OpenStack Identity (keystone)

keystone reports internal error when policy.json is broken

Bug #1177623 reported by xingzhou on 2013-05-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Low	Lance Bragstad	OpenStack Identity (keystone) 2015.1.0 "kilo"

Bug Description

if policy.json is broken, when using keystone apis, will return HTTP 500 (internal error).

For better user experience, we need to provide:
1). a better response for use to explain what had happend
and
2). a default policy list to use in case the policy.json is broken.

xingzhou (xingzhou) on 2013-05-08

Changed in keystone:
assignee:	nobody → xingzhou (xingzhou)

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-06-07:

If policy.json is "broken" (invalid JSON syntax, for example), I'd fully expect the API to return a generic 500. However, an ERROR log explaining that policy.json could not be parsed would certainly be beneficial.

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-06-07:

Current API response:

{
  "error": {
    "message": "An unexpected error prevented the server from fulfilling your request. Expecting property name: line 2 column 5 (char 6)",
    "code": 500,
    "title": "Internal Server Error"
  }
}

Since it's already doing this, I guess it would make sense to wrap that error with a reference the configured "policy_file".

And for reference, the backtrace: http://paste.openstack.org/raw/38254/

Changed in keystone:
importance:	Undecided → Low
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-06-25: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/34339

Changed in keystone:
status:	Confirmed → In Progress

Revision history for this message

xingzhou (xingzhou) wrote on 2013-07-11:

as from the community, the reviewers think just return 500 is ok, so won't fix this defect

Changed in keystone:
status:	In Progress → Invalid

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-07-11:

The core issue described by the bug is one of user experience, so I think the direction is certainly valid. The response should still be a 500, as well. However, we're not providing adequate feedback to the deployer about what went wrong, and perhaps providing too much information to the API user (who *may* not be the deployer).

Changed in keystone:
status:	Invalid → Confirmed

OpenStack Infra (hudson-openstack) on 2013-07-12

Changed in keystone:
status:	Confirmed → In Progress

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-09-16:

Unassigning due to inactivity.

Changed in keystone:
assignee:	xingzhou (xingzhou) → nobody
status:	In Progress → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-11:

Fix proposed to branch: master
Review: https://review.openstack.org/51163

Changed in keystone:
assignee:	nobody → Jeffrey Zhang (jeffrey4l)
status:	Triaged → In Progress

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-02-05:

Unassigning due to inactivity.

Changed in keystone:
assignee:	Jeffrey Zhang (jeffrey4l) → nobody
status:	In Progress → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-28:

Fix proposed to branch: master
Review: https://review.openstack.org/131574

Changed in keystone:
assignee:	nobody → Lance Bragstad (lbragstad)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-05: Fix merged to keystone (master)

#10

Reviewed: https://review.openstack.org/131574
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=383422f2434414d5d736ebdd9a8b4dcc4e15a288
Submitter: Jenkins
Branch: master

commit 383422f2434414d5d736ebdd9a8b4dcc4e15a288
Author: Lance Bragstad <email address hidden>
Date: Tue Oct 28 20:38:33 2014 +0000

Provide useful info when parsing policy file

    When parsing the policy.json file we should provide a message that helps
    the user or deployer understand there was an issue with the policy file,
    and that they should make sure the policy.json file is valid JSON.

Change-Id: I63bdb6d8f03a0510e34b7e10cec25263e7c6c63c
Closes-Bug: #1177623

Changed in keystone:
status:	In Progress → Fix Committed

Morgan Fainberg (mdrnstm) on 2014-12-08

Changed in keystone:
milestone:	none → kilo-1

Thierry Carrez (ttx) on 2014-12-17

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-04-30

Changed in keystone:
milestone:	kilo-1 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.