← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #54052

[Bug 1603038] Re: Execption on admin_token usage ValueError: Unrecognized

  Thread PreviousDate PreviousThread Next 
Can you check if it's the admin token in process_request in
keystonemiddleware? Now that we're all request'ed up in keystone it may
be possible to check for the is_admin value?

** Changed in: keystone
       Status: New => Triaged

** Changed in: keystone
   Importance: Critical => Medium

** Also affects: keystonemiddleware
   Importance: Undecided
       Status: New

** Changed in: keystonemiddleware
   Importance: Undecided => Medium

** Changed in: keystonemiddleware
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1603038

Title:
  Execption on admin_token usage ValueError: Unrecognized

Status in OpenStack Identity (keystone):
  Triaged
Status in keystonemiddleware:
  Triaged

Bug description:
  1. iniset keystone.conf DEFAULT admin_token deprecated
  2. reload keystone (systemctl restart httpd)
  3. curl -g -i -X GET http://192.168.9.98/identity_v2_admin/v2.0/users -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: deprecated"


  I know the admin_token is deprecated, but is should be handled without
  throwing an extra exception.


  2016-07-14 11:00:28.487 20453 WARNING keystone.middleware.core [req-f13bf34e-4b80-4c2b-8e47-646ce5665abf - - - - -] The admin_token_auth middleware presents a security risk and should be removed from the [pipeline:api_v3], [pipeline:admin_api], and [pipeline:public_api] sections of your paste ini file.
  2016-07-14 11:00:28.593 20453 DEBUG keystone.middleware.auth [req-f13bf34e-4b80-4c2b-8e47-646ce5665abf - - - - -] Authenticating user token process_request /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py:354
  2016-07-14 11:00:28.593 20453 WARNING keystone.middleware.auth [req-f13bf34e-4b80-4c2b-8e47-646ce5665abf - - - - -] Invalid token contents.
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth Traceback (most recent call last):
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth   File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 399, in _do_fetch_token
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth     return data, access.create(body=data, auth_token=token)
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth   File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth     return wrapped(*args, **kwargs)
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth   File "/usr/lib/python2.7/site-packages/keystoneauth1/access/access.py", line 49, in create
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth     raise ValueError('Unrecognized auth response')
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth ValueError: Unrecognized auth response
  2016-07-14 11:00:28.593 20453 TRACE keystone.middleware.auth 
  2016-07-14 11:00:28.594 20453 INFO keystone.middleware.auth [req-f13bf34e-4b80-4c2b-8e47-646ce5665abf - - - - -] Invalid user token
  2016-07-14 11:00:28.595 20453 DEBUG keystone.middleware.auth [req-d1c79cbf-698f-4844-9efd-7be444040cf0 - - - - -] RBAC: auth_context: {} fill_context /opt/stack/keystone/keystone/middleware/auth.py:219
  2016-07-14 11:00:28.604 20453 INFO keystone.common.wsgi [req-d1c79cbf-698f-4844-9efd-7be444040cf0 - - - - -] GET http://192.168.9.98/identity_v2_admin/v2.0/users
  2016-07-14 11:00:28.604 20453 WARNING oslo_log.versionutils [req-d1c79cbf-698f-4844-9efd-7be444040cf0 - - - - -] Deprecated: get_users of the v2 API is deprecated as of Mitaka in favor of a similar function in the v3 API and may be removed in Q.
  2016-07-14 11:00:28.622 20453 DEBUG oslo_db.sqlalchemy.engines [req-d1c79cbf-698f-4844-9efd-7be444040cf0 - - - - -] MySQL server mode set to STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,TRADITIONAL,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION _check_effective_sql_mode /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/engines.py:256

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1603038/+subscriptions

References

  Thread PreviousDate PreviousThread Next