python-keystoneclient

  1. Bug #1346820
  2. Comment #0

Comment 0 for bug 1346820

Revision history for this message
Mahesh Sawaiker (mahesh-sawaiker) wrote :

Do the following steps
1) Set up keystone for federation.
2) Generated a unscoped federated token
3) Generate a scoped token using token in step 2
4) Set up nova/glance for using keystone v3 API.
5) Try an image list command using following request

Request

GET http://sp.machine:9292/v2/images
Headers:
    Content-Type: application/json
    Accept: application/json
    X-Auth-Token: e92a49262a8d403db838d6494e4f9991

6) This will break the auth_token(middleware\auth_token.py) middleware with key error at the following place

            user = token['user']
            user_domain_id = user['domain']['id']
            user_domain_name = user['domain']['name']
in the function _build_user_headers.

This is because the token does not contain any domain id or name under the user info, since federated tokens have no information about the user

Following is the token information, not that there is no domain under users

{
  "token": {
    "methods": [
      "saml2"
    ],
    "roles": [
      {
        "id": "aad3b40ebb3b442f8fe85e88b21f3b4c",
        "name": "admin"
      }
    ],
    "expires_at": "2014-07-22T10:15:05.367852Z",
    "project": {
      "domain": {
        "id": "default",
        "name": "Default"
      },
      "id": "6e99b7d923bc437381fd1b2b4d890339",
      "name": "admin"
    },
    "catalog": [
      {
        "endpoints": [
          {
            "url": "https://127.0.0.1/keystone/main/v3",
            "interface": "internal",
            "region": "regionOne",
            "id": "f5dad391109542cba959d2e27c5fe3a2"
          },
          {
            "url": "https://172.20.15.103:8443/keystone/main/v3",
            "interface": "public",
            "region": "regionOne",
            "id": "4f76970e4ab5497d9149d56d455499ac"
          },
          {
            "url": "https://172.20.15.103:8443/keystone/admin/v3",
            "interface": "admin",
            "region": "regionOne",
            "id": "b85e76ca32f640c4a4d84068c71d3bf2"
          },
          {
            "url": "https://172.20.15.103:8443/keystone/admin/v2.0",
            "interface": "admin",
            "region": "regionOne",
            "id": "1ae909491d754aeb8c8b8a5c5fa6ad47"
          },
          {
            "url": "https://127.0.0.1/keystone/main/v2.0",
            "interface": "internal",
            "region": "regionOne",
            "id": "daf4ce3876d04285a106d86e0fea9bd1"
          },
          {
            "url": "https://172.20.15.103:8443/keystone/main/v2.0",
            "interface": "public",
            "region": "regionOne",
            "id": "f763c80100954bc4805cf51b3dddb84b"
          }
        ],
        "type": "identity",
        "id": "0f79e21861a94fcd84b72cae3ebd79e5"
      },
      {
        "endpoints": [
          {
            "url": "http://172.20.15.103:9292",
            "interface": "admin",
            "region": "RegionOne",
            "id": "16ffa8cebadd4d239744ea168efcd109"
          },
          {
            "url": "http://172.20.15.103:9292",
            "interface": "internal",
            "region": "RegionOne",
            "id": "944adaa070f44f21aa8a73fab15f07bb"
          },
          {
            "url": "http://127.0.0.1:9292",
            "interface": "public",
            "region": "RegionOne",
            "id": "cd945f6a5ee8410bbfe8d3572e23ee5d"
          }
        ],
        "type": "image",
        "id": "fe5d67da897b4359810d95e2c591fe21"
      },
      {
        "endpoints": [
          {
            "url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339",
            "interface": "admin",
            "region": "RegionOne",
            "id": "6d93d29279a6483783298eb67159b5c6"
          },
          {
            "url": "http://172.20.15.103:8776/v1/6e99b7d923bc437381fd1b2b4d890339",
            "interface": "internal",
            "region": "RegionOne",
            "id": "9416222ad31a411294718b8fe4988daf"
          },
          {
            "url": "http://127.0.0.1:8776/v1/6e99b7d923bc437381fd1b2b4d890339",
            "interface": "public",
            "region": "RegionOne",
            "id": "4d924ad3cb1a442a929536f90a1612b6"
          }
        ],
        "type": "volume",
        "id": "55ef917e57a540e9b0353f02dec22512"
      },
      {
        "endpoints": [
          {
            "url": "http://172.20.15.103:9696",
            "interface": "admin",
            "region": "RegionOne",
            "id": "5fe8a0a8f6624e2cae2e2a8556919c2f"
          },
          {
            "url": "http://172.20.15.103:9696",
            "interface": "internal",
            "region": "RegionOne",
            "id": "0b9f9b8ce304460689e373c1e2a08c27"
          },
          {
            "url": "http://127.0.0.1:9696",
            "interface": "public",
            "region": "RegionOne",
            "id": "bcb231d9baab4345b9efed6374fc2a43"
          }
        ],
        "type": "network",
        "id": "b8aaed7927834fd381f6621e678409c1"
      },
      {
        "endpoints": [
          {
            "url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339",
            "interface": "admin",
            "region": "RegionOne",
            "id": "55489ebf6793489289556a590f0c464f"
          },
          {
            "url": "http://172.20.15.103:8774/v2/6e99b7d923bc437381fd1b2b4d890339",
            "interface": "internal",
            "region": "RegionOne",
            "id": "a9da7a6cf58e45be889ac6b88d071ae4"
          },
          {
            "url": "http://127.0.0.1:8774/v2/6e99b7d923bc437381fd1b2b4d890339",
            "interface": "public",
            "region": "RegionOne",
            "id": "249a8f15a5034cfd956ed0136d62404b"
          }
        ],
        "type": "compute",
        "id": "ef0ff2f7395f4523b3dd2197f3e243cf"
      },
      {
        "endpoints": [
          {
            "url": "http://172.20.15.103:8777",
            "interface": "admin",
            "region": "RegionOne",
            "id": "95c930d0d593422092380bea899996b2"
          },
          {
            "url": "http://172.20.15.103:8777",
            "interface": "internal",
            "region": "RegionOne",
            "id": "2ca7e0515143455eb385b8feb5de9d2d"
          },
          {
            "url": "http://127.0.0.1:8777",
            "interface": "public",
            "region": "RegionOne",
            "id": "5b86fbfe14914ba9ba3a4ab600717ef7"
          }
        ],
        "type": "metering",
        "id": "a028437e8c364bb78501bfb46619bd86"
      }
    ],
    "extras": {},
    "user": {
      "id": "admin",
      "name": "admin"
    },
    "issued_at": "2014-07-22T09:15:05.367875Z"
  }
}