yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #36698
[Bug 1483254] [NEW] Swift fails to authenticate user by token
Public bug reported:
Ther'a 2 issues with authentication.
1. Consider the following code.
"""
client = swift_api_client.Connection(
user=keystone.user.username,
preauthurl=url,
preauthtoken=keystone.user.token.id,
tenant_name=keystone.user.tenant_name,
insecure=insecure,
cacert=cacert)
"""
Since ther's no ``auth_version`` specified, 1 used by default.
In this case swiftclient will try to use ``get_auth_1_0``:
"""
storage_url, token = get_auth_1_0(auth_url,
user,
key,
kwargs.get('snet'),
insecure=insecure)
"""
As you can see, no keystone token passed to that function, therefore authentication fails.
Furthermore, swiftclient will fail miserably with exception:
"""
Traceback (most recent call last):
File "./test_keystone.py", line 22, in <module>
t.run('blah', user_id=483)
File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 75, in run
return self.test(swift_client)
File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 45, in test
swift_client.get_capabilities()
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities
url, _ = self.get_auth()
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth
insecure=self.insecure)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth
insecure=insecure)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0
parsed, conn = http_connection(url, insecure=insecure)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection
conn = HTTPConnection(*arg, **kwarg)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__
self.parsed_url = urlparse(url)
File "/usr/lib/python2.7/urlparse.py", line 143, in urlparse
tuple = urlsplit(url, scheme, allow_fragments)
File "/usr/lib/python2.7/urlparse.py", line 182, in urlsplit
i = url.find(':')
AttributeError: 'NoneType' object has no attribute 'find'
"""
2. If you specify auth_version = 2, the following code will be executed.
"""
elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3:
# We are allowing to specify a token/storage-url to re-use
# without having to re-authenticate.
if (os_options.get('object_storage_url') and
os_options.get('auth_token')):
return (os_options.get('object_storage_url'),
os_options.get('auth_token'))
"""
It checks if there are ``object_storage_url`` and ``auth_token`` argumens were provided.
Of course they were absent, since initial values were: os_options or {}
So in order to get it working, you have to specify those options manually:
"""
client.os_options = {
'object_storage_url': url,
'auth_token': keystone.user.token.id,
}
"""
Conclusion. The only way to use swift client with existing tokens is the following:
"""
def get_swift_client(self, keystone):
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
url = keystone.url_for('object-store')
client = swift_api_client.Connection(
user=keystone.user.username,
preauthurl=url,
preauthtoken=keystone.user.token.id,
tenant_name=keystone.user.tenant_name,
insecure=insecure,
cacert=cacert,
auth_version=2)
client.os_options = {
'object_storage_url': url,
'auth_token': keystone.user.token.id,
}
return client
"""
I think you should fix version handling or reflect the way it works in
documentation.
** Affects: python-swiftclient
Importance: Undecided
Status: New
** Project changed: nova => python-swiftclient
** Description changed:
Ther'a 2 issues with authentication.
1. Consider the following code.
"""
- client = swift_api_client.Connection(
- user=keystone.user.username,
- preauthurl=url,
- preauthtoken=keystone.user.token.id,
- tenant_name=keystone.user.tenant_name,
- insecure=insecure,
- cacert=cacert)
+ client = swift_api_client.Connection(
+ user=keystone.user.username,
+ preauthurl=url,
+ preauthtoken=keystone.user.token.id,
+ tenant_name=keystone.user.tenant_name,
+ insecure=insecure,
+ cacert=cacert)
"""
Since ther's no ``auth_version`` specified, 1 used by default.
In this case swiftclient will try to use ``get_auth_1_0``:
"""
- storage_url, token = get_auth_1_0(auth_url,
- user,
- key,
- kwargs.get('snet'),
- insecure=insecure)
+ storage_url, token = get_auth_1_0(auth_url,
+ user,
+ key,
+ kwargs.get('snet'),
+ insecure=insecure)
"""
As you can see, no keystone token passed to that function, therefore authentication fails.
Furthermore, swiftclient will fail miserably with exception:
"""
Traceback (most recent call last):
File "./test_keystone.py", line 22, in <module>
t.run('blah', user_id=483)
- File "/home/xentime/src/xentime_dev/stack/swift_task.py", line 75, in run
+ File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 75, in run
return self.test(swift_client)
- File "/home/xentime/src/xentime_dev/stack/swift_task.py", line 45, in test
+ File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 45, in test
swift_client.get_capabilities()
- File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities
+ File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities
url, _ = self.get_auth()
- File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth
+ File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth
insecure=self.insecure)
- File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth
+ File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth
insecure=insecure)
- File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0
+ File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0
parsed, conn = http_connection(url, insecure=insecure)
- File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection
+ File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection
conn = HTTPConnection(*arg, **kwarg)
- File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__
+ File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__
self.parsed_url = urlparse(url)
File "/usr/lib/python2.7/urlparse.py", line 143, in urlparse
tuple = urlsplit(url, scheme, allow_fragments)
File "/usr/lib/python2.7/urlparse.py", line 182, in urlsplit
i = url.find(':')
AttributeError: 'NoneType' object has no attribute 'find'
+
"""
2. If you specify auth_version = 2, the following code will be executed.
"""
- elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3:
- # We are allowing to specify a token/storage-url to re-use
- # without having to re-authenticate.
- if (os_options.get('object_storage_url') and
- os_options.get('auth_token')):
- return (os_options.get('object_storage_url'),
- os_options.get('auth_token'))
+ elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3:
+ # We are allowing to specify a token/storage-url to re-use
+ # without having to re-authenticate.
+ if (os_options.get('object_storage_url') and
+ os_options.get('auth_token')):
+ return (os_options.get('object_storage_url'),
+ os_options.get('auth_token'))
"""
It checks if there are ``object_storage_url`` and ``auth_token`` argumens were provided.
Of course they were absent, since initial values were: os_options or {}
So in order to get it working, you have to specify those options manually:
"""
- client.os_options = {
- 'object_storage_url': url,
- 'auth_token': keystone.user.token.id,
- }
+ client.os_options = {
+ 'object_storage_url': url,
+ 'auth_token': keystone.user.token.id,
+ }
"""
Conclusion. The only way to use swift client with existing tokens is the following:
"""
- def get_swift_client(self, keystone):
- insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
- cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
- url = keystone.url_for('object-store')
+ def get_swift_client(self, keystone):
+ insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
+ cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
+ url = keystone.url_for('object-store')
- client = swift_api_client.Connection(
- user=keystone.user.username,
- preauthurl=url,
- preauthtoken=keystone.user.token.id,
- tenant_name=keystone.user.tenant_name,
- insecure=insecure,
- cacert=cacert,
- auth_version=2)
+ client = swift_api_client.Connection(
+ user=keystone.user.username,
+ preauthurl=url,
+ preauthtoken=keystone.user.token.id,
+ tenant_name=keystone.user.tenant_name,
+ insecure=insecure,
+ cacert=cacert,
+ auth_version=2)
- client.os_options = {
- 'object_storage_url': url,
- 'auth_token': keystone.user.token.id,
- }
- return client
+ client.os_options = {
+ 'object_storage_url': url,
+ 'auth_token': keystone.user.token.id,
+ }
+ return client
"""
-
- I think you should fix version handling or reflect the way it works in documentation.
+ I think you should fix version handling or reflect the way it works in
+ documentation.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1483254
Title:
Swift fails to authenticate user by token
Status in python-swiftclient:
New
Bug description:
Ther'a 2 issues with authentication.
1. Consider the following code.
"""
client = swift_api_client.Connection(
user=keystone.user.username,
preauthurl=url,
preauthtoken=keystone.user.token.id,
tenant_name=keystone.user.tenant_name,
insecure=insecure,
cacert=cacert)
"""
Since ther's no ``auth_version`` specified, 1 used by default.
In this case swiftclient will try to use ``get_auth_1_0``:
"""
storage_url, token = get_auth_1_0(auth_url,
user,
key,
kwargs.get('snet'),
insecure=insecure)
"""
As you can see, no keystone token passed to that function, therefore authentication fails.
Furthermore, swiftclient will fail miserably with exception:
"""
Traceback (most recent call last):
File "./test_keystone.py", line 22, in <module>
t.run('blah', user_id=483)
File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 75, in run
return self.test(swift_client)
File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 45, in test
swift_client.get_capabilities()
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities
url, _ = self.get_auth()
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth
insecure=self.insecure)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth
insecure=insecure)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0
parsed, conn = http_connection(url, insecure=insecure)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection
conn = HTTPConnection(*arg, **kwarg)
File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__
self.parsed_url = urlparse(url)
File "/usr/lib/python2.7/urlparse.py", line 143, in urlparse
tuple = urlsplit(url, scheme, allow_fragments)
File "/usr/lib/python2.7/urlparse.py", line 182, in urlsplit
i = url.find(':')
AttributeError: 'NoneType' object has no attribute 'find'
"""
2. If you specify auth_version = 2, the following code will be executed.
"""
elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3:
# We are allowing to specify a token/storage-url to re-use
# without having to re-authenticate.
if (os_options.get('object_storage_url') and
os_options.get('auth_token')):
return (os_options.get('object_storage_url'),
os_options.get('auth_token'))
"""
It checks if there are ``object_storage_url`` and ``auth_token`` argumens were provided.
Of course they were absent, since initial values were: os_options or {}
So in order to get it working, you have to specify those options manually:
"""
client.os_options = {
'object_storage_url': url,
'auth_token': keystone.user.token.id,
}
"""
Conclusion. The only way to use swift client with existing tokens is the following:
"""
def get_swift_client(self, keystone):
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
url = keystone.url_for('object-store')
client = swift_api_client.Connection(
user=keystone.user.username,
preauthurl=url,
preauthtoken=keystone.user.token.id,
tenant_name=keystone.user.tenant_name,
insecure=insecure,
cacert=cacert,
auth_version=2)
client.os_options = {
'object_storage_url': url,
'auth_token': keystone.user.token.id,
}
return client
"""
I think you should fix version handling or reflect the way it works in
documentation.
To manage notifications about this bug go to:
https://bugs.launchpad.net/python-swiftclient/+bug/1483254/+subscriptions
