← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #51863

[Bug 1585652] Re: EmptyCatalog not treated during cinderclient creation

  Thread PreviousDate PreviousThread Next 
It's fine if you want to submit a patch to make this better. I'm not
really convinced that we should be handling the case where users create
crippled tokens and then attempt to do complex operations.

** Changed in: nova
       Status: New => Opinion

** Changed in: nova
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1585652

Title:
  EmptyCatalog not treated during cinderclient creation

Status in OpenStack Compute (nova):
  Opinion

Bug description:
  Steps to reproduce
  ==================
  1 - Get a keystone v3 token using the ?nocatalog param. Example:

  export TOKEN=`curl -i -k -v -H "Content-type: application/json" -d
  '{"auth": {"identity": {"methods": ["password"], "password": {"user":
  {"domain": {"name": "Default"}, "name": "test", "password":
  "password"}}}, "scope": {"project": {"name": "test-project", "domain":
  {"name": "Default"}}}}}'
  http://localhost:5000/v3/auth/tokens?nocatalog | grep X-Subject-Token
  | awk '{print $2}' | sed -e 's,\r,,' `

  2 - Try to create a server using a cinder volume. Example:

  curl -k -v -H  "X-Auth-Token:$TOKEN" -H "Content-type:
  application/json" -d '{"server": {"name": "test_CSDPU_1", "imageRef":
  "", "block_device_mapping_v2": [{"source_type": "volume",
  "destination_type": "volume", "boot_index": 0,
  "delete_on_termination": false, "uuid": "85397498-850f-406f-806a-
  25cf93cd94dc"}], "flavorRef": "790959df-f79b-4b87-8389-a160a3b6e606",
  "max_count": 1, "min_count": 1}}'
  http://localhost:8774/v2/07564c39740f405b92f4722090cd745b/servers

  Actual result
  =============

  {"badRequest": {"message": "Block Device Mapping is Invalid: failed to
  get volume 85397498-850f-406f-806a-25cf93cd94dc.", "code": 400}}

  Expected result
  ===============

  A meaningful error message is displayed.

  Details
  =======

  - During cinderclient creation, nova tries to get cinder's endpoint
  using the auth object obtained from the token without the catalog [1].
  keystoneauth will raise an EmptyCatalog exception [2] that is not
  treated and will result in the error seen above.

  [1] https://github.com/openstack/nova/blob/master/nova/volume/cinder.py#L82
  [2] https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/access/service_catalog.py#L190

  - This issue might happen in other areas of code, is not necessarily
  exclusive to the cinderclient creation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1585652/+subscriptions

References

  Thread PreviousDate PreviousThread Next