EC2 keystone auth middleware isn't setting project_id correctly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Dan Prince |
Bug Description
When using the EC2 API with keystone (KSL) it appears that we store a dict of tenant information as the 'tenant_id' in the request context. This causes a slew of SQL errors in various nova services. For example the following is from the network.log:
(nova.rpc.common): TRACE: ProgrammingError: (ProgrammingError) (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \': "\'d94c76d76d9f
----
The fix seems to be to grab the tenant 'id' instead.
Given that '/ec2tokens' is an un-versioned keystone extension I think it is acceptable to allow to change in this regard. Thus... I'm suggesting we change nova to match it:
+++ b/nova/
@@ -307,7 +307,7 @@ class EC2KeystoneAuth
try:
- project_id = result[
+ project_id = result[
roles = [role['name'] for role
except (AttributeError, KeyError), e:
Changed in nova: | |
status: | New → In Progress |
assignee: | nobody → Dan Prince (dan-prince) |
importance: | Undecided → High |
Changed in nova: | |
milestone: | none → essex-4 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | essex-4 → 2012.1 |
Fix proposed to branch: master /review. openstack. org/4538
Review: https:/