OpenStack Identity (keystone)

API traceback when creating token with body from v2 api on the v3 endpoint

Bug #2026361 reported by Quentin GROLLEAU
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
New
Undecided
Quentin GROLLEAU

Bug Description

When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint.
This will result with a Traceback showing is user/password in the logs

Keystone logs :

ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:
ERROR keystone.server.flask.application
ERROR keystone.server.flask.application Traceback (most recent call last):
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request
ERROR keystone.server.flask.application rv = self.dispatch_request()
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request
ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper
ERROR keystone.server.flask.application resp = resource(*args, **kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view
ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request
ERROR keystone.server.flask.application resp = meth(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper
ERROR keystone.server.flask.application return f(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post
ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth
ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate
ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate
ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail)
ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property

Jul 07 09:35:00 devstack <email address hidden>[60249]: ERROR keystone.server.flask.application On instance:
Jul 07 09:35:00 devstack <email address hidden>[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}}
Jul 07 09:35:00 devstack <email address hidden>[60249]: ERROR keystone.server.flask.application
Jul 07 09:35:00 devstack <email address hidden>[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0)

Steps to reproduce :

REQ: stack@devstack:~/devstack$ curl -i http://keystone.com/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}'
HTTP/1.1 400 BAD REQUEST
Date: Fri, 07 Jul 2023 09:35:00 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Type: application/json
Content-Length: 3467
Vary: X-Auth-Token
x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf
Connection: close

{"error":{"code":400,"message":"'identity' is a required property\n\nFailed validating 'required' in schema:\n {'properties': {'identity': {'properties': {'methods': {'items': {'type': 'string'},\n 'type': 'array'},\n 'password': {'properties': {'user': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'},\n 'password': {'type': 'string'}},\n 'type': 'object'}},\n 'type': 'object'},\n 'token': {'properties': {'id': {'type': 'string'}},\n 'required': ['id'],\n 'type': 'object'}},\n 'required': ['methods'],\n 'type': 'object'},\n 'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id': {'type': 'string'}},\n 'type': 'object'},\n 'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'project': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'system': {'properties': {'all': {'enum': [True,\n False,\n None],\n 'type': 'boolean'}},\n 'type': 'object'}},\n 'type': ['object', 'string']}},\n 'required': ['identity'],\n 'type': 'object'}\n\nOn instance:\n {'passwordCredentials': {'password': 'password', 'username': 'admin'}}","title":"Bad Request"}}

Tested on Devstack Env :
- OS Version: Ubuntu 22.04 jammy
- Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 )

See original description
Quentin GROLLEAU (quentin.grolleau)
description: updated
description: updated
Quentin GROLLEAU (quentin.grolleau)
Changed in keystone:
assignee: nobody → Quentin GROLLEAU (quentin.grolleau)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.