yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #09786
[Bug 1245590] Re: List Trusts generates HTTP Error 500
** Changed in: keystone/havana
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1245590
Title:
List Trusts generates HTTP Error 500
Status in OpenStack Identity (Keystone):
Fix Released
Status in Keystone havana series:
Fix Released
Bug description:
We are getting an HTTP 500 error when we try to list all trusts. We can list individual trusts, but not the generic list.
GET REST Request:
curl -v -X GET http://10.1.8.20:35357/v3/OS-TRUST/trusts -H "X-Auth-Token: ed241ae1e986319086f3"
------------------------
REST Response:
{
"error": {
"message": "An unexpected error prevented the server from fulfilling your request. 'id'",
"code": 500,
"title": "Internal Server Error"
}
}
-------------------------
/var/log/keystone/keystone.log file entry:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
result = method(context, **params)
File "/usr/local/lib/python2.7/dist-packages/keystone/common/controller.py", line 158, in inner
return f(self, context, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 213, in list_trusts
self._fill_in_roles(context, trust, global_roles)
File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 109, in _fill_in_roles
if x['id'] == trust_role['id']]
KeyError: 'id'
2013-10-28 09:49:04 INFO [access] 15.253.57.88 - - [28/Oct/2013:16:49:04 +0000] "GET http://havanatest:35357/v3/OS-TRUST/trusts HTTP/1.0" 500 148
------------------------------
/var/log/keystone/keystone.log file entry with "ERROR" debug
statements added:
2013-10-28 09:49:04 ERROR [keystone.trust.controllers] QQQQQQQQQQQQQQQQQQ trust_role = {u'name': u'disney_user'}
2013-10-28 09:49:04 ERROR [keystone.trust.controllers] QQQQQQQQQQQQQQQQQQ trust_role = {u'name': u'disney_user'}
2013-10-28 09:49:04 ERROR [keystone.common.wsgi] 'id'
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
result = method(context, **params)
File "/usr/local/lib/python2.7/dist-packages/keystone/common/controller.py", line 158, in inner
return f(self, context, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 213, in list_trusts
self._fill_in_roles(context, trust, global_roles)
File "/usr/local/lib/python2.7/dist-packages/keystone/trust/controllers.py", line 110, in _fill_in_roles
if x['id'] == trust_role['id']]
KeyError: 'id'
2013-10-28 09:49:04 INFO [access] 15.253.57.88 - - [28/Oct/2013:16:49:04 +0000] "GET http://havanatest:35357/v3/OS-TRUST/trusts HTTP/1.0" 500 148
--------------
Method causing the error with inserted LOG statements:
def _fill_in_roles(self, context, trust, global_roles):
if trust.get('expires_at') is not None:
trust['expires_at'] = (timeutils.isotime
(trust['expires_at'],
subsecond=True))
if 'roles' not in trust:
trust['roles'] = []
trust_full_roles = []
for trust_role in trust['roles']:
LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )
if isinstance(trust_role, basestring):
trust_role = {'id': trust_role}
LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )
matching_roles = [x for x in global_roles
if x['id'] == trust_role['id']]
if matching_roles:
full_role = identity.controllers.RoleV3.wrap_member(
context, matching_roles[0])['role']
trust_full_roles.append(full_role)
trust['roles'] = trust_full_roles
trust['roles_links'] = {
'self': (self.base_url() + "/%s/roles" % trust['id']),
'next': None,
'previous': None}
-----------------------------
Quick change I made to get around the problem:
def _fill_in_roles(self, context, trust, global_roles):
if trust.get('expires_at') is not None:
trust['expires_at'] = (timeutils.isotime
(trust['expires_at'],
subsecond=True))
if 'roles' not in trust:
trust['roles'] = []
trust_full_roles = []
for trust_role in trust['roles']:
LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )
if isinstance(trust_role, basestring):
trust_role = {'id': trust_role}
# Inserted if statement below to fix HTTP 500 error
if not 'id' in trust_role:
trust_role = {'id': trust_role}
LOG.error(_("QQQQQQQQQQQQQQQQQQ trust_role = %s") % trust_role )
matching_roles = [x for x in global_roles
if x['id'] == trust_role['id']]
if matching_roles:
full_role = identity.controllers.RoleV3.wrap_member(
context, matching_roles[0])['role']
trust_full_roles.append(full_role)
trust['roles'] = trust_full_roles
trust['roles_links'] = {
'self': (self.base_url() + "/%s/roles" % trust['id']),
'next': None,
'previous': None}
----------------------------
Summary:
In the code above, the trust_role is not a basestring so the "trust_role = {'id':trust_role}" assignment is not occurring, but the
trust_role Dictionary (trust_role = {u'name': u'disney_user'}) does not have an 'id' key in it so the line " if x['id'] == trust_role['id']]"
throws an exception. I added the following conditional check and it seems to work now:
if not 'id' in trust_role:
trust_role = {'id': trust_role}
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1245590/+subscriptions
