OpenStack Identity (keystone)

  1. Bug #2026361
  2. Activity log

Activity log for bug #2026361

Date Who What changed Old value New value Message
2023-07-07 09:41:09 Quentin GROLLEAU bug added bug
2023-07-07 12:59:43 Quentin GROLLEAU description When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint. This will result with a Traceback showing is user/password in the logs Keystone logs : ERROR keystone.server.flask.application During handling of the above exception, another exception occurred: ERROR keystone.server.flask.application ERROR keystone.server.flask.application Traceback (most recent call last): ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request ERROR keystone.server.flask.application rv = self.dispatch_request() ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper ERROR keystone.server.flask.application resp = resource(*args, **kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request ERROR keystone.server.flask.application resp = meth(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper ERROR keystone.server.flask.application return f(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail) ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application On instance: Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}} Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application Jul 07 09:35:00 devstack devstack@keystone.service[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0) Steps to reproduce : REQ: stack@devstack:~/devstack$ curl -i http://57.128.26.217/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}' HTTP/1.1 400 BAD REQUEST Date: Fri, 07 Jul 2023 09:35:00 GMT Server: Apache/2.4.52 (Ubuntu) Content-Type: application/json Content-Length: 3467 Vary: X-Auth-Token x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf Connection: close {"error":{"code":400,"message":"'identity' is a required property\n\nFailed validating 'required' in schema:\n {'properties': {'identity': {'properties': {'methods': {'items': {'type': 'string'},\n 'type': 'array'},\n 'password': {'properties': {'user': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'},\n 'password': {'type': 'string'}},\n 'type': 'object'}},\n 'type': 'object'},\n 'token': {'properties': {'id': {'type': 'string'}},\n 'required': ['id'],\n 'type': 'object'}},\n 'required': ['methods'],\n 'type': 'object'},\n 'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id': {'type': 'string'}},\n 'type': 'object'},\n 'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'project': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'system': {'properties': {'all': {'enum': [True,\n False,\n None],\n 'type': 'boolean'}},\n 'type': 'object'}},\n 'type': ['object', 'string']}},\n 'required': ['identity'],\n 'type': 'object'}\n\nOn instance:\n {'passwordCredentials': {'password': 'password', 'username': 'admin'}}","title":"Bad Request"}} Tested on Devstack Env : - OS Version: Ubuntu 22.04 jammy - Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 ) When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint. This will result with a Traceback showing is user/password in the logs Keystone logs : ERROR keystone.server.flask.application During handling of the above exception, another exception occurred: ERROR keystone.server.flask.application ERROR keystone.server.flask.application Traceback (most recent call last): ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request ERROR keystone.server.flask.application rv = self.dispatch_request() ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper ERROR keystone.server.flask.application resp = resource(*args, **kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request ERROR keystone.server.flask.application resp = meth(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper ERROR keystone.server.flask.application return f(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail) ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application On instance: Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}} Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application Jul 07 09:35:00 devstack devstack@keystone.service[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0) Steps to reproduce : REQ: stack@devstack:~/devstack$ curl -i http://keystone/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}' HTTP/1.1 400 BAD REQUEST Date: Fri, 07 Jul 2023 09:35:00 GMT Server: Apache/2.4.52 (Ubuntu) Content-Type: application/json Content-Length: 3467 Vary: X-Auth-Token x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf Connection: close {"error":{"code":400,"message":"'identity' is a required property\n\nFailed validating 'required' in schema:\n {'properties': {'identity': {'properties': {'methods': {'items': {'type': 'string'},\n 'type': 'array'},\n 'password': {'properties': {'user': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'},\n 'password': {'type': 'string'}},\n 'type': 'object'}},\n 'type': 'object'},\n 'token': {'properties': {'id': {'type': 'string'}},\n 'required': ['id'],\n 'type': 'object'}},\n 'required': ['methods'],\n 'type': 'object'},\n 'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id': {'type': 'string'}},\n 'type': 'object'},\n 'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'project': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'system': {'properties': {'all': {'enum': [True,\n False,\n None],\n 'type': 'boolean'}},\n 'type': 'object'}},\n 'type': ['object', 'string']}},\n 'required': ['identity'],\n 'type': 'object'}\n\nOn instance:\n {'passwordCredentials': {'password': 'password', 'username': 'admin'}}","title":"Bad Request"}} Tested on Devstack Env : - OS Version: Ubuntu 22.04 jammy - Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 )
2023-07-07 13:00:15 Quentin GROLLEAU description When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint. This will result with a Traceback showing is user/password in the logs Keystone logs : ERROR keystone.server.flask.application During handling of the above exception, another exception occurred: ERROR keystone.server.flask.application ERROR keystone.server.flask.application Traceback (most recent call last): ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request ERROR keystone.server.flask.application rv = self.dispatch_request() ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper ERROR keystone.server.flask.application resp = resource(*args, **kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request ERROR keystone.server.flask.application resp = meth(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper ERROR keystone.server.flask.application return f(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail) ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application On instance: Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}} Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application Jul 07 09:35:00 devstack devstack@keystone.service[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0) Steps to reproduce : REQ: stack@devstack:~/devstack$ curl -i http://keystone/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}' HTTP/1.1 400 BAD REQUEST Date: Fri, 07 Jul 2023 09:35:00 GMT Server: Apache/2.4.52 (Ubuntu) Content-Type: application/json Content-Length: 3467 Vary: X-Auth-Token x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf Connection: close {"error":{"code":400,"message":"'identity' is a required property\n\nFailed validating 'required' in schema:\n {'properties': {'identity': {'properties': {'methods': {'items': {'type': 'string'},\n 'type': 'array'},\n 'password': {'properties': {'user': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'},\n 'password': {'type': 'string'}},\n 'type': 'object'}},\n 'type': 'object'},\n 'token': {'properties': {'id': {'type': 'string'}},\n 'required': ['id'],\n 'type': 'object'}},\n 'required': ['methods'],\n 'type': 'object'},\n 'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id': {'type': 'string'}},\n 'type': 'object'},\n 'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'project': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'system': {'properties': {'all': {'enum': [True,\n False,\n None],\n 'type': 'boolean'}},\n 'type': 'object'}},\n 'type': ['object', 'string']}},\n 'required': ['identity'],\n 'type': 'object'}\n\nOn instance:\n {'passwordCredentials': {'password': 'password', 'username': 'admin'}}","title":"Bad Request"}} Tested on Devstack Env : - OS Version: Ubuntu 22.04 jammy - Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 ) When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint. This will result with a Traceback showing is user/password in the logs Keystone logs : ERROR keystone.server.flask.application During handling of the above exception, another exception occurred: ERROR keystone.server.flask.application ERROR keystone.server.flask.application Traceback (most recent call last): ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request ERROR keystone.server.flask.application rv = self.dispatch_request() ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper ERROR keystone.server.flask.application resp = resource(*args, **kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs) ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request ERROR keystone.server.flask.application resp = meth(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper ERROR keystone.server.flask.application return f(*args, **kwargs) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate) ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail) ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application On instance: Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}} Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application Jul 07 09:35:00 devstack devstack@keystone.service[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0) Steps to reproduce : REQ: stack@devstack:~/devstack$ curl -i http://keystone.com/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}' HTTP/1.1 400 BAD REQUEST Date: Fri, 07 Jul 2023 09:35:00 GMT Server: Apache/2.4.52 (Ubuntu) Content-Type: application/json Content-Length: 3467 Vary: X-Auth-Token x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf Connection: close {"error":{"code":400,"message":"'identity' is a required property\n\nFailed validating 'required' in schema:\n {'properties': {'identity': {'properties': {'methods': {'items': {'type': 'string'},\n 'type': 'array'},\n 'password': {'properties': {'user': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'},\n 'password': {'type': 'string'}},\n 'type': 'object'}},\n 'type': 'object'},\n 'token': {'properties': {'id': {'type': 'string'}},\n 'required': ['id'],\n 'type': 'object'}},\n 'required': ['methods'],\n 'type': 'object'},\n 'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id': {'type': 'string'}},\n 'type': 'object'},\n 'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'project': {'properties': {'domain': {'properties': {'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'id': {'type': 'string'},\n 'name': {'type': 'string'}},\n 'type': 'object'},\n 'system': {'properties': {'all': {'enum': [True,\n False,\n None],\n 'type': 'boolean'}},\n 'type': 'object'}},\n 'type': ['object', 'string']}},\n 'required': ['identity'],\n 'type': 'object'}\n\nOn instance:\n {'passwordCredentials': {'password': 'password', 'username': 'admin'}}","title":"Bad Request"}} Tested on Devstack Env : - OS Version: Ubuntu 22.04 jammy - Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 )
2023-07-07 15:27:11 Quentin GROLLEAU keystone: assignee Quentin GROLLEAU (quentin.grolleau)