← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #12999

[Bug 1301622] [NEW] Authentication fails with invalid error message

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Project_id is not a required attribute while creating Trust, as per
documented at https://github.com/openstack/identity-api/blob/master
/openstack-identity-api/v3/src/markdown/identity-api-v3-os-trust-ext.md
#openstack-identity-api-v3-os-trust-extension

Trust was created successfully without specifying project_id.
Authentication with this kind of trust results in an error:

Failed to authenticate user "user_1" for trust "988b0fd89b0c4cc6bf4869d3ceec05af"
{u'error': {u'message': u'Expecting to find id or name in project. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.', u'code': 400, u'title': u'Bad Request'}}

This message is misleading as the trust was created without project_id
which is a valid behavior.

This error message is generated from conditional check at:
https://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L200

            if 'project_id' in trust_ref:

This check succeeds even if project_id in trust_ref is None.

There should be additional check to see if project_id is None with the
following check:

            if trust_ref['project_id'] != None:

(back port these changes to Havana)

** Affects: keystone
     Importance: Undecided
     Assignee: Priti Desai (priti-desai)
         Status: New


** Tags: keystone

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1301622

Title:
  Authentication fails with invalid error message

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Project_id is not a required attribute while creating Trust, as per
  documented at https://github.com/openstack/identity-api/blob/master
  /openstack-identity-api/v3/src/markdown/identity-api-v3-os-trust-
  ext.md#openstack-identity-api-v3-os-trust-extension

  Trust was created successfully without specifying project_id.
  Authentication with this kind of trust results in an error:

  Failed to authenticate user "user_1" for trust "988b0fd89b0c4cc6bf4869d3ceec05af"
  {u'error': {u'message': u'Expecting to find id or name in project. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.', u'code': 400, u'title': u'Bad Request'}}

  This message is misleading as the trust was created without project_id
  which is a valid behavior.

  This error message is generated from conditional check at:
  https://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L200

              if 'project_id' in trust_ref:

  This check succeeds even if project_id in trust_ref is None.

  There should be additional check to see if project_id is None with the
  following check:

              if trust_ref['project_id'] != None:

  (back port these changes to Havana)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1301622/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next