keystonemiddleware

auth_token contacts keystone when no token

Bug #1404294 reported by Brant Knudson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystonemiddleware
Fix Released
High
Brant Knudson
keystonemiddleware 1.3.1

Bug Description

The auth_token middleware will contact the Keystone server if there's no token in the request. Previous to the 1.0.0 release, the auth_token middleware didn't contact the Keystone server and now that it does unit tests that assumed the old behavior are failing.

OpenStack Infra (hudson-openstack)
Changed in keystonemiddleware:
assignee: nobody → Brant Knudson (blk-u)
status: New → In Progress
Revision history for this message
Brant Knudson (blk-u) wrote :

The error was like:

ConnectionRefused: Unable to establish connection to https://127.0.0.1:35357

See http://paste.openstack.org/show/153200/

Revision history for this message
Brant Knudson (blk-u) wrote :

https://review.openstack.org/#/c/140765/ should take care of this.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/143134

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystonemiddleware (master)

Change abandoned by Brant Knudson (<email address hidden>) on branch: master
Review: https://review.openstack.org/140765
Reason: Moved this to the parent commit.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Brant Knudson (<email address hidden>) on branch: master
Review: https://review.openstack.org/143134
Reason: moved into parent commit.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/140765
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=c97be0a9ee778f25e2931aeb1f678c145c2f1d2b
Submitter: Jenkins
Branch: master

commit c97be0a9ee778f25e2931aeb1f678c145c2f1d2b
Author: Brant Knudson <email address hidden>
Date: Wed Dec 10 09:46:44 2014 -0600

    Fix auth_token does version request for no token

    When a request came in with no token and the auth_token middleware
    wasn't configured with an auth version, a request would be made to
    fetch the versions supported by the server. This causes problems in
    projects that have unit tests using the auth_token middleware because
    they didn't expect to have an Identity server running.

    The fix for this is to refactor the identity version handling to a
    strategy pattern.

    There were 2 subclasses of _IdentityServer in auth_token, one for
    V2 and one for V3. This is excessive since there's only a couple of
    methods that are needed and not all the _IdentityServer class. Using
    the pricipal of preferring composition over inheritance, the code to
    handle V2/V3 is moved into a simpler strategy pattern. This also
    moves code out of the AuthProtocol class which is too complicated
    already, and it allows more refactoring since the _IdentityServer
    reference can be created and passed to extracted classes for them
    to use.

    Closes-Bug: #1404294
    Change-Id: If69fbb73bea268b96e4b1e9ad81a736495a2b58a

Changed in keystonemiddleware:
status: In Progress → Fix Committed
Morgan Fainberg (mdrnstm)
Changed in keystonemiddleware:
milestone: none → 1.3.1
status: Fix Committed → Fix Released
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.