python 3 errors with memcache enabled

Bug #1713574 reported by Alejandro Comisario
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Undecided
Unassigned
keystoneauth
Invalid
Undecided
Unassigned
keystonemiddleware
Fix Released
Medium
Rohan Arora

Bug Description

Hi, we are using gnocchi 4 running the following:

keystoneauth1 (3.1.0)
keystonemiddleware (4.14.0)
python-keystoneclient (3.13.0)

with python 3.5.4

on a configuration file like this :

[keystone_authtoken]
signing_dir = /var/cache/gnocchi
project_domain_name = default
user_domain_name = default
signing_dir = /var/cache/gnocchi
auth_uri = http://yourmomkeystone.com:5000/v3
auth_url = http://yourmomkeystone.com:35357/v3
project_name = admin
password = porotito
username = cloudadmin
auth_type = password
auth_type = password
memcached_servers = yourmommecached:11211
insecure=true
endpoint_type = internal
region_name = yourmomregion
memcache_security_strategy = ENCRYPT
memcache_secret_key = lalalalalalaalala

After the api starts, the token is asked successfully, but we have this stacktrace when trying to use memcached.

2017-08-28 20:12:41,029 [7] CRITICAL root: Traceback (most recent call last):
  File "/usr/local/lib/python3.5/site-packages/webob/dec.py", line 131, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/local/lib/python3.5/site-packages/webob/dec.py", line 196, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/oslo_middleware/base.py", line 131, in __call__
    response = req.get_response(self.application)
  File "/usr/local/lib/python3.5/site-packages/webob/request.py", line 1316, in send
    application, catch_exc_info=False)
  File "/usr/local/lib/python3.5/site-packages/webob/request.py", line 1280, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/local/lib/python3.5/site-packages/paste/urlmap.py", line 216, in __call__
    return app(environ, start_response)
  File "/usr/local/lib/python3.5/site-packages/webob/dec.py", line 131, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/local/lib/python3.5/site-packages/webob/dec.py", line 196, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/oslo_middleware/base.py", line 131, in __call__
    response = req.get_response(self.application)
  File "/usr/local/lib/python3.5/site-packages/webob/request.py", line 1316, in send
    application, catch_exc_info=False)
  File "/usr/local/lib/python3.5/site-packages/webob/request.py", line 1280, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/local/lib/python3.5/site-packages/webob/dec.py", line 131, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/local/lib/python3.5/site-packages/webob/dec.py", line 196, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/__init__.py", line 331, in __call__
    response = self.process_request(req)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/__init__.py", line 622, in process_request
    resp = super(AuthProtocol, self).process_request(request)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/__init__.py", line 404, in process_request
    allow_expired=allow_expired)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/__init__.py", line 434, in _do_fetch_token
    data = self.fetch_token(token, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/__init__.py", line 736, in fetch_token
    cached = self._cache_get_hashes(token_hashes)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/__init__.py", line 719, in _cache_get_hashes
    cached = self._token_cache.get(token)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/_cache.py", line 212, in get
    key, context = self._get_cache_key(token_id)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/_cache.py", line 268, in _get_cache_key
    self._security_strategy)
  File "/usr/local/lib/python3.5/site-packages/keystonemiddleware/auth_token/_memcache_crypt.py", line 101, in derive_keys
    digest = hmac.new(secret, token + strategy, HASH_FUNCTION).digest()
TypeError: Can't convert 'bytes' object to str implicitly

any help ?

Revision history for this message
Lance Bragstad (lbragstad) wrote : Re: keystone middleware and keystoneauth1 errors with python 3 and memcache_security_strategy=ENCRYPT

This exception seems specific to keystonemiddleware, but adding keystoneauth to the report based on the original bug title.

summary: - keystone middleware and keystoneauth1 errors with pyton 3 and
+ keystone middleware and keystoneauth1 errors with python 3 and
memcache_security_strategy=ENCRYPT
Changed in keystone:
status: New → Invalid
summary: - keystone middleware and keystoneauth1 errors with python 3 and
- memcache_security_strategy=ENCRYPT
+ python 3 errors with memcache
Changed in keystonemiddleware:
importance: Undecided → Medium
Revision history for this message
Lance Bragstad (lbragstad) wrote : Re: python 3 errors with memcache

We've gone through phases where these crop up, but the fix is essentially a str/byte conversion fix between py2 and py3 (to be the best of my knowledge based on the trace). We should be able to handle this using six.

tags: added: low
tags: added: low-hanging-fruit
removed: low
summary: - python 3 errors with memcache
+ python 3 errors with memcache enabled
Revision history for this message
Tin Lam (lamt) wrote :

I am seeing the same problem in an internal project leveraging newton keystonemiddleware using py3. Interesting to see that it is still an issue.

File "/usr/local/lib/python3.5/dist-packages/keystonemiddleware/auth_token/_memcache_crypt.py", line 101, in derive_keys
    digest = hmac.new(secret, token + strategy, HASH_FUNCTION).digest()
TypeError: Can't convert 'bytes' object to str implicitly

Will submit a patchset for this.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/510241

Changed in keystonemiddleware:
assignee: nobody → Tin Lam (lamt)
status: New → In Progress
Changed in keystonemiddleware:
assignee: Tin Lam (lamt) → Rohan Arora (ra271w)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/510241
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=74455d80575aa174db0217c5eae905eacab42d78
Submitter: Zuul
Branch: master

commit 74455d80575aa174db0217c5eae905eacab42d78
Author: Tin Lam <email address hidden>
Date: Thu Oct 5 21:47:30 2017 -0500

    Fix py3 byte/string error

    This patch set corrects a problem when the keystonemiddleware is
    executed with memcache encryption enabled. Currently, the
    hmac.new() calls throw exceptions in python3 due to how py2 and py3
    handles string vs. byte/bytearray.

    Co-Authored-By: Rohan Arora <email address hidden>

    Closes-Bug: #1713574
    Change-Id: I9bb291be48a094b9f266a8459a3f51ee163d33a3

Changed in keystonemiddleware:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystonemiddleware 4.18.0

This issue was fixed in the openstack/keystonemiddleware 4.18.0 release.

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Is this still an issue? We're doing a LOT of testing with py3 now. Marking incomplete.

Changed in keystoneauth:
status: New → Incomplete
Revision history for this message
Colleen Murphy (krinkle) wrote :

I don't think this should have been triaged for keystoneauth, the fix for this was merged in keystonemiddleware.

Changed in keystoneauth:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.