With an additional dependency to "keystoneclient", we are able to get ride of the problem. This requires a small code modification of the class "nova/api/openstack/identity.py":
from keystoneauth1 import session
from keystoneclient.v3 import client
from keystoneclient import exceptions as ks_exc
from oslo_log import log as logging
import webob
from nova.i18n import _
LOG = logging.getLogger(__name__)
def verify_project_id(context, project_id):
"""verify that a project_id exists.
This attempts to verify that a project id exists. If it does not,
an HTTPBadRequest is emitted.
"""
auth = context.get_auth_plugin()
sess = session.Session(auth=auth)
keystone = client.Client(session=sess)
try:
project = keystone.projects.get(project_id)
except ks_exc.ClientException as e:
if e.http_status == 404:
raise webob.exc.HTTPBadRequest( explanation=_("Project ID %s is not a valid project.") % project_id)
elif e.http_status == 403:
# we don't have enough permission to verify this, so default
# to "it's ok". LOG.info( "Insufficient permissions for user %(user)s to verify " "existence of project_id %(pid)s", {"user": context.user_id, "pid": project_id})
else: LOG.warning( "Unexpected response from keystone trying to " "verify project_id %(pid)s - resp: %(code)s %(content)s", {"pid": project_id, "code": resp.status_code, "content": resp.content})
# realize we did something wrong, but move on with a warning
With an additional dependency to "keystoneclient", we are able to get ride of the problem. This requires a small code modification of the class "nova/api/ openstack/ identity. py":
from keystoneauth1 import session
from keystoneclient.v3 import client
from keystoneclient import exceptions as ks_exc
from oslo_log import log as logging
import webob
from nova.i18n import _
LOG = logging. getLogger( __name_ _)
def verify_ project_ id(context, project_id):
"""verify that a project_id exists.
This attempts to verify that a project id exists. If it does not,
an HTTPBadRequest is emitted.
""" get_auth_ plugin( ) Session( auth=auth) Client( session= sess) projects. get(project_ id) ClientException as e: HTTPBadRequest(
explanation= _("Project ID %s is not a valid project.") %
project_ id)
LOG. info(
"Insufficient permissions for user %(user)s to verify "
"existence of project_id %(pid)s",
{"user" : context.user_id, "pid": project_id})
LOG. warning(
"Unexpected response from keystone trying to "
"verify project_id %(pid)s - resp: %(code)s %(content)s",
{"pid" : project_id,
"code" : resp.status_code,
"content" : resp.content})
auth = context.
sess = session.
keystone = client.
try:
project = keystone.
except ks_exc.
if e.http_status == 404:
raise webob.exc.
elif e.http_status == 403:
# we don't have enough permission to verify this, so default
# to "it's ok".
else:
# realize we did something wrong, but move on with a warning
Any comments?