Domain id reference for federated users fails in keystone middleware

Error traceback when glance api fails during autoscaling:

2016-09-16 18:49:59.086 16943 INFO eventlet.wsgi.server [-] Traceback (most recent call last):
 File "/opt/pf9/glance/lib/python2.7/site-packages/eventlet/wsgi.py", line 481, in handle_one_response
   result = self.application(self.environ, start_response)
 File "/opt/pf9/glance/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
   resp = self.call_func(req, *args, **self.kwargs)
 File "/opt/pf9/glance/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
   return self.func(req, *args, **kwargs)
 File "/opt/pf9/glance/lib/python2.7/site-packages/glance/common/wsgi.py", line 606, in __call__
   response = req.get_response(self.application)
 File "/opt/pf9/glance/lib/python2.7/site-packages/webob/request.py", line 1317, in send
   application, catch_exc_info=False)
 File "/opt/pf9/glance/lib/python2.7/site-packages/webob/request.py", line 1281, in call_application
   app_iter = application(self.environ, start_response)
 File "/opt/pf9/glance/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
   resp = self.call_func(req, *args, **self.kwargs)
 File "/opt/pf9/glance/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
   return self.func(req, *args, **kwargs)
 File "/opt/pf9/glance/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 464, in __call__
   response = self.process_request(req)
 File "/opt/pf9/glance/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 759, in process_request
   request.set_user_headers(user_auth_ref)
 File "/opt/pf9/glance/lib/python2.7/site-packages/keystonemiddleware/auth_token/_request.py", line 156, in set_user_headers
   self._set_auth_headers(auth_ref, self._USER_HEADER_PREFIX)
 File "/opt/pf9/glance/lib/python2.7/site-packages/keystonemiddleware/auth_token/_request.py", line 148, in _set_auth_headers
   self.headers[header_tmplt % prefix] = getattr(auth_ref, attr)
 File "/opt/pf9/glance/lib/python2.7/site-packages/keystoneauth1/access/access.py", line 626, in user_domain_id
   return self._user['domain']['id']
TypeError: 'NoneType' object has no attribute '__getitem__'

2016-09-16 18:49:59.087 16943 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [16/Sep/2016 18:49:59] "HEAD /v1/images/c82be9bb-53f6-fba1-c8b3-7fe425f7fc54 HTTP/1.1" 500 139 0.230317

Moved to keystonemiddleware project.

Is this still an issue?

Morgan, yes still seeing this even after upgrading to Keystone Pike.

This is how we are currently fixing this in keystone for SSO users working with heat stacks.

File - keystone/token/providers/common.py

@@ -250,10 +250,20
        # SSO heat fix: domain id for federated users is None, so send dummy value
        LOG.debug('_populate_user for user_ref %s', user_ref)
        if user_ref.get('is_local'):
            domain = self._get_filtered_domain(user_ref['domain_id'])
        else:
            domain = {
                      'id': CONF.federation.federated_domain_name,
                      'name': CONF.federation.federated_domain_name
                     }
        # end

[Expired for keystonemiddleware because there has been no activity for 60 days.]

Is this bug still valid? Federated users now always have a domain so this should not be an issue any more.

[Expired for keystonemiddleware because there has been no activity for 60 days.]