← Back to team overview

openstack team mailing list archive

Possible keystone/common/controller.py Token Bug

 

Hello,

In trying to understand the Keystone Grizzly-3 release, I decided to add a service via a REST API call using an admin user's token instead of the admin token found in keystone.conf. When I do I get error:


Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/wsgi.py", line 231, in __call__
    result = method(context, **params)
  File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/controller.py", line 66, in wrapper
    context, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/controller.py", line 32, in _build_policy_check_credentials
    token_data = token_ref['token_data']
KeyError: 'token_data'
(access): 2013-03-01 13:53:26,754 INFO 15.253.58.148 - - [01/Mar/2013:21:53:26 +0000] "POST http://15.253.58.165:35357/v3/services HTTP/1.0" 500 156
(eventlet.wsgi.server): 2013-03-01 13:53:26,755 DEBUG 15.253.58.148 - - [01/Mar/2013 13:53:26] "POST /v3/services HTTP/1.1" 500 328 0.020434


When I change line 32 in the file from "token_data = token_ref['token_data']" to "token_data = token_ref", the code appears to work.


def _build_policy_check_credentials(self, action, context, kwargs):

    LOG.debug(_('RBAC: Authorizing %s(%s)') % (
        action,
        ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])))

    try:
        token_ref = self.token_api.get_token(
            context=context, token_id=context['token_id'])
    except exception.TokenNotFound:
        LOG.warning(_('RBAC: Invalid token'))
        raise exception.Unauthorized()

    creds = {}

#   token_data = token_ref['token_data']
    token_data = token_ref


So my question is do I need to have "token_data" in the token table somehow or is this a code bug?

Regards,

Mark Miller

Follow ups