yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1527729] Re: update keystone API - x-subject-token is required for head/delete/get /auth/tokens

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1527729@xxxxxxxxxxxxxxxxxx>
Date: Sun, 13 Mar 2016 16:07:17 -0000
Reply-to: Bug 1527729 <1527729@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/291509
Committed: https://git.openstack.org/cgit/openstack/api-site/commit/?id=b9ef15ffa52ef93e511de3cd90b36f51917faabd
Submitter: Jenkins
Branch:    master

commit b9ef15ffa52ef93e511de3cd90b36f51917faabd
Author: Steve Martinelli <stevemar@xxxxxxxxxx>
Date:   Thu Mar 10 20:45:02 2016 -0500

    state that x-subject-token is required
    
    the x-subject-token request header is required for head/delete/get
    of the /auth/tokens API
    
    Change-Id: I3a7f68c9e84d856a9c29a9e006922facb1bccdf0
    Closes-Bug: #1527729


** Changed in: openstack-api-site
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1527729

Title:
  update keystone API - x-subject-token is required for head/delete/get
  /auth/tokens

Status in OpenStack Identity (keystone):
  Invalid
Status in openstack-api-site:
  Fix Released

Bug description:
  Context : It may be a documentation "bug", but currently the
  documentation is explicit about what's optional or not...and this is
  the behaviour observed on devstack right now

  Impact : After retrieving a scoped token with keystone v3 API on devstack, a HTTP GET with v3/auth/tokens (which is supposed to validate / give info on the token) returns a 404 "Could not find token" if you don't specify a X-Subject-Token detail.
  It is marked as optional in the keystone v3 documentation...

  Concerned documentation :
  http://developer.openstack.org/api-ref-identity-v3.html#validateToken

  Step to reproduce :
  1- Get your devstack running (obviously)

  2- ask for a v3 scoped token
  curl -i http://<YOURDEVSTACKIP>:5000/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d '{"auth" : {"identity" : {"methods" : ["password"], "password" : { "user" : { "name" : "admin","domain": {"name": "Default"},"password" : "password" } } }, "scope": {"project": {"name": "admin","domain": {"name": "Default"} } } } }'

  3- note down the token received on the answer's HTTP response in the X-Subject-Token field :
  X-Subject-Token: 41fd4e3ab0d14d37bbcc89730871bffd

  4- use that same token inside your HTTP GET header to retrieve info / validation on it :
  curl -i http://<YOURDEVSTACKIP>:5000/v3/auth/tokens -X GET -H "X-Auth-Token: 41fd4e3ab0d14d37bbcc89730871bffd" -H "Accept: application/json"

  Sad Panda

  5- now add the "X-Subject-Token" field with the same token :
  curl -i http://10.211.55.3:5000/v3/auth/tokens -X GET -H "X-Auth-Token: 41fd4e3ab0d14d37bbcc89730871bffd" -H "X-Subject-Token: 41fd4e3ab0d14d37bbcc89730871bffd" -H "Accept: application/json"

  6- Profit - happy panda

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1527729/+subscriptions