← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #08218

[Bug 1268977] [NEW] v3 credentials project is not optional for type=ec2

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The project is documented as being optional when creating credentials
via the v3/credentials API, but not providing a project when creating
ec2 credentials, then validating a signed request signed with those
credentials via ec2tokens fails:

2014-01-14 13:53:19.390 10908 ERROR keystone.common.wsgi [-] object of type 'NoneType' has no len()
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/common/wsgi.py", line 213, in __call__
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi     result = method(context, **params)
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/contrib/ec2/controllers.py", line 103, in authenticate
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi     tenant_ref = self.assignment_api.get_project(creds_ref['tenant_id'])

So we should probably raise an error when creating the credential, since
we can never create an appropriately scoped token in ec2tokens without
knowing the user and project associated with the credentials.

** Affects: keystone
     Importance: Undecided
     Assignee: Steven Hardy (shardy)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Steven Hardy (shardy)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1268977

Title:
  v3 credentials project is not optional for type=ec2

Status in OpenStack Identity (Keystone):
  New

Bug description:
  The project is documented as being optional when creating credentials
  via the v3/credentials API, but not providing a project when creating
  ec2 credentials, then validating a signed request signed with those
  credentials via ec2tokens fails:

  2014-01-14 13:53:19.390 10908 ERROR keystone.common.wsgi [-] object of type 'NoneType' has no len()
  2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi Traceback (most recent call last):
  2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/common/wsgi.py", line 213, in __call__
  2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi     result = method(context, **params)
  2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/contrib/ec2/controllers.py", line 103, in authenticate
  2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi     tenant_ref = self.assignment_api.get_project(creds_ref['tenant_id'])

  So we should probably raise an error when creating the credential,
  since we can never create an appropriately scoped token in ec2tokens
  without knowing the user and project associated with the credentials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1268977/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next