yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1701541] [NEW] Keystone v3/roles has differnt response for HEAD and GET (again)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Attila Fazekas <afazekas@xxxxxxxxxx>
Date: Fri, 30 Jun 2017 12:01:33 -0000
Reply-to: Bug 1701541 <1701541@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

The issue is very similar to the one already discussed at 
https://bugs.launchpad.net/keystone/+bug/1334368 , http://lists.openstack.org/pipermail/openstack-dev/2014-July/039140.html .

# curl -v -X HEAD  http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e -H "Content-Type: application/json" -H "X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo"
* About to connect() to 172.17.1.18 port 5000 (#0)
*   Trying 172.17.1.18...
* Connected to 172.17.1.18 (172.17.1.18) port 5000 (#0)
> HEAD /v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 172.17.1.18:5000
> Accept: */*
> Content-Type: application/json
> X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo
> 
< HTTP/1.1 204 No Content
< Date: Fri, 30 Jun 2017 10:09:30 GMT
< Server: Apache
< Vary: X-Auth-Token
< x-openstack-request-id: req-e64410ae-5d4a-48f7-8508-615752877277
< Content-Type: text/plain
< 
* Connection #0 to host 172.17.1.18 left intact

# curl -v -X GET  http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e -H "Content-Type: application/json" -H "X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo"
* About to connect() to 172.17.1.18 port 5000 (#0)
*   Trying 172.17.1.18...
* Connected to 172.17.1.18 (172.17.1.18) port 5000 (#0)
> GET /v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 172.17.1.18:5000
> Accept: */*
> Content-Type: application/json
> X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo
> 
< HTTP/1.1 200 OK
< Date: Fri, 30 Jun 2017 10:09:38 GMT
< Server: Apache
< Content-Length: 507
< Vary: X-Auth-Token,Accept-Encoding
< x-openstack-request-id: req-cc320571-a59d-4ea2-b459-117053367c55
< Content-Type: application/json
< 
* Connection #0 to host 172.17.1.18 left intact
{"role_inference": {"implies": {"id": "11b21cc37d7644c8bc955ff956b2d56e", "links": {"self": "http://172.17.1.18:5000/v3/roles/11b21cc37d7644c8bc955ff956b2d56e"}, "name": "tempest-role-1212191884"}, "prior_role": {"id": "7acb026c29a24fb2a1d92a4e5291de24", "links": {"self": "http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92a4e5291de24"}, "name": "tempest-role-500046640"}}, "links": {"self": "http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92


mod_wsgi based on the version and configuration (WSGIMapHEADToGET (requires mod_wsgi >= 4.3.0)) mod_wsgi might send GET instead of HEAD in order to avoid invalid responses being cached in case of an application bug.

Unfortunately tempest expects the wrong behavior, is it also needs to be
changed,

tempest.api.identity.admin.v3.test_roles.RolesV3TestJSON.test_implied_roles_create_check_show_delete[id-c90c316c-d706-4728-bcba-eb1912081b69]
---------------------------------------------------------------------------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "/usr/lib/python2.7/site-packages/tempest/api/identity/admin/v3/test_roles.py", line 228, in test_implied_roles_create_check_show_delete
        prior_role_id, implies_role_id)
      File "/usr/lib/python2.7/site-packages/tempest/lib/services/identity/v3/roles_client.py", line 233, in check_role_inference_rule
        self.expected_success(204, resp.status)
      File "/usr/lib/python2.7/site-packages/tempest/lib/common/rest_client.py", line 252, in expected_success
        raise exceptions.InvalidHttpSuccessCode(details)
    tempest.lib.exceptions.InvalidHttpSuccessCode: The success code is different than the expected one
    Details: Unexpected http success status code 200, The expected status code is 204

** Affects: keystone
     Importance: Undecided
         Status: New

** Affects: tempest
     Importance: Undecided
         Status: New

** Also affects: tempest
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1701541

Title:
  Keystone v3/roles has differnt response for HEAD and GET (again)

Status in OpenStack Identity (keystone):
  New
Status in tempest:
  New

Bug description:
  The issue is very similar to the one already discussed at 
  https://bugs.launchpad.net/keystone/+bug/1334368 , http://lists.openstack.org/pipermail/openstack-dev/2014-July/039140.html .

  # curl -v -X HEAD  http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e -H "Content-Type: application/json" -H "X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo"
  * About to connect() to 172.17.1.18 port 5000 (#0)
  *   Trying 172.17.1.18...
  * Connected to 172.17.1.18 (172.17.1.18) port 5000 (#0)
  > HEAD /v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: 172.17.1.18:5000
  > Accept: */*
  > Content-Type: application/json
  > X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo
  > 
  < HTTP/1.1 204 No Content
  < Date: Fri, 30 Jun 2017 10:09:30 GMT
  < Server: Apache
  < Vary: X-Auth-Token
  < x-openstack-request-id: req-e64410ae-5d4a-48f7-8508-615752877277
  < Content-Type: text/plain
  < 
  * Connection #0 to host 172.17.1.18 left intact

  # curl -v -X GET  http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e -H "Content-Type: application/json" -H "X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo"
  * About to connect() to 172.17.1.18 port 5000 (#0)
  *   Trying 172.17.1.18...
  * Connected to 172.17.1.18 (172.17.1.18) port 5000 (#0)
  > GET /v3/roles/7acb026c29a24fb2a1d92a4e5291de24/implies/11b21cc37d7644c8bc955ff956b2d56e HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: 172.17.1.18:5000
  > Accept: */*
  > Content-Type: application/json
  > X-Auth-Token: gAAAAABZViMqU8rSuv7qlmcUlv1hYHegvN6EelqJPt-MTWBkIOewhSjNeiwZcksDUKm2JOfNtw78iAAmscx86N9UiekxkluvzRpatFyWooOkCATkqJFn4HgCFr_an9X7kmOhJTOguqGH6uCYz4K6ak1NfuEvtRShe3lDXyScL51JaZqtw8bCWzo
  > 
  < HTTP/1.1 200 OK
  < Date: Fri, 30 Jun 2017 10:09:38 GMT
  < Server: Apache
  < Content-Length: 507
  < Vary: X-Auth-Token,Accept-Encoding
  < x-openstack-request-id: req-cc320571-a59d-4ea2-b459-117053367c55
  < Content-Type: application/json
  < 
  * Connection #0 to host 172.17.1.18 left intact
  {"role_inference": {"implies": {"id": "11b21cc37d7644c8bc955ff956b2d56e", "links": {"self": "http://172.17.1.18:5000/v3/roles/11b21cc37d7644c8bc955ff956b2d56e"}, "name": "tempest-role-1212191884"}, "prior_role": {"id": "7acb026c29a24fb2a1d92a4e5291de24", "links": {"self": "http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92a4e5291de24"}, "name": "tempest-role-500046640"}}, "links": {"self": "http://172.17.1.18:5000/v3/roles/7acb026c29a24fb2a1d92

  
  mod_wsgi based on the version and configuration (WSGIMapHEADToGET (requires mod_wsgi >= 4.3.0)) mod_wsgi might send GET instead of HEAD in order to avoid invalid responses being cached in case of an application bug.

  Unfortunately tempest expects the wrong behavior, is it also needs to
  be changed,

  tempest.api.identity.admin.v3.test_roles.RolesV3TestJSON.test_implied_roles_create_check_show_delete[id-c90c316c-d706-4728-bcba-eb1912081b69]
  ---------------------------------------------------------------------------------------------------------------------------------------------

  Captured traceback:
  ~~~~~~~~~~~~~~~~~~~
      Traceback (most recent call last):
        File "/usr/lib/python2.7/site-packages/tempest/api/identity/admin/v3/test_roles.py", line 228, in test_implied_roles_create_check_show_delete
          prior_role_id, implies_role_id)
        File "/usr/lib/python2.7/site-packages/tempest/lib/services/identity/v3/roles_client.py", line 233, in check_role_inference_rule
          self.expected_success(204, resp.status)
        File "/usr/lib/python2.7/site-packages/tempest/lib/common/rest_client.py", line 252, in expected_success
          raise exceptions.InvalidHttpSuccessCode(details)
      tempest.lib.exceptions.InvalidHttpSuccessCode: The success code is different than the expected one
      Details: Unexpected http success status code 200, The expected status code is 204

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1701541/+subscriptions
Follow ups

[Bug 1701541] Re: Keystone v3/roles has differnt response for HEAD and GET (again)
From: Morgan Fainberg, 2017-08-09