Authenticating v2 token against v3 api fails with error 500
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Critical
|
Adam Young |
Bug Description
I've been trying to consume a trust as documented in:
Using my patch to keystoneclient:
https:/
And I find that although the request to v3/auth/tokens fails with the following error:
REQ: curl -i -X POST http://
REQ BODY: {"auth": {"identity": {"methods": ["token"], "token": {"id": <ADMIN TOKEN>}}, "scope": {"OS-TRUST:trust": {"id": "7b6d5a4ee39645
RESP: [500] {'date': 'Thu, 15 Aug 2013 17:18:08 GMT', 'content-type': 'application/json', 'content-length': '151', 'vary': 'X-Auth-Token'}
RESP BODY: {"error": {"message": "An unexpected error prevented the server from fulfilling your request. 'token'", "code": 500, "title": "Internal Server Error"}}
Request returned failure status: 500
Traceback (most recent call last):
File "trust_
c_trust.
File "/opt/stack/
resp, body = self.get_
File "/opt/stack/
'%s' % e)
keystoneclient.
I've replaced the real token with <ADMIN TOKEN> above.
In the keystone log output I see this:
2013-08-15 18:36:57.129 4171 ERROR keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
2013-08-15 18:36:57.129 4171 TRACE keystone.
I'm at keystone git rev 14e090154c10001
I've attached a reproducer I've been testing with (will require installing the keystoneclient patch mentioned above)
Changed in keystone: | |
assignee: | nobody → Adam Young (ayoung) |
status: | Incomplete → Confirmed |
importance: | Undecided → Critical |
tags: | added: grizzly-backport-potential |
Changed in keystone: | |
milestone: | none → havana-3 |
tags: | removed: grizzly-backport-potential |
tags: | added: grizzly-backport-potential |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | havana-3 → 2013.2 |
tags: | removed: grizzly-backport-potential |
Working around with username/password doesn't seem to work either:
REQ: curl -i -X POST http:// 192.168. 122.156: 5000/v3/ auth/tokens -H "User-Agent: python- keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: <ADMIN TOKEN> 0eb0f708a524d79 99f", "password": "foobar"}}, "token": {"id": "<ADMIN TOKEN>"}}, "scope": {"OS-TRUST:trust": {"id": "4d08659bbc054e a49b4464dac05c6 51e"}}} }
REQ BODY: {"auth": {"identity": {"methods": ["password"], "password": {"user": {"id": "794943ea9a5740
Also fails, always returns "Authorization failed. The request you have made requires authentication."
Does this mean that "methods": ["password"] is invalid for getting a token scoped to a trust?