keystonemiddleware translate 401 from keystone to 503
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystonemiddleware |
Fix Released
|
Undecided
|
Colleen Murphy |
Bug Description
in cyborg or mogan project
Access a valid url by rest api with an invalid user name, it will return 503 error as follow:
$ curl -H "X-AUTH-
curl: (6) Could not resolve host: GET
<html>
<head>
<title>503 Service Unavailable</title>
</head>
<body>
<h1>503 Service Unavailable</h1>
The server is currently unavailable. Please try again at a later time.<br /><br />
</body>
But the log show: it is 401.
2018-02-06 11:45:53.050 14183 WARNING keystonemiddlew
2018-02-06 11:45:53.098 14183 WARNING keystonemiddlew
2018-02-06 11:45:53.098 14183 CRITICAL keystonemiddlew
That's because auth_token.
see the detail in the code.
https:/
except ksa_exceptions.
if retry:
msg = _('Identity server rejected authorization necessary to '
raise ksm_exceptions.
Changed in keystonemiddleware: | |
assignee: | Chris Dent (cdent) → Colleen Murphy (krinkle) |
Other project also have the same issue.
That's is puzzle to end user.
Please fix it.
How to fix it:
define a new exception in _exceptions.py as follow: exceptions. KeystoneMiddlew areException) :
class Unauthorized(
pass
https:/ /github. com/openstack/ keystonemiddlew are/blob/ master/ keystonemiddlew are/auth_ token/_ exceptions. py
and keep it as Unauthorized in _identity.py as follow Unauthorized as e:
self. _LOG.info( 'Identity server rejected authorization')
self. _LOG.warning( 'Identity response: %s', e.response.text)
self. _LOG.info( 'Retrying validation')
return self.verify_ token(user_ token, False)
' fetch token data') Unauthorized( msg)
except ksa_exceptions.
if retry:
msg = _('Identity server rejected authorization necessary to '
raise ksm_exceptions.
https:/ /github. com/openstack/ keystonemiddlew are/blob/ master/ keystonemiddlew are/auth_ token/_ identity. py#L234