OpenStack Identity (keystone)

DirectMappingError shows incorrect message when insecure_debug set to true

Bug #1695131 reported by yangweiwei
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Undecided
yangweiwei
OpenStack Identity (keystone) pike-2 "pike-2"

Bug Description

When I set the rule below:
[
{
    "local": [
        {
            "user":{
                   "name":"{0}"
                   }
        },
        {
            "group": {
                   "id":"c59d9770089b4d5aaa893973bbcfb538"
                    }
        }
    ],
    "remote":[
              {
              "type":"openstack_user",
              "any_one_of": [
                        "bob"
                           ]
              }
             ]
}
]

and I want to get the unscoped token and set the 'insecure_debug' to 'True', the error shows bellow:
keystoneauth1.exceptions.http.InternalServerError: An unexpected error prevented the server from fulfilling your request: . (Disable insecure_debug mode to suppress these details.) (HTTP 500) (Request-ID: req-eb26c090-87b2-4fa8-90d9-004928a61711)

I have digging the error happens in '_update_local_mapping' method in keystone/federation/utils.py.
Some logs bellow:

2017-06-02 09:48:02.160 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] {u'remote': [{u'type': u'openstack_user', u'any_one_of': [u'bob']}], u'local': [{u'user': {u'name': u'{0}'}}, {u'group': {u'id': u'c59d9770089b4d5aaa893973bbcfb538'}}]} process /usr/lib/python2.7/site-packages/keystone/federation/utils.py:531
2017-06-02 09:48:02.160 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] _verify_all_requirements /usr/lib/python2.7/site-packages/keystone/federation/utils.py:796
2017-06-02 09:48:02.161 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] _verify_all_requirements /usr/lib/python2.7/site-packages/keystone/federation/utils.py:806
2017-06-02 09:48:02.161 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] <keystone.federation.utils.DirectMaps object at 0x7f4073fa3f90> process /usr/lib/python2.7/site-packages/keystone/federation/utils.py:537
2017-06-02 09:48:02.161 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] direct_maps: <keystone.federation.utils.DirectMaps object at 0x7f4073fa3f90> _update_local_mapping /usr/lib/python2.7/site-packages/keystone/federation/utils.py:717
2017-06-02 09:48:02.162 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] local: {u'user': {u'name': u'{0}'}} _update_local_mapping /usr/lib/python2.7/site-packages/keystone/federation/utils.py:718
2017-06-02 09:48:02.162 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] direct_maps: <keystone.federation.utils.DirectMaps object at 0x7f4073fa3f90> _update_local_mapping /usr/lib/python2.7/site-packages/keystone/federation/utils.py:717
2017-06-02 09:48:02.162 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] local: {u'name': u'{0}'} _update_local_mapping /usr/lib/python2.7/site-packages/keystone/federation/utils.py:718
2017-06-02 09:48:02.163 2933 DEBUG keystone.federation.utils [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -]
{0} _update_local_mapping /usr/lib/python2.7/site-packages/keystone/federation/utils.py:728
2017-06-02 09:48:02.169 2933 WARNING oslo_config.cfg [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] Option "rpc_backend" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
2017-06-02 09:48:02.191 2933 DEBUG keystone.auth.plugins.mapped [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] An unexpected error prevented the server from fulfilling your request. handle_unscoped_token /usr/lib/python2.7/site-packages/keystone/auth/plugins/mapped.py:283
2017-06-02 09:48:02.192 2933 WARNING keystone.common.wsgi [req-94ec1d2f-4e3e-4174-a1d7-1ff574169f1f - - - - -] An unexpected error prevented the server from fulfilling your request.

But as the design, if we set the 'insecure_debug' to True, we could see the detail error details and specifics about how the mapping failed.

See original description
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/470094

Changed in keystone:
assignee: nobody → yangweiwei (496176919-6)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/470094
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=78eb44266cfc3e5053b71c27df7b7030641dbf53
Submitter: Jenkins
Branch: master

commit 78eb44266cfc3e5053b71c27df7b7030641dbf53
Author: yangweiwei <email address hidden>
Date: Fri Jun 2 09:53:10 2017 +0800

    Update DirectMappingError in keystone.exception

    When the correct IndexError happens in federation mapping rule, '{0}'
    is in a local section, but the value in direct_maps is null.

    Now I have set insecure_debug to 'True', and it shows like '...
    (e.g. {0} in a local section).'. But it still shows 'An unexpected...'.

    Change-Id: If6263229b153828ffa07ee3ad6004f3db7cdfd98
    Closes-Bug: #1695131

Changed in keystone:
status: In Progress → Fix Released
yangweiwei (496176919-6)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 12.0.0.0b2

This issue was fixed in the openstack/keystone 12.0.0.0b2 development milestone.

Lance Bragstad (lbragstad)
Changed in keystone:
milestone: none → pike-2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.