← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1801778] Re: Keystone circular reference on OPTIONS

 

Reviewed:  https://review.openstack.org/617062
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8d0ad2c93b57b00187e5e02f6fe440c6b3592018
Submitter: Zuul
Branch:    master

commit 8d0ad2c93b57b00187e5e02f6fe440c6b3592018
Author: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date:   Fri Nov 9 19:21:44 2018 -0800

    Correct HTTP OPTIONS method
    
    When HTTP OPTIONS method was used, keystone was incorrectly classifying
    the request to require enforcement. OPTIONS is handled automatically
    by flask and needs no additional implementation. It is now explicitly
    exempted from the "unenforced api" assertion.
    
    Change-Id: Ifdb850c1fbc10c05108466ad68d808f3f5c20b37
    closes-bug: #1801778


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1801778

Title:
  Keystone circular reference on OPTIONS

Status in OpenStack Identity (keystone):
  Fix Released
Status in tripleo:
  Triaged

Bug description:
  When trying to authenticate against
  https://192.168.24.2/keystone/v3/auth/tokens with CORS (the OPTIONS
  req), I get a 500 error.  Inside the keystone container, the logs have
  this:

  018-11-05 19:01:33.396 230 DEBUG keystone.common.rbac_enforcer.enforcer [req-def53dc3-9ac5-4470-9d21-7f737534dc90 f2ff68e4483344268c959e3dcf6b8b45 53568db657e445a49d40a25c4a7fdd42 - default default] RBAC: Policy Enforcement Cred Data `identity:validate_token creds(service_project_id=None, service_user_id=None, service_user_domain_id=None, service_project_domain_id=None, trustor_id=None, user_domain_id=default, domain_id=None, trust_id=None, project_domain_id=default, service_roles=[], group_ids=[], user_id=f2ff68e4483344268c959e3dcf6b8b45, roles=[u'member', u'reader', u'admin'], system_scope=None, trustee_id=None, domain_name=None, is_admin_project=True, token=*** (audit_id=RyLKr6cyRLC2p6oV5-52Cg, audit_chain_id=[u'RyLKr6cyRLC2p6oV5-52Cg']) at 0x7f371cf0dc50>, project_id=53568db657e445a49d40a25c4a7fdd42)` enforce_call /usr/lib/python2.7/site-packages/keystone/common/rbac_enforcer/enforcer.py:418
  2018-11-05 19:01:33.396 230 DEBUG keystone.common.rbac_enforcer.enforcer [req-def53dc3-9ac5-4470-9d21-7f737534dc90 f2ff68e4483344268c959e3dcf6b8b45 53568db657e445a49d40a25c4a7fdd42 - default default] RBAC: Policy Enforcement Target Data `identity:validate_token => target(target.token.user.domain.id=default, target.token.user_id=5f351e642aa54a1abc20726ffe9bcc04)` enforce_call /usr/lib/python2.7/site-packages/keystone/common/rbac_enforcer/enforcer.py:426
  2018-11-05 19:01:33.415 230 DEBUG keystone.common.rbac_enforcer.enforcer [req-def53dc3-9ac5-4470-9d21-7f737534dc90 f2ff68e4483344268c959e3dcf6b8b45 53568db657e445a49d40a25c4a7fdd42 - default default] RBAC: Authorization granted enforce_call /usr/lib/python2.7/site-packages/keystone/common/rbac_enforcer/enforcer.py:432
  2018-11-05 19:01:33.425 230 ERROR keystone.assignment.core [req-def53dc3-9ac5-4470-9d21-7f737534dc90 f2ff68e4483344268c959e3dcf6b8b45 53568db657e445a49d40a25c4a7fdd42 - default default] Circular reference found role inference rules - 5be439ef59e949b28f7e38599a828374.
  2018-11-05 19:01:33.433 230 ERROR keystone.assignment.core [req-def53dc3-9ac5-4470-9d21-7f737534dc90 f2ff68e4483344268c959e3dcf6b8b45 53568db657e445a49d40a25c4a7fdd42 - default default] Circular reference found role inference rules - 5be439ef59e949b28f7e38599a828374.
  2018-11-05 19:01:33.447 230 ERROR keystone.assignment.core [req-def53dc3-9ac5-4470-9d21-7f737534dc90 f2ff68e4483344268c959e3dcf6b8b45 53568db657e445a49d40a25c4a7fdd42 - default default] Circular reference found role inference rules - 5be439ef59e949b28f7e38599a828374.

  
  This is blocking the tripleo-ui because I can't log in.  It's a brand new install using reproducer in RDO cloud.  The deployment finished successfully.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1801778/+subscriptions