← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1245590] Re: List Trusts generates HTTP Error 500

 

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => icehouse-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1245590

Title:
  List Trusts generates HTTP Error 500

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  We are getting an HTTP 500 error when we try to list all trusts. We can list individual trusts, but not the generic list.
   
    
  GET REST Request:
   
  curl -v -X GET http://10.1.8.20:35357/v3/OS-TRUST/trusts -H "X-Auth-Token: ed241ae1e986319086f3"
   
   ------------------------ 

  REST Response:
   
  {
      "error": {
          "message": "An unexpected error prevented the server from fulfilling your request. 'id'",
          "code": 500,
          "title": "Internal Server Error"
      }
  }
   
  ------------------------- 
   
  /var/log/keystone/keystone.log file entry:

  Traceback (most recent call last):
    File "/usr/local/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
      result = method(context, **params)
    File "/usr/local/lib/python2.7/dist-packages/keystone/common/controller.py", line 158, in inner
      return f(self, context, *args, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 213, in list_trusts
      self._fill_in_roles(context, trust, global_roles)
    File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 109, in _fill_in_roles
      if x['id'] == trust_role['id']]
  KeyError: 'id'
  2013-10-28 09:49:04     INFO [access] 15.253.57.88 - - [28/Oct/2013:16:49:04 +0000] "GET http://havanatest:35357/v3/OS-TRUST/trusts HTTP/1.0" 500 148

  ------------------------------

  /var/log/keystone/keystone.log file entry with "ERROR" debug
  statements added:

  2013-10-28 09:49:04    ERROR [keystone.trust.controllers] QQQQQQQQQQQQQQQQQQ trust_role = {u'name': u'disney_user'}
  2013-10-28 09:49:04    ERROR [keystone.trust.controllers] QQQQQQQQQQQQQQQQQQ trust_role = {u'name': u'disney_user'}
  2013-10-28 09:49:04    ERROR [keystone.common.wsgi] 'id'
  Traceback (most recent call last):
    File "/usr/local/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
      result = method(context, **params)
    File "/usr/local/lib/python2.7/dist-packages/keystone/common/controller.py", line 158, in inner
      return f(self, context, *args, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 213, in list_trusts
      self._fill_in_roles(context, trust, global_roles)
    File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 110, in _fill_in_roles
      if x['id'] == trust_role['id']]
  KeyError: 'id'
  2013-10-28 09:49:04     INFO [access] 15.253.57.88 - - [28/Oct/2013:16:49:04 +0000] "GET http://havanatest:35357/v3/OS-TRUST/trusts HTTP/1.0" 500 148

  --------------

  Method causing the error with inserted LOG statements:

      def _fill_in_roles(self, context, trust, global_roles):
          if trust.get('expires_at') is not None:
              trust['expires_at'] = (timeutils.isotime
                                     (trust['expires_at'],
                                      subsecond=True))

          if 'roles' not in trust:
              trust['roles'] = []
          trust_full_roles = []
          for trust_role in trust['roles']:
              LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )
               if isinstance(trust_role, basestring):
                  trust_role = {'id': trust_role}
              LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )

              matching_roles = [x for x in global_roles
                                if x['id'] == trust_role['id']]
              if matching_roles:
                  full_role = identity.controllers.RoleV3.wrap_member(
                      context, matching_roles[0])['role']
                  trust_full_roles.append(full_role)
          trust['roles'] = trust_full_roles
          trust['roles_links'] = {
              'self': (self.base_url() + "/%s/roles" % trust['id']),
              'next': None,
              'previous': None}

  -----------------------------

  Quick change I made to get around the problem:

         def _fill_in_roles(self, context, trust, global_roles):
          if trust.get('expires_at') is not None:
              trust['expires_at'] = (timeutils.isotime
                                     (trust['expires_at'],
                                      subsecond=True))

          if 'roles' not in trust:
              trust['roles'] = []
          trust_full_roles = []
          for trust_role in trust['roles']:
              LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )
              if isinstance(trust_role, basestring):
                  trust_role = {'id': trust_role}

              # Inserted if statement below to fix HTTP 500 error
              if not 'id' in trust_role:
                  trust_role = {'id': trust_role}
              LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )

              matching_roles = [x for x in global_roles
                                if x['id'] == trust_role['id']]
              if matching_roles:
                  full_role = identity.controllers.RoleV3.wrap_member(
                      context, matching_roles[0])['role']
                  trust_full_roles.append(full_role)
          trust['roles'] = trust_full_roles
          trust['roles_links'] = {
              'self': (self.base_url() + "/%s/roles" % trust['id']),
              'next': None,
              'previous': None}

  
  ----------------------------

  Summary:

  In the code above, the trust_role is not a basestring so the "trust_role = {'id':trust_role}" assignment is not occurring, but the
  trust_role Dictionary (trust_role = {u'name': u'disney_user'})  does not have an 'id' key in it so the line " if x['id'] == trust_role['id']]"
  throws an exception. I added the following conditional check and it seems to work now:

              if not 'id' in trust_role:
                  trust_role = {'id': trust_role}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1245590/+subscriptions