When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint.
This will result with a Traceback showing is user/password in the logs
Keystone logs :
ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:
ERROR keystone.server.flask.application
ERROR keystone.server.flask.application Traceback (most recent call last):
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request
ERROR keystone.server.flask.application rv = self.dispatch_request()
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request
ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper
ERROR keystone.server.flask.application resp = resource(*args, **kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view
ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request
ERROR keystone.server.flask.application resp = meth(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper
ERROR keystone.server.flask.application return f(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post
ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth
ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate
ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate
ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail)
ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property
Jul 07 09:35:00 devstack <email address hidden>[60249]: ERROR keystone.server.flask.application On instance:
Jul 07 09:35:00 devstack <email address hidden>[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}}
Jul 07 09:35:00 devstack <email address hidden>[60249]: ERROR keystone.server.flask.application
Jul 07 09:35:00 devstack <email address hidden>[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0)
Steps to reproduce :
REQ: stack@devstack:~/devstack$ curl -i http://keystone.com/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}'
HTTP/1.1 400 BAD REQUEST
Date: Fri, 07 Jul 2023 09:35:00 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Type: application/json
Content-Length: 3467
Vary: X-Auth-Token
x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf
Connection: close
{"error":{"code":400,"message":"'identity' is a required property\n\nFailed validating 'required' in schema:\n {'properties': {'identity': {'properties': {'methods': {'items': {'type': 'string'},\n 'type': 'array'},\n 'password': {'properties': {'user': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'},\n 'password': {'type': 'string'}},\n 'type': 'object'}},\n 'type': 'object'},\n 'token': {'properties': {'id': {'type': 'string'}},\n 'required': ['id'],\n 'type': 'object'}},\n 'required': ['methods'],\n 'type': 'object'},\n 'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id': {'type': 'string'}},\n 'type': 'object'},\n 'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'project': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'system': {'properties': {'all': {'enum': [True,\n False,\n None],\n 'type': 'boolean'}},\n 'type': 'object'}},\n 'type': ['object', 'string']}},\n 'required': ['identity'],\n 'type': 'object'}\n\nOn instance:\n {'passwordCredentials': {'password': 'password', 'username': 'admin'}}","title":"Bad Request"}}
Tested on Devstack Env :
- OS Version: Ubuntu 22.04 jammy
- Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 )