← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #70404

[Bug 1743603] [NEW] Unexpected service token warning message in keystone log

  Thread PreviousDate PreviousThread Next 
Public bug reported:

WARNING keystone.middleware.auth [req-d7a12f33-ef93-47c8-b27e-
a808860d1cff - - - - -] A valid token was submitted as a service token,
but it was not a valid service token. This is incorrect but backwards
compatible behaviour. This will be removed in future releases.


In compute quota API request[0] flow, nova is making a rest call to
keystone invoking identity project API[1] at [2] for project
verification. In this service call, a valid service token is being
passed in addition to user_token in request headers.

With reference to keystone pipeline [3], the above request is going
through 'build_auth_context' middleware which is defined as [4].
Meanwhile build_auth_context middleware[5] is loading keystonemiddleware
auth_token.BaseAuthProtocol[6] where 'service_token_roles',
'service_token_roles_required' params are not passed during
initialization due to which execution flow is going through else block
[7] and triggering above warning message in keystone log.


[0] GET /compute/v2.1/3d1ad9e3223e4cadb8a0d1f8a893e6a3/os-quota-sets/3d1ad9e3223e4cadb8a0d1f8a893e6a3/detail
[1] GET /v3/projects/3d1ad9e3223e4cadb8a0d1f8a893e6a3
[2] https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/quota_sets.py#L155
[3] [pipeline:api_v3]
    pipeline = ........ url_normalize request_id build_auth_context token_auth  json_body service_v3
[4] build_auth_context = keystone.middleware:AuthContextMiddleware.factory
[5] https://github.com/openstack/keystone/blob/master/keystone/middleware/auth.py#L43-L45
[6] https://github.com/openstack/keystonemiddleware/blob/stable/pike/keystonemiddleware/auth_token/__init__.py#L315-L320
[7] https://github.com/openstack/keystonemiddleware/blob/stable/pike/keystonemiddleware/auth_token/__init__.py#L383

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1743603

Title:
  Unexpected service token warning message in keystone log

Status in OpenStack Identity (keystone):
  New

Bug description:
  WARNING keystone.middleware.auth [req-d7a12f33-ef93-47c8-b27e-
  a808860d1cff - - - - -] A valid token was submitted as a service
  token, but it was not a valid service token. This is incorrect but
  backwards compatible behaviour. This will be removed in future
  releases.


  In compute quota API request[0] flow, nova is making a rest call to
  keystone invoking identity project API[1] at [2] for project
  verification. In this service call, a valid service token is being
  passed in addition to user_token in request headers.

  With reference to keystone pipeline [3], the above request is going
  through 'build_auth_context' middleware which is defined as [4].
  Meanwhile build_auth_context middleware[5] is loading
  keystonemiddleware auth_token.BaseAuthProtocol[6] where
  'service_token_roles', 'service_token_roles_required' params are not
  passed during initialization due to which execution flow is going
  through else block [7] and triggering above warning message in
  keystone log.

  
  [0] GET /compute/v2.1/3d1ad9e3223e4cadb8a0d1f8a893e6a3/os-quota-sets/3d1ad9e3223e4cadb8a0d1f8a893e6a3/detail
  [1] GET /v3/projects/3d1ad9e3223e4cadb8a0d1f8a893e6a3
  [2] https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/quota_sets.py#L155
  [3] [pipeline:api_v3]
      pipeline = ........ url_normalize request_id build_auth_context token_auth  json_body service_v3
  [4] build_auth_context = keystone.middleware:AuthContextMiddleware.factory
  [5] https://github.com/openstack/keystone/blob/master/keystone/middleware/auth.py#L43-L45
  [6] https://github.com/openstack/keystonemiddleware/blob/stable/pike/keystonemiddleware/auth_token/__init__.py#L315-L320
  [7] https://github.com/openstack/keystonemiddleware/blob/stable/pike/keystonemiddleware/auth_token/__init__.py#L383

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1743603/+subscriptions
  Thread PreviousDate PreviousThread Next