during trust creation

Bug #1326066 reported by Pablo Andres Fuente
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Blazar
Fix Released
Critical
Pablo Andres Fuente
Blazar 0.1.1

Bug Description

The current Keystone client for the V3 API fails to authorize during a trust creation.

2014-06-02 11:50:39.233 19207 ERROR climate.api.v1.utils [-] Traceback (most recent call last):
  File "/opt/stack/blazar/climate/api/v1/utils.py", line 76, in handler
    return func(**kwargs)
  File "/opt/stack/blazar/climate/api/v1/oshosts/v1_0.py", line 37, in computehosts_create
    return api_utils.render(host=_api.create_computehost(data))
  File "/opt/stack/blazar/climate/utils/__init__.py", line 32, in __run_method
    return getattr(self.instance, __name)(*args, **kwargs)
  File "/opt/stack/blazar/climate/policy.py", line 109, in wrapped
    return func(self, *args, **kwargs)
  File "/opt/stack/blazar/climate/utils/trusts.py", line 84, in wrapped
    trust = create_trust()
  File "/opt/stack/blazar/climate/utils/trusts.py", line 27, in create_trust
    client = keystone.ClimateKeystoneClient()
  File "/opt/stack/blazar/climate/utils/openstack/keystone.py", line 114, in __init__
    self.keystone.authenticate()
  File "/opt/stack/python-keystoneclient/keystoneclient/utils.py", line 324, in inner
    return func(*args, **kwargs)
  File "/opt/stack/python-keystoneclient/keystoneclient/httpclient.py", line 392, in authenticate
    resp = self.get_raw_token_from_identity_service(**kwargs)
  File "/opt/stack/python-keystoneclient/keystoneclient/v3/client.py", line 188, in get_raw_token_from_identity_service
    '%s' % e)
AuthorizationFailure: Authorization failed: Cannot authenticate without an auth_url

After checking the Keystone code, I found that the HTTPClient class is not storing internally the auth_url received during initialization (https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/httpclient.py#L59).
I'm on Keystone IRC trying to determine if this is a Keystone bug or we are using incorrectly the client.

As a quick patch, is possible to resend the auth_url as a parameter of the authenticate() method (https://github.com/stackforge/blazar/blob/master/climate/utils/openstack/keystone.py#L114)

OpenStack Infra (hudson-openstack)
Changed in blazar:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar (master)

Reviewed: https://review.openstack.org/97565
Committed: https://git.openstack.org/cgit/stackforge/blazar/commit/?id=eec7f456b45f222db296f2f29ce23309358decff
Submitter: Jenkins
Branch: master

commit eec7f456b45f222db296f2f29ce23309358decff
Author: Pablo Andres Fuente <email address hidden>
Date: Tue Jun 3 14:15:16 2014 -0300

    Passing auth_url to keystoneclient.authenticate

    During the creation of a trust, our Keystone client implementation calls
    the authenticate method which fails due to the auth_url parameter is
    missing. Seems that the current V3 Kestone client isn't honoring the auth_url
    passed during initialization.
    If you call the authenticate method without passing the auth_url
    parameter, the authentication fails because that parameter was not
    properly set, but should work because that parameter is passed during
    initialization.
    This commit tries to fix the issue until a patch from Keystone lands to
    master.

    Change-Id: Id242dcac31fe535836033dff951844a66bcc2100
    Closes-Bug: #1326066

Changed in blazar:
status: In Progress → Fix Committed
Masahito Muroi (muroi-masahito)
Changed in blazar:
milestone: none → 0.1.1
Masahito Muroi (muroi-masahito)
Changed in blazar:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.