Juniper Openstack

R3.1-build-19-mitaka-get request using keystone v3 token not working

Bug #1612531 reported by shajuvk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.0
Fix Committed
Critical
Deepinder Setia
Juniper Openstack r3.0.3.0
R3.1
Fix Committed
High
Deepinder Setia
Juniper Openstack r3.1.1.0
Trunk
Fix Committed
Critical
Deepinder Setia
Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"

Bug Description

Step:
1. Get the token using ‘openstack token issue’ command
2. Use below curl command to get from api 9example)

curl -H"X-Auth-Token: ed50f17901ec470183bf49b63f7fa2cc" http://10.84.14.8:8082/domains | python -m json.tool

Thanks,
Shaju

From: Deepinder Singh Setia <email address hidden>
Date: Thursday, August 11, 2016 at 6:03 PM
To: "Shaju V.K" <email address hidden>
Cc: Jeba Paulaiyan <email address hidden>
Subject: Re: v3 token for accessing api

You are using curl? Can you send the exact command sequence for failure case?

Deepinder

Sent from my iPhone

On Aug 11, 2016, at 5:39 PM, Shaju V.K <email address hidden> wrote:

Hi Deepinder,

When even I tried to get some object from api using v3 token generated using “openstack token issue” command, I see an exception in contrail-api log.
But it works if I use the token generated from “keystone token-get” command.

requested: http://10.84.14.8:8082/domains (used the token in header)

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 1641, in handler_trap_exception
    response = handler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cfgm_common/vnc_api_stats.py", line 17, in wrapper
    response = func(api_server_obj, resource_type, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 1022, in http_resource_list
    req_fields)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 2897, in _list_collection
    tenant_uuid = self._db_conn.fq_name_to_uuid('project', tenant_fq_name)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_ifmap.py", line 2040, in fq_name_to_uuid
    obj_uuid = self._cassandra_db.fq_name_to_uuid(obj_type, fq_name)
  File "/usr/lib/python2.7/dist-packages/cfgm_common/vnc_cassandra.py", line 1273, in fq_name_to_uuid
    fq_name_str = utils.encode_string(':'.join(fq_name))
TypeError: sequence item 1: expected string, NoneType found

Thanks,
Shaju

Tags: blocker rbac cfgm
shajuvk (shajuvk)
summary: - R3.1-buil-19-get request from api using keystone v3 token not working
+ R3.1-buil-19-get request using keystone v3 token not working
summary: - R3.1-buil-19-get request using keystone v3 token not working
+ R3.1-buil-19-mitaka-get request using keystone v3 token not working
summary: - R3.1-buil-19-mitaka-get request using keystone v3 token not working
+ R3.1-build-19-mitaka-get request using keystone v3 token not working
tags: added: rbac
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1

Review in progress for https://review.opencontrail.org/23243
Submitter: Deepinder Setia (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/23243
Committed: http://github.org/Juniper/contrail-controller/commit/bb3d9160e6a0e26dda227f844cf5e14d31ffa6cf
Submitter: Zuul
Branch: R3.1

commit bb3d9160e6a0e26dda227f844cf5e14d31ffa6cf
Author: Deepinder Setia <email address hidden>
Date: Fri Aug 12 00:48:37 2016 -0700

Tenant name is set to None in post keystone validated environment for a
domain-scoped token

Change-Id: Ic87983db7c4096f92d727c8ca9ba19501d14e80d
Closes-Bug: #1612531

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1

Review in progress for https://review.opencontrail.org/23276
Submitter: Deepinder Setia (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/23276
Committed: http://github.org/Juniper/contrail-controller/commit/a22cac0c9042eb2b36b4b458e2779d41cc6204e1
Submitter: Zuul
Branch: R3.1

commit a22cac0c9042eb2b36b4b458e2779d41cc6204e1
Author: Deepinder Setia <email address hidden>
Date: Sat Aug 13 16:16:20 2016 -0700

Skip sharing if tenant id missing from token. This should handle
domain or project scoped token. Also fix bug in vnc api V3 token
generation

Change-Id: I336b3a8d79d76817cfc09d25ee941abd54fa15f6
Fixes-Bug: #1612531

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/23323
Submitter: Deepinder Setia (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/23323
Committed: http://github.org/Juniper/contrail-controller/commit/dd1dc828ff4c2c743e1a963c0a6defb9fa170c47
Submitter: Zuul
Branch: R3.0

commit dd1dc828ff4c2c743e1a963c0a6defb9fa170c47
Author: Deepinder Setia <email address hidden>
Date: Fri Aug 12 00:48:37 2016 -0700

Tenant name is set to None in post keystone validated environment for a
domain-scoped token. Skip sharing if tenant id missing from token. This
should handle domain or project scoped token. Also fix bug in vnc api V3
token generation

Change-Id: I05a1182d58ce0a50b78a2aec36e0665e28fc2cb6
Closes-Bug: #1612531

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/23706
Submitter: Deepinder Setia (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/23706
Committed: http://github.org/Juniper/contrail-controller/commit/335118c87bd25c13875c0cf62f9e8e3489350a63
Submitter: Zuul
Branch: master

commit 335118c87bd25c13875c0cf62f9e8e3489350a63
Author: Deepinder Setia <email address hidden>
Date: Fri Aug 12 00:48:37 2016 -0700

Tenant name is set to None in post keystone validated environment for a
domain-scoped token. Skip sharing if tenant id missing from token. This
should handle domain or project scoped token. Also fix bug in vnc api V3
token generation

Change-Id: I05a1182d58ce0a50b78a2aec36e0665e28fc2cb6
Closes-Bug: #1612531

Sachin Bansal (sbansal)
information type: Proprietary → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.