[Keystone] Federated users can't use EC2 API
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Committed
|
High
|
Kirill Bespalov |
Bug Description
Environment: MOS 9.2 (Mitaka)
Description:
For Mitaka federated users belong to a domain which does not exist in Keystone DB.
Code at keystone/
https:/
Steps to reproduce:
1) Create EC2 credentials for a federated user
2) Try to authenticate with /v3/ec2tokens keystone endpoint using the credentials
Result:
Keystone fails with the following logs:
2017-07-04 15:46:50.871734 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871737 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871739 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871742 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871744 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871746 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871749 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871751 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871753 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871755 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871757 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871760 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871762 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871764 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871766 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871768 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871770 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871772 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871774 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871776 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871779 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871791 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871794 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871796 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871798 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871800 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871802 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871804 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871811 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871813 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871815 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871818 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871820 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871822 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871824 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871826 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871828 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871830 2017-07-04 15:46:50.868 4516 ERROR keystone.
2017-07-04 15:46:50.871832 2017-07-04 15:46:50.868 4516 ERROR keystone.
Changed in mos: | |
assignee: | nobody → Kirill Bespalov (k-besplv) |
Changed in mos: | |
milestone: | 9.x-updates → 9.2-mu-4 |
importance: | Undecided → High |
status: | New → Confirmed |
Reviewed: https:/ /review. fuel-infra. org/36654
Submitter: Pkgs Jenkins <email address hidden>
Branch: 9.0/mitaka
Commit: 26a35084425d79f 8897b5fff819467 6fd2176e02
Author: Dmitry Stepanenko <email address hidden>
Date: Mon Oct 30 10:00:48 2017
Do not always check domains for ec2 auth
In case user doesn't have domain (user is federated) domains
shouldn't be checked while authenticating with ec2 credentials.
Change-Id: I02d3172fce7ed7 1a70f4d85d49390 48d4e69b11d
Closes-Bug: #1728555