Domain id reference for federated users fails in keystone middleware
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystonemiddleware |
Expired
|
Undecided
|
Unassigned |
Bug Description
Version: Keystone Mitaka
Keystone middleware expects the domain id field to be set for a user. For federated users, the domain id is set to be None and hence causes an error during autoscaling of a Heat stack created by SSO user.
Had to modify _populate_user() function in keystone/
# Fix: domain id for federated users is None, so send dummy value.
# Added is_local user attribute to distinguish local and federated users.
if user_ref.
domain = self._get_
else:
domain = {
# end
Wondering if this is the right way to resolve the domain reference issue for SSO.
Changed in keystonemiddleware: | |
status: | Expired → New |
Error traceback when glance api fails during autoscaling:
2016-09-16 18:49:59.086 16943 INFO eventlet. wsgi.server [-] Traceback (most recent call last): glance/ lib/python2. 7/site- packages/ eventlet/ wsgi.py" , line 481, in handle_one_response n(self. environ, start_response) glance/ lib/python2. 7/site- packages/ webob/dec. py", line 130, in __call__ glance/ lib/python2. 7/site- packages/ webob/dec. py", line 195, in call_func glance/ lib/python2. 7/site- packages/ glance/ common/ wsgi.py" , line 606, in __call__ response( self.applicatio n) glance/ lib/python2. 7/site- packages/ webob/request. py", line 1317, in send info=False) glance/ lib/python2. 7/site- packages/ webob/request. py", line 1281, in call_application self.environ, start_response) glance/ lib/python2. 7/site- packages/ webob/dec. py", line 130, in __call__ glance/ lib/python2. 7/site- packages/ webob/dec. py", line 195, in call_func glance/ lib/python2. 7/site- packages/ keystonemiddlew are/auth_ token/_ _init__ .py", line 464, in __call__ request( req) glance/ lib/python2. 7/site- packages/ keystonemiddlew are/auth_ token/_ _init__ .py", line 759, in process_request set_user_ headers( user_auth_ ref) glance/ lib/python2. 7/site- packages/ keystonemiddlew are/auth_ token/_ request. py", line 156, in set_user_headers _set_auth_ headers( auth_ref, self._USER_ HEADER_ PREFIX) glance/ lib/python2. 7/site- packages/ keystonemiddlew are/auth_ token/_ request. py", line 148, in _set_auth_headers headers[ header_ tmplt % prefix] = getattr(auth_ref, attr) glance/ lib/python2. 7/site- packages/ keystoneauth1/ access/ access. py", line 626, in user_domain_id 'domain' ]['id']
File "/opt/pf9/
result = self.applicatio
File "/opt/pf9/
resp = self.call_func(req, *args, **self.kwargs)
File "/opt/pf9/
return self.func(req, *args, **kwargs)
File "/opt/pf9/
response = req.get_
File "/opt/pf9/
application, catch_exc_
File "/opt/pf9/
app_iter = application(
File "/opt/pf9/
resp = self.call_func(req, *args, **self.kwargs)
File "/opt/pf9/
return self.func(req, *args, **kwargs)
File "/opt/pf9/
response = self.process_
File "/opt/pf9/
request.
File "/opt/pf9/
self.
File "/opt/pf9/
self.
File "/opt/pf9/
return self._user[
TypeError: 'NoneType' object has no attribute '__getitem__'
2016-09-16 18:49:59.087 16943 INFO eventlet. wsgi.server [-] 127.0.0.1 - - [16/Sep/2016 18:49:59] "HEAD /v1/images/ c82be9bb- 53f6-fba1- c8b3-7fe425f7fc 54 HTTP/1.1" 500 139 0.230317