django-openstack-auth

Unexpected error when unscoped token is None

Bug #1551977 reported by Brad Pokorny
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
django-openstack-auth
Fix Released
Medium
Brad Pokorny

Bug Description

When using PKI, there are certain cases the user.Token constructor is called with the default __init__ value of None. The _is_pki_token passes None for the token on to the Keystone client, and an unexpected error occurs:

  File "/home/dmhorizon/django_openstack_auth/openstack_auth/user.py", line 94, in __init__
    if self._is_pki_token(self.unscoped_token):
  File "/home/dmhorizon/django_openstack_auth/openstack_auth/user.py", line 120, in _is_pki_token
    return (keystone_cms.is_ans1_token(token)
  File "/home/dmhorizon/django_openstack_auth/.tox/py27/local/lib/python2.7/site-packages/debtcollector/removals.py", line 242, in wrapper
    return f(*args, **kwargs)
  File "/home/dmhorizon/django_openstack_auth/.tox/py27/local/lib/python2.7/site-packages/keystoneclient/common/cms.py", line 314, in is_ans1_token
    return is_asn1_token(token)
  File "/home/dmhorizon/django_openstack_auth/.tox/py27/local/lib/python2.7/site-packages/keystoneclient/common/cms.py", line 303, in is_asn1_token
    return token[:3] == PKI_ASN1_PREFIX
TypeError: 'NoneType' object has no attribute '__getitem__'

If the token is None, we know it's not pki and should not make an extra call to the Keystone client to check.

See original description
Brad Pokorny (bpokorny)
Changed in django-openstack-auth:
assignee: nobody → Brad Pokorny (bpokorny)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to django_openstack_auth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/286860

Changed in django-openstack-auth:
status: New → In Progress
Brad Pokorny (bpokorny)
description: updated
David Lyle (david-lyle)
Changed in django-openstack-auth:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to django_openstack_auth (master)

Reviewed: https://review.openstack.org/286860
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=75a6b9721e57c0cbabd9d330dbb0f1cfdd3af48a
Submitter: Jenkins
Branch: master

commit 75a6b9721e57c0cbabd9d330dbb0f1cfdd3af48a
Author: Brad Pokorny <email address hidden>
Date: Mon Feb 29 23:01:46 2016 -0800

    Don't call the Keystone client if the token is None

    There are certain cases the user.Token constructor is called with
    the default unscoped_token value of None. When this happens using
    PKI, an unexpected error occurs. If the token is None, we know it's
    not pki and should not make an extra call to the Keystone client to
    check.

    A test is provided to demonstrate the issue, and the test fails
    without the included code change.

    Change-Id: Ie8e93eda4cf8e8285785335126624781470be19c
    Closes-Bug: #1551977

Changed in django-openstack-auth:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/django_openstack_auth 2.3.0

This issue was fixed in the openstack/django_openstack_auth 2.3.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.