OpenStack Identity (keystone)

Any operation without token fails with internal server error for fernet token

Bug #1526976 reported by Haneef Ali
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Haneef Ali
OpenStack Identity (keystone) mitaka-2 "m2"
Liberty
Fix Released
Medium
Unassigned

Bug Description

This bug is only for fernet token. Configure keystone to use fernet token. Call any operation without passing a X-Auth-Token. It reports 500 error. It should throw 401

e.g curl -X DELEETE $OS_AUTH_URL/v3/projects/<project_id

Haneef Ali (haneef)
Changed in keystone:
assignee: nobody → Haneef Ali (haneef)
Steve Martinelli (stevemar)
Changed in keystone:
importance: Undecided → Medium
milestone: none → mitaka-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/259563

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/259563
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=171f0e2193f336c02646e4366764d53336b10c8b
Submitter: Jenkins
Branch: master

commit 171f0e2193f336c02646e4366764d53336b10c8b
Author: Haneef Ali <email address hidden>
Date: Fri Dec 18 09:34:18 2015 -0800

    Fix 500 error when no fernet token is passed

    Keystone returns internal server error if the
    user doesn't send any token. This happens only for
    fernet token. This review returns 401 if the token
    is not passed. Logic is moved from provider to
    controller layer.

    Since the logic has movoed to controller, some
    of code which directly checks for no token in
    the provider and their corresponding tests
    has been removed from the token providers
    as they are redundant.

    Closes-Bug: 1526976

    Change-Id: I0b6b0c48d6c841f996d1b8711d6c343ddfd5d945

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/263952

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/liberty)

Reviewed: https://review.openstack.org/263952
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7ce8ce92e7c84ba5ff01130843efd45fa39aa334
Submitter: Jenkins
Branch: stable/liberty

commit 7ce8ce92e7c84ba5ff01130843efd45fa39aa334
Author: Haneef Ali <email address hidden>
Date: Fri Dec 18 09:34:18 2015 -0800

    Fix 500 error when no fernet token is passed

    Keystone returns internal server error if the
    user doesn't send any token. This happens only for
    fernet token. This review returns 401 if the token
    is not passed. Logic is moved from provider to
    controller layer.

    Since the logic has movoed to controller, some
    of code which directly checks for no token in
    the provider and their corresponding tests
    has been removed from the token providers
    as they are redundant.

    Closes-Bug: 1526976

    Change-Id: I0b6b0c48d6c841f996d1b8711d6c343ddfd5d945
    (cherry picked from commit 171f0e2193f336c02646e4366764d53336b10c8b)

Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/keystone 9.0.0.0b2

This issue was fixed in the openstack/keystone 9.0.0.0b2 development milestone.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/keystone 8.1.0

This issue was fixed in the openstack/keystone 8.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.