Canonical SSO provider

There should be a way to gracefully accept api calls for tokens when in RO mode

Bug #721409 reported by Dave Morley on 2011-02-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical SSO provider	Confirmed	High	Unassigned

Bug Description

Bug Description:
I a recent Production RO mode db upgrade there was an outage for mumble. Mumble accesses SSO authorisation via api.

Currently when we go into read only mode the following happens when there is a call for a token via api
>>> from lazr.restfulclient.resource import ServiceRoot
>>> from lazr.restfulclient.authorize import BasicHttpAuthorizer
>>> basic = BasicHttpAuthorizer('user', 'userpass')
>>> api = ServiceRoot(basic, 'https://login.staging.ubuntu.com/api/1.0')
>>> token = api.authentications.authenticate(token_name="this-box")

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.6/dist-packages/lazr/restfulclient/resource.py", line 528, in __call__
    url, in_representation, http_method, extra_headers=extra_headers)
  File "/usr/lib/python2.6/dist-packages/lazr/restfulclient/_browser.py", line 277, in _request
    raise HTTPError(response, content)
lazr.restfulclient.errors.HTTPError: HTTP Error 500: Internal Server Error
Response headers:
---
connection: close
content-length: 4152
content-type: text/plain
date: Fri, 18 Feb 2011 17:15:49 GMT
server: Apache/2.2.14 (Ubuntu)
status: 500
x-powered-by: Zope (www.zope.org), Python (www.python.org)
---
Response body:
---
Attempted to insert while in read-only mode: 'INSERT INTO "oauth_token" ("consumer_id", "token", "token_secret", "name", "created_at", "updated_at") VALUES (%s, %s, %s, %s, %s, %s)' % ((255, 'mxbCEwqqyDSOKYYJSOxFwLhfpRQJLdYAtXHGTshVvcXOTmLFVI', 'IAkLcFWwWKAUrdgPaABkOtOfrpwyHDlGaBJyDNDshRfmjmYKIE', u'this-box', u'2011-02-18 17:15:49.561556', u'2011-02-18 17:15:49.561580'))

Traceback (most recent call last):
  File "/usr/lib/python2.6/dist-packages/zope/publisher/publish.py", line 390, in publish
    result = publication.callObject(request, obj)
  File "/usr/lib/python2.6/dist-packages/lazr/restful/publisher.py", line 170, in callObject
    WebServicePublicationMixin, self).callObject(request, object)
  File "/usr/lib/python2.6/dist-packages/lazr/restful/simple.py", line 106, in callObject
    return mapply(ob, request.getPositionalArguments(), request)
  File "/usr/lib/python2.6/dist-packages/zope/publisher/publish.py", line 358, in mapply
    return debug_call(obj, args)
  File "/usr/lib/python2.6/dist-packages/zope/publisher/publish.py", line 365, in debug_call
    return obj(*args)
  File "/usr/lib/python2.6/dist-packages/lazr/restful/_resource.py", line 837, in __call__
    result = self.do_GET()
  File "/usr/lib/python2.6/dist-packages/lazr/restful/_resource.py", line 1475, in do_GET
    result = self.handleCustomGET(operation_name)
  File "/usr/lib/python2.6/dist-packages/lazr/restful/_resource.py", line 674, in handleCustomGET
    return operation()
  File "/usr/lib/python2.6/dist-packages/lazr/restful/_operation.py", line 59, in __call__
    response = self.call(**values)
  File "/usr/lib/python2.6/dist-packages/lazr/restful/declarations.py", line 1115, in call
    result = getattr(self.context, self._method_name)(**params)
  File "/usr/lib/python2.6/dist-packages/identityprovider/webservice/models.py", line 151, in wrapper
    return func(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/identityprovider/webservice/models.py", line 164, in authenticate
    token = account.create_oauth_token(token_name)
  File "/usr/lib/python2.6/dist-packages/identityprovider/models/account.py", line 263, in create_oauth_token
    token = consumer.token_set.create(name=token_name)
  File "/usr/lib/pymodules/python2.6/django/db/models/fields/related.py", line 367, in create
    return super(RelatedManager, self).create(**kwargs)
  File "/usr/lib/pymodules/python2.6/django/db/models/manager.py", line 126, in create
    return self.get_query_set().create(**kwargs)
  File "/usr/lib/pymodules/python2.6/django/db/models/query.py", line 315, in create
    obj.save(force_insert=True)
  File "/usr/lib/pymodules/python2.6/django/db/models/base.py", line 410, in save
    self.save_base(force_insert=force_insert, force_update=force_update)
  File "/usr/lib/pymodules/python2.6/django/db/models/base.py", line 495, in save_base
    result = manager._insert(values, return_id=update_pk)
  File "/usr/lib/pymodules/python2.6/django/db/models/manager.py", line 177, in _insert
    return insert_query(self.model, values, **kwargs)
  File "/usr/lib/pymodules/python2.6/django/db/models/query.py", line 1087, in insert_query
    return query.execute_sql(return_id)
  File "/usr/lib/pymodules/python2.6/django/db/models/sql/subqueries.py", line 320, in execute_sql
    cursor = super(InsertQuery, self).execute_sql(None)
  File "/usr/lib/pymodules/python2.6/django/db/models/sql/query.py", line 2369, in execute_sql
    cursor.execute(sql, params)
  File "/usr/lib/pymodules/python2.6/django/db/backends/util.py", line 19, in execute
    return self.cursor.execute(sql, params)
  File "/usr/lib/python2.6/dist-packages/identityprovider/backend/base.py", line 165, in execute
    {'command': command, 'sql': sql, 'params': params})
DatabaseError: Attempted to insert while in read-only mode: 'INSERT INTO "oauth_token" ("consumer_id", "token", "token_secret", "name", "created_at", "updated_at") VALUES (%s, %s, %s, %s, %s, %s)' % ((255, 'mxbCEwqqyDSOKYYJSOxFwLhfpRQJLdYAtXHGTshVvcXOTmLFVI', 'IAkLcFWwWKAUrdgPaABkOtOfrpwyHDlGaBJyDNDshRfmjmYKIE', u'this-box', u'2011-02-18 17:15:49.561556', u'2011-02-18 17:15:49.561580'))

---

OS:
64bif maverick

Browser:
n/a

Problem URL:
n/a

Steps To Reproduce:
1. Drop the SSO instance into RO mode
2. Use the python code above the error only substitute user userpass for your email login and password for SSO
3. In readonly the code give the above error, out of read only it passes fine.

Expected Result:
There should be away to obtain a token gracefully via api in read only mode or there should be an announcement made to warn that any of the api services that may not run while in read only mode and somehow show up in the applications.

Tags:

Ricardo Kirkner (ricardokirkner) on 2011-02-18

Changed in canonical-identity-provider:
importance:	Undecided → High
status:	New → Confirmed

Dave Morley (davmor2) on 2011-02-18

tags:

added: bug-1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.