OpenStack Object Storage (swift)

Exception raised for invalid username in conf file doesn't indicate the cause

Bug #1911811 reported by Max Pixel on 2021-01-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Object Storage (swift)	Fix Released	Undecided	Tiago Octaviano Primini

Bug Description

Traceback (most recent call last):
  File "/usr/bin/oioswift-proxy-server", line 80, in <module>
    **options)
  File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 914, in run_wsgi
    loadapp(conf_path, global_conf=global_conf)
  File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 397, in loadapp
    return ctx.create()
  File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 710, in create
    return self.object_type.invoke(self)
  File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 207, in invoke
    app = filter(app)
  File "/usr/lib/python2.7/dist-packages/oioswift/common/middleware/tempauth.py", line 88, in tempauth_filter
    return OioTempAuth(app, conf)
  File "/usr/lib/python2.7/dist-packages/oioswift/common/middleware/tempauth.py", line 32, in __init__
    super(OioTempAuth, self).__init__(app, conf)
  File "/usr/lib/python2.7/dist-packages/swift/common/middleware/tempauth.py", line 233, in __init__
    account, username = conf_key.split('_', 1)[1].split('_')
ValueError: need more than 1 value to unpack

The above exception occurs, and crashes the process, when a parsed user "name" does not conform to the pattern [^:]+:[^:]+. This can be caused by a username in the conf file tempauth section not having a '_' to delimit account and user.

Instead, it would be better for it to return an explicit error. Compare with a missing key/password, which raises:
ValueError: user_test_tester3 has no key set

See original description

Tags:

Revision history for this message

Alistair Coles (alistair-coles) wrote on 2021-01-27:

If tempauth filter is configured with something like:

user_testtester = testing .admin

then the traceback occurs.

Note that the missing character is a '_', in this case the expected pattern is user_test_tester.

The bug is that the traceback could be replaced with a more informative error message.

Changed in swift:
status:	New → Confirmed
tags:	added: low-hanging-fruit middleware

Revision history for this message

Tiago Octaviano Primini (tiago-primini) wrote on 2021-04-19:

Hi Alistar, I am new here trying to start open development in Swift, could you please give me some steps about how can I reproduce this here in my local environment?

Changed in swift:
assignee:	nobody → Tiago Octaviano Primini (tiago-primini)

Revision history for this message

Alistair Coles (alistair-coles) wrote on 2021-04-21:

@Tiago:

This unit test patch will illustrate the bug and provides the basis for a new unit test:

diff --git a/test/unit/common/middleware/test_tempauth.py b/test/unit/common/middleware/test_tempauth.py
index f985453ca..6d18a0ec0 100644
--- a/test/unit/common/middleware/test_tempauth.py
+++ b/test/unit/common/middleware/test_tempauth.py
@@ -1245,6 +1245,16 @@ class TestParseUserCreation(unittest.TestCase):
             'user_bob_bobby': '',
             'user_admin_admin': 'admin .admin .reseller_admin',
         }), FakeApp())
+ # TODO: add assertion that ValueError message is helpful i.e.
+ # "ValueError: user_test_tester3 has no key set"
+
+ def test_account_with_no_user(self):
+ # TODO: test fails with a ValueError: we do expect a ValueError but
+ # should ensure that the exception message if helpful, currently we get
+ # ValueError: not enough values to unpack (expected 2, got 1) :(
+ auth.filter_factory({
+ 'user_testtester': 'testing',
+ })(FakeApp)

class TestAccountAcls(unittest.TestCase):

You could also set up a swift-all-in-one [1], then modify the tempauth config in proxy-server.conf and restart the proxy - that should also result in the unhelpful ValueError. That will be more work but ultimately will prove useful for swift development.

Note that the bug (IMHO) is NOT that a ValueError is raised, but that the exception message is unhelpful and oes not indicate why an error was raised.

[1] swift-all-in-one https://docs.openstack.org/swift/latest/development_saio.html but for this I recommend https://github.com/NVIDIA/vagrant-swift-all-in-one

summary:	- Exception occurs when username doesn't contain colon + Exception raised for invalid username in conf file doesn't indicate the + cause
description:	updated

Revision history for this message

Tiago Octaviano Primini (tiago-primini) wrote on 2021-04-21:

This is the this to view: https://review.opendev.org/c/openstack/swift/+/787440
Thanks.

OpenStack Infra (hudson-openstack) on 2021-04-22

Changed in swift:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-04-23: Fix merged to swift (master)

Reviewed: https://review.opendev.org/c/openstack/swift/+/787440
Committed: https://opendev.org/openstack/swift/commit/717d21ccbd84794444a9f8cbcc5864ae46a2ffbb
Submitter: "Zuul (22348)"
Branch: master

commit 717d21ccbd84794444a9f8cbcc5864ae46a2ffbb
Author: Tiago Primini <email address hidden>
Date: Wed Apr 21 17:39:53 2021 -0300

fix not clear cause for invalid username

- add a message saying the reason for the value error exception
- add a unit test to validate the expected message

Change-Id: I1d6cc0faa3a43852c46089e509d48cc3ee9f9cf8
Closes-Bug: #1911811

Changed in swift:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-07-27: Fix included in openstack/swift 2.28.0

This issue was fixed in the openstack/swift 2.28.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.