keystone fernet cannot work with mod wsgi anymore

Bug #1528981 reported by Dave Chen on 2015-12-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
High
Dave Chen

Bug Description

With the latest code, fernet cannot work anymore due to this change id (Change-Id: I0723cd50bbb464c38c9efcf1888e39d14950997b).

The stacktrace like this,

2015-12-23 10:47:53.526487 9923 DEBUG passlib.registry [req-e4501bef-5f1e-4bd3-8e1b-7320093b767b - - - - -] registered 'sha512_crypt' handler: <class 'passlib.handlers.sha2_crypt.sha512_crypt'> register_crypt_handler /usr/local/lib/python2.7/dist-packages/passlib/registry.py:284
2015-12-23 10:47:53.625320 9923 INFO keystone.token.providers.fernet.utils [req-e4501bef-5f1e-4bd3-8e1b-7320093b767b - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2015-12-23 10:47:53.735808 mod_wsgi (pid=9923): Exception occurred processing WSGI script '/usr/local/bin/keystone-wsgi-public'.
2015-12-23 10:47:53.735856 TypeError: expected byte string object for header value, value of type unicode found

Need identify which change from this commit (https://review.openstack.org/#/c/259563/) cause the regression

Dave Chen (wei-d-chen) on 2015-12-24
Changed in keystone:
assignee: nobody → Dave Chen (wei-d-chen)
Dave Chen (wei-d-chen) on 2015-12-24
description: updated
Changed in keystone:
milestone: none → mitaka-2
importance: Undecided → High

Fix proposed to branch: master
Review: https://review.openstack.org/261205

Changed in keystone:
status: New → In Progress

Change abandoned by Dave Chen (<email address hidden>) on branch: master
Review: https://review.openstack.org/262364
Reason: in favor of https://review.openstack.org/#/c/261205/

Reviewed: https://review.openstack.org/261205
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=5b445469b6369fe991f725b90833c54f399ab350
Submitter: Jenkins
Branch: master

commit 5b445469b6369fe991f725b90833c54f399ab350
Author: Dave Chen <email address hidden>
Date: Thu Dec 24 15:10:47 2015 +0800

    Fix the incompatible issue in response header

    Some changes were made to fix fernet padding for python3 [1],
    fernet payload is decoded to str after encryption when
    creating a fernet token. But it will be unicode string on
    python27 and this is not compatible with `mod_wsgi`.

    `mod_wsgi` needs the value in the response headers is binary(str)
    type on python2, and unicode(str) type on python3. This patch
    does this translation accordingly to make keystone works with
    `mod_wsgi`.

    [1] https://review.openstack.org/#/c/231711/
    Closes-Bug: #1528981

    Change-Id: I0217ac10d20c51a9c17bed566f326eb6db6ed949

Changed in keystone:
status: In Progress → Fix Released

This issue was fixed in the openstack/keystone 9.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers