yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1190708] Re: Requests fail when no admin_token_auth middleware

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 17 Jul 2013 12:05:33 -0000
Reply-to: Bug 1190708 <1190708@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => havana-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1190708

Title:
  Requests fail when no admin_token_auth middleware

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  When the admin_token_auth middleware is removed from the paste
  pipeline, the server responds to requests with a 500 Internal Server
  Error rather than the correct data.

  Operations should work even without the admin_token_auth middleware

  To recreate:

  1) Start with devstack.

  2) Reconfigure Keystone to remove admin_token_auth from the paste
  pipeline.

  [pipeline:public_api]
  #pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension user_crud_extension public_service
  pipeline = access_log sizelimit url_normalize token_auth xml_body json_body ec2_extension user_crud_extension public_service

  [pipeline:admin_api]
  #pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service
  pipeline = access_log sizelimit url_normalize token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service

  [pipeline:api_v3]
  #pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension service_v3
  pipeline = access_log sizelimit url_normalize token_auth xml_body json_body ec2_extension s3_extension service_v3

  3) Do a request using v2 admin api.

  $ keystone user-list
  An unexpected error prevented the server from fulfilling your request. 'is_admin' (HTTP 500)

  I think the problem is that the server is assuming that is_admin will
  be in the context, but it's only there if the request has gone through
  the admin_token_auth middleware. If this is the case then the server
  could be changed so that is_admin in the context is optional.

  Another option is to provide an alternative bit of middleware that
  sets the is_admin flag to False.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1190708/+subscriptions