python-keystoneclient

  1. Bug #1346820
  2. Activity log

Activity log for bug #1346820

Date Who What changed Old value New value Message
2014-07-22 09:19:43 Mahesh Sawaiker bug added bug
2014-07-22 09:22:08 Mahesh Sawaiker description Do the following steps 1) Set up keystone for federation. 2) Generated a unscoped federated token 3) Generate a scoped token using token in step 2 4) Set up nova/glance for using keystone v3 API. 5) Try an image list command using following request Request GET http://sp.machine:9292/v2/images Headers: Content-Type: application/json Accept: application/json X-Auth-Token: e92a49262a8d403db838d6494e4f9991 6) This will break the auth_token(middleware\auth_token.py) middleware with key error at the following place user = token['user'] user_domain_id = user['domain']['id'] user_domain_name = user['domain']['name'] in the function _build_user_headers. This is because the token does not contain any domain id or name under the user info, since federated tokens have no information about the user Following is the token information, not that there is no domain under users { "token": { "methods": [ "saml2" ], "roles": [ { "id": "aad3b40ebb3b442f8fe85e88b21f3b4c", "name": "admin" } ], "expires_at": "2014-07-22T10:15:05.367852Z", "project": { "domain": { "id": "default", "name": "Default" }, "id": "6e99b7d923bc437381fd1b2b4d890339", "name": "admin" }, "catalog": [ { "endpoints": [ { "url": "https://127.0.0.1/keystone/main/v3", "interface": "internal", "region": "regionOne", "id": "f5dad391109542cba959d2e27c5fe3a2" }, { "url": "https://172.20.15.103:8443/keystone/main/v3", "interface": "public", "region": "regionOne", "id": "4f76970e4ab5497d9149d56d455499ac" }, { "url": "https://172.20.15.103:8443/keystone/admin/v3", "interface": "admin", "region": "regionOne", "id": "b85e76ca32f640c4a4d84068c71d3bf2" }, { "url": "https://172.20.15.103:8443/keystone/admin/v2.0", "interface": "admin", "region": "regionOne", "id": "1ae909491d754aeb8c8b8a5c5fa6ad47" }, { "url": "https://127.0.0.1/keystone/main/v2.0", "interface": "internal", "region": "regionOne", "id": "daf4ce3876d04285a106d86e0fea9bd1" }, { "url": "https://172.20.15.103:8443/keystone/main/v2.0", "interface": "public", "region": "regionOne", "id": "f763c80100954bc4805cf51b3dddb84b" } ], "type": "identity", "id": "0f79e21861a94fcd84b72cae3ebd79e5" }, { "endpoints": [ { "url": "http://172.20.15.103:9292", "interface": "admin", "region": "RegionOne", "id": "16ffa8cebadd4d239744ea168efcd109" }, { "url": "http://172.20.15.103:9292", "interface": "internal", "region": "RegionOne", "id": "944adaa070f44f21aa8a73fab15f07bb" }, { "url": "http://127.0.0.1:9292", "interface": "public", "region": "RegionOne", "id": "cd945f6a5ee8410bbfe8d3572e23ee5d" } ], "type": "image", "id": "fe5d67da897b4359810d95e2c591fe21" }, { "endpoints": [ { "url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339", "interface": "admin", "region": "RegionOne", "id": "6d93d29279a6483783298eb67159b5c6" }, { "url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339", "interface": "internal", "region": "RegionOne", "id": "9416222ad31a411294718b8fe4988daf" }, { "url": "http://127.0.0.1:8776/v1/6e99b7d923bc437381fd1b2b4d890339", "interface": "public", "region": "RegionOne", "id": "4d924ad3cb1a442a929536f90a1612b6" } ], "type": "volume", "id": "55ef917e57a540e9b0353f02dec22512" }, { "endpoints": [ { "url": "http://172.20.15.103:9696", "interface": "admin", "region": "RegionOne", "id": "5fe8a0a8f6624e2cae2e2a8556919c2f" }, { "url": "http://172.20.15.103:9696", "interface": "internal", "region": "RegionOne", "id": "0b9f9b8ce304460689e373c1e2a08c27" }, { "url": "http://127.0.0.1:9696", "interface": "public", "region": "RegionOne", "id": "bcb231d9baab4345b9efed6374fc2a43" } ], "type": "network", "id": "b8aaed7927834fd381f6621e678409c1" }, { "endpoints": [ { "url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339", "interface": "admin", "region": "RegionOne", "id": "55489ebf6793489289556a590f0c464f" }, { "url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339", "interface": "internal", "region": "RegionOne", "id": "a9da7a6cf58e45be889ac6b88d071ae4" }, { "url": "http://127.0.0.1:8774/v2/6e99b7d923bc437381fd1b2b4d890339", "interface": "public", "region": "RegionOne", "id": "249a8f15a5034cfd956ed0136d62404b" } ], "type": "compute", "id": "ef0ff2f7395f4523b3dd2197f3e243cf" }, { "endpoints": [ { "url": "http://172.20.15.103:8777", "interface": "admin", "region": "RegionOne", "id": "95c930d0d593422092380bea899996b2" }, { "url": "http://172.20.15.103:8777", "interface": "internal", "region": "RegionOne", "id": "2ca7e0515143455eb385b8feb5de9d2d" }, { "url": "http://127.0.0.1:8777", "interface": "public", "region": "RegionOne", "id": "5b86fbfe14914ba9ba3a4ab600717ef7" } ], "type": "metering", "id": "a028437e8c364bb78501bfb46619bd86" } ], "extras": {}, "user": { "id": "admin", "name": "admin" }, "issued_at": "2014-07-22T09:15:05.367875Z" } } Do the following steps 1) Set up keystone for federation. 2) Generated a unscoped federated token 3) Generate a scoped token using token in step 2 4) Set up nova/glance for using keystone v3 API. 5) Try an image list command using following request Request GET http://sp.machine:9292/v2/images Headers:     Content-Type: application/json     Accept: application/json     X-Auth-Token: e92a49262a8d403db838d6494e4f9991 6) This will break the auth_token(middleware\auth_token.py) middleware with key error at the following place             user = token['user']             user_domain_id = user['domain']['id']             user_domain_name = user['domain']['name'] in the function _build_user_headers. This is because the token does not contain any domain id or name under the user info, since federated tokens have no information about the user This can be fixed, simply by putting an if condition around the problematic code. I have tested this fix and then able to get image list and server list using glance and nova rest apis. Example vim "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py" 893 if 'domain' in user: 894 user_domain_id = user['domain']['id'] 895 user_domain_name = user['domain']['name'] Following is the token information, not that there is no domain under users {   "token": {     "methods": [       "saml2"     ],     "roles": [       {         "id": "aad3b40ebb3b442f8fe85e88b21f3b4c",         "name": "admin"       }     ],     "expires_at": "2014-07-22T10:15:05.367852Z",     "project": {       "domain": {         "id": "default",         "name": "Default"       },       "id": "6e99b7d923bc437381fd1b2b4d890339",       "name": "admin"     },     "catalog": [       {         "endpoints": [           {             "url": "https://127.0.0.1/keystone/main/v3",             "interface": "internal",             "region": "regionOne",             "id": "f5dad391109542cba959d2e27c5fe3a2"           },           {             "url": "https://172.20.15.103:8443/keystone/main/v3",             "interface": "public",             "region": "regionOne",             "id": "4f76970e4ab5497d9149d56d455499ac"           },           {             "url": "https://172.20.15.103:8443/keystone/admin/v3",             "interface": "admin",             "region": "regionOne",             "id": "b85e76ca32f640c4a4d84068c71d3bf2"           },           {             "url": "https://172.20.15.103:8443/keystone/admin/v2.0",             "interface": "admin",             "region": "regionOne",             "id": "1ae909491d754aeb8c8b8a5c5fa6ad47"           },           {             "url": "https://127.0.0.1/keystone/main/v2.0",             "interface": "internal",             "region": "regionOne",             "id": "daf4ce3876d04285a106d86e0fea9bd1"           },           {             "url": "https://172.20.15.103:8443/keystone/main/v2.0",             "interface": "public",             "region": "regionOne",             "id": "f763c80100954bc4805cf51b3dddb84b"           }         ],         "type": "identity",         "id": "0f79e21861a94fcd84b72cae3ebd79e5"       },       {         "endpoints": [           {             "url": "http://172.20.15.103:9292",             "interface": "admin",             "region": "RegionOne",             "id": "16ffa8cebadd4d239744ea168efcd109"           },           {             "url": "http://172.20.15.103:9292",             "interface": "internal",             "region": "RegionOne",             "id": "944adaa070f44f21aa8a73fab15f07bb"           },           {             "url": "http://127.0.0.1:9292",             "interface": "public",             "region": "RegionOne",             "id": "cd945f6a5ee8410bbfe8d3572e23ee5d"           }         ],         "type": "image",         "id": "fe5d67da897b4359810d95e2c591fe21"       },       {         "endpoints": [           {             "url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339",             "interface": "admin",             "region": "RegionOne",             "id": "6d93d29279a6483783298eb67159b5c6"           },           {             "url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339",             "interface": "internal",             "region": "RegionOne",             "id": "9416222ad31a411294718b8fe4988daf"           },           {             "url": "http://127.0.0.1:8776/v1/6e99b7d923bc437381fd1b2b4d890339",             "interface": "public",             "region": "RegionOne",             "id": "4d924ad3cb1a442a929536f90a1612b6"           }         ],         "type": "volume",         "id": "55ef917e57a540e9b0353f02dec22512"       },       {         "endpoints": [           {             "url": "http://172.20.15.103:9696",             "interface": "admin",             "region": "RegionOne",             "id": "5fe8a0a8f6624e2cae2e2a8556919c2f"           },           {             "url": "http://172.20.15.103:9696",             "interface": "internal",             "region": "RegionOne",             "id": "0b9f9b8ce304460689e373c1e2a08c27"           },           {             "url": "http://127.0.0.1:9696",             "interface": "public",             "region": "RegionOne",             "id": "bcb231d9baab4345b9efed6374fc2a43"           }         ],         "type": "network",         "id": "b8aaed7927834fd381f6621e678409c1"       },       {         "endpoints": [           {             "url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339",             "interface": "admin",             "region": "RegionOne",             "id": "55489ebf6793489289556a590f0c464f"           },           {             "url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339",             "interface": "internal",             "region": "RegionOne",             "id": "a9da7a6cf58e45be889ac6b88d071ae4"           },           {             "url": "http://127.0.0.1:8774/v2/6e99b7d923bc437381fd1b2b4d890339",             "interface": "public",             "region": "RegionOne",             "id": "249a8f15a5034cfd956ed0136d62404b"           }         ],         "type": "compute",         "id": "ef0ff2f7395f4523b3dd2197f3e243cf"       },       {         "endpoints": [           {             "url": "http://172.20.15.103:8777",             "interface": "admin",             "region": "RegionOne",             "id": "95c930d0d593422092380bea899996b2"           },           {             "url": "http://172.20.15.103:8777",             "interface": "internal",             "region": "RegionOne",             "id": "2ca7e0515143455eb385b8feb5de9d2d"           },           {             "url": "http://127.0.0.1:8777",             "interface": "public",             "region": "RegionOne",             "id": "5b86fbfe14914ba9ba3a4ab600717ef7"           }         ],         "type": "metering",         "id": "a028437e8c364bb78501bfb46619bd86"       }     ],     "extras": {},     "user": {       "id": "admin",       "name": "admin"     },     "issued_at": "2014-07-22T09:15:05.367875Z"   } }
2014-07-25 04:16:37 Morgan Fainberg bug task added keystonemiddleware
2014-07-25 04:17:23 Morgan Fainberg keystone: status New Invalid
2014-07-30 22:37:36 Dolph Mathews bug task deleted keystone
2014-07-30 22:38:20 Dolph Mathews keystonemiddleware: importance Undecided Wishlist
2014-07-30 22:38:23 Dolph Mathews keystonemiddleware: status New Triaged
2014-07-30 22:38:40 Dolph Mathews bug added subscriber Marek Denis
2014-07-30 22:38:47 Dolph Mathews bug added subscriber Steve Martinelli
2014-09-14 22:16:54 Steve Martinelli keystonemiddleware: importance Wishlist Medium
2014-09-16 02:32:31 Steve Martinelli bug task added python-keystoneclient
2014-09-16 02:32:42 Steve Martinelli python-keystoneclient: importance Undecided Medium
2014-09-16 02:37:18 OpenStack Infra python-keystoneclient: status New In Progress
2014-09-16 02:37:18 OpenStack Infra python-keystoneclient: assignee Steve Martinelli (stevemar)
2014-09-16 02:38:04 Steve Martinelli keystonemiddleware: status Triaged Invalid
2014-09-16 09:13:08 OpenStack Infra python-keystoneclient: assignee Steve Martinelli (stevemar) Marek Denis (marek-denis)
2014-09-17 00:54:50 OpenStack Infra python-keystoneclient: assignee Marek Denis (marek-denis) Steve Martinelli (stevemar)
2014-09-18 03:08:48 OpenStack Infra python-keystoneclient: status In Progress Fix Committed
2014-09-18 16:12:25 David Stanek python-keystoneclient: milestone 0.11.0
2014-09-19 06:22:03 Steve Martinelli bug task deleted keystonemiddleware
2014-09-21 18:54:30 Dolph Mathews python-keystoneclient: status Fix Committed Fix Released