openstack team mailing list archive

Thread
Date

Re: Possible keystone/common/controller.py Token Bug

To: "Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@xxxxxx>
From: Dolph Mathews <dolph.mathews@xxxxxxxxx>
Date: Fri, 1 Mar 2013 18:46:12 -0600
Cc: "openstack@xxxxxxxxxxxxxxxxxxx \(openstack@xxxxxxxxxxxxxxxxxxx\)" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <D6182642CE6D2D4FBFCDF99946E249883B2A95A1@G9W0343.americas.hpqcorp.net>

Looks like a valid bug to me -- this code just merged a week ago.

How did you create the token? I'm guessing it was generated by v2 and
utilized here on v3?


-Dolph


On Fri, Mar 1, 2013 at 5:03 PM, Miller, Mark M (EB SW Cloud - R&D -
Corvallis) <mark.m.miller@xxxxxx> wrote:

>  Hello,****
>
> ** **
>
> In trying to understand the Keystone Grizzly-3 release, I decided to add a
> service via a REST API call using an admin user’s token instead of the
> admin token found in keystone.conf. When I do I get error:****
>
> ** **
>
> ** **
>
> Traceback (most recent call last):****
>
>   File
> "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/wsgi.py",
> line 231, in __call__****
>
>     result = method(context, **params)****
>
>   File
> "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/controller.py",
> line 66, in wrapper****
>
>     context, kwargs)****
>
>   File
> "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/controller.py",
> line 32, in _build_policy_check_credentials****
>
>     token_data = token_ref['token_data']****
>
> KeyError: 'token_data'****
>
> (access): 2013-03-01 13:53:26,754 INFO 15.253.58.148 - -
> [01/Mar/2013:21:53:26 +0000] "POST http://15.253.58.165:35357/v3/servicesHTTP/1.0"; 500 156
> ****
>
> (eventlet.wsgi.server): 2013-03-01 13:53:26,755 DEBUG 15.253.58.148 - -
> [01/Mar/2013 13:53:26] "POST /v3/services HTTP/1.1" 500 328 0.020434****
>
> ** **
>
> ** **
>
> When I change line 32 in the file from “token_data =
> token_ref['token_data']” to “token_data = token_ref”, the code appears to
> work.****
>
> ** **
>
> ** **
>
> def _build_policy_check_credentials(self, action, context, kwargs):****
>
> ** **
>
>     LOG.debug(_('RBAC: Authorizing %s(%s)') % (****
>
>         action,****
>
>         ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])))****
>
> ** **
>
>     try:****
>
>         token_ref = self.token_api.get_token(****
>
>             context=context, token_id=context['token_id'])****
>
>     except exception.TokenNotFound:****
>
>         LOG.warning(_('RBAC: Invalid token'))****
>
>         raise exception.Unauthorized()****
>
> ** **
>
>     creds = {}****
>
> ** **
>
> #   token_data = token_ref['token_data']****
>
>     token_data = token_ref****
>
> ** **
>
> ** **
>
> So my question is do I need to have “token_data” in the token table
> somehow or is this a code bug?****
>
> ** **
>
> Regards,****
>
>
> Mark Miller****
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: Possible keystone/common/controller.py Token Bug
From: Miller, Mark M (EB SW Cloud - R&D - Corvallis), 2013-03-02

References

Possible keystone/common/controller.py Token Bug
From: Miller, Mark M (EB SW Cloud - R&D - Corvallis), 2013-03-01