yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1886607] [NEW] Application Credentials Specifying Token Produces 500 Internal Server Error

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Matheny <1886607@xxxxxxxxxxxxxxxxxx>
Date: Tue, 07 Jul 2020 02:51:59 -0000
Reply-to: Bug 1886607 <1886607@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

Description
===========
Under an application credential user, you can issue a token, but if you try to specify this token with the openstack client, it will produce a 500 internal server error. 
   

Steps to reproduce
==================
1. Deploy train devstack
git clone https://opendev.org/openstack/devstack -b stable/train

2. Create application credential user under admin user credentials:
openstack application credential create auckland_scripts --role admin

3. Source these generated application credentials:
export OS_AUTH_URL=http://x.x.x.x/identity/v3
export OS_AUTH_TYPE=v3applicationcredential
export OS_APPLICATION_CREDENTIAL_ID=5d1e3e381d184671a63af22b94d05b7b
export OS_APPLICATION_CREDENTIAL_SECRET=[SECRET]

4. Generate a token under this application credential user:
TOKEN=$(openstack token issue --format value -c id)

5. Try to use this token to run a command:
openstack --os-token $TOKEN --os-auth-type v3token project list

   
Expected result
===============
Successfully use the token specified to authorise and run command.
   
Actual result
=============
Internal Server Error (HTTP 500)
   
Environment
===========
Train devstack (confirmed also in Stein however):
stack@sean-devstack:~/devstack$ git log -1
commit 18ecda418dd2585cdd92abb3e4d3ffd3112a1474 (HEAD -> stable/train, origin/stable/train)
Merge: cbae2d17 9764fadc
Author: Zuul <zuul@xxxxxxxxxxxxxxxxxx>
Date:   Mon Jun 22 14:25:29 2020 +0000

keystone (16.0.2.dev6, /opt/stack/keystone)
keystoneauth1 (3.17.2)
keystonemiddleware (7.0.1)
python-keystoneclient (3.21.0)
python-openstackclient (4.0.0)

Logs & Configs
==============
Using auth plugin: v3token
Using parameters {'token': '***', 'auth_url': 'http://10.31.80.104/identity/v3'}
Get auth_ref
Making authentication request to http://10.31.80.104/identity/v3/auth/tokens
Starting new HTTP connection (1): 10.31.80.104:80
http://10.31.80.104:80 "POST /identity/v3/auth/tokens HTTP/1.1" 500 609
Request returned failure status: 500
Internal Server Error (HTTP 500)
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand
    self.prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command
    return super(OpenStackShell, self).prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command
    self.client_manager.auth_ref
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref
    self._auth_ref = self.auth.get_auth_ref(self.session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref
    authenticated=False, log=False, **rkwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post
    return self.request(url, 'POST', **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request
    raise exceptions.from_response(resp, method, url)
InternalServerError: Internal Server Error (HTTP 500)
clean_up ListProject: Internal Server Error (HTTP 500)
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 136, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 281, in run
    result = self.run_subcommand(remainder)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 176, in run_subcommand
    ret_value = super(OpenStackShell, self).run_subcommand(argv)
  File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand
    self.prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command
    return super(OpenStackShell, self).prepare_to_run_command(cmd)
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command
    self.client_manager.auth_ref
  File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref
    self._auth_ref = self.auth.get_auth_ref(self.session)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref
    authenticated=False, log=False, **rkwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post
    return self.request(url, 'POST', **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request
    raise exceptions.from_response(resp, method, url)
InternalServerError: Internal Server Error (HTTP 500)

Local.conf (absolute default):
[[local|localrc]]
ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
HOST_IP=[localhost ip]

keystone.conf (default devstack config):
[token]
provider = fernet

[fernet_tokens]
key_repository = /etc/keystone/fernet-keys/

[credential]
key_repository = /etc/keystone/credential-keys/

** Affects: keystone
     Importance: Undecided
         Status: New

** Attachment added: "verbose output"
   https://bugs.launchpad.net/bugs/1886607/+attachment/5390363/+files/keystone_bug.txt

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1886607

Title:
  Application Credentials Specifying Token Produces 500 Internal Server
  Error

Status in OpenStack Identity (keystone):
  New

Bug description:
  Description
  ===========
  Under an application credential user, you can issue a token, but if you try to specify this token with the openstack client, it will produce a 500 internal server error. 
     

  Steps to reproduce
  ==================
  1. Deploy train devstack
  git clone https://opendev.org/openstack/devstack -b stable/train

  2. Create application credential user under admin user credentials:
  openstack application credential create auckland_scripts --role admin

  3. Source these generated application credentials:
  export OS_AUTH_URL=http://x.x.x.x/identity/v3
  export OS_AUTH_TYPE=v3applicationcredential
  export OS_APPLICATION_CREDENTIAL_ID=5d1e3e381d184671a63af22b94d05b7b
  export OS_APPLICATION_CREDENTIAL_SECRET=[SECRET]

  4. Generate a token under this application credential user:
  TOKEN=$(openstack token issue --format value -c id)

  5. Try to use this token to run a command:
  openstack --os-token $TOKEN --os-auth-type v3token project list

     
  Expected result
  ===============
  Successfully use the token specified to authorise and run command.
     
  Actual result
  =============
  Internal Server Error (HTTP 500)
     
  Environment
  ===========
  Train devstack (confirmed also in Stein however):
  stack@sean-devstack:~/devstack$ git log -1
  commit 18ecda418dd2585cdd92abb3e4d3ffd3112a1474 (HEAD -> stable/train, origin/stable/train)
  Merge: cbae2d17 9764fadc
  Author: Zuul <zuul@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Jun 22 14:25:29 2020 +0000

  keystone (16.0.2.dev6, /opt/stack/keystone)
  keystoneauth1 (3.17.2)
  keystonemiddleware (7.0.1)
  python-keystoneclient (3.21.0)
  python-openstackclient (4.0.0)

  Logs & Configs
  ==============
  Using auth plugin: v3token
  Using parameters {'token': '***', 'auth_url': 'http://10.31.80.104/identity/v3'}
  Get auth_ref
  Making authentication request to http://10.31.80.104/identity/v3/auth/tokens
  Starting new HTTP connection (1): 10.31.80.104:80
  http://10.31.80.104:80 "POST /identity/v3/auth/tokens HTTP/1.1" 500 609
  Request returned failure status: 500
  Internal Server Error (HTTP 500)
  Traceback (most recent call last):
    File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand
      self.prepare_to_run_command(cmd)
    File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command
      return super(OpenStackShell, self).prepare_to_run_command(cmd)
    File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command
      self.client_manager.auth_ref
    File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref
      self._auth_ref = self.auth.get_auth_ref(self.session)
    File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref
      authenticated=False, log=False, **rkwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post
      return self.request(url, 'POST', **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request
      raise exceptions.from_response(resp, method, url)
  InternalServerError: Internal Server Error (HTTP 500)
  clean_up ListProject: Internal Server Error (HTTP 500)
  Traceback (most recent call last):
    File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 136, in run
      ret_val = super(OpenStackShell, self).run(argv)
    File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 281, in run
      result = self.run_subcommand(remainder)
    File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 176, in run_subcommand
      ret_value = super(OpenStackShell, self).run_subcommand(argv)
    File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand
      self.prepare_to_run_command(cmd)
    File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command
      return super(OpenStackShell, self).prepare_to_run_command(cmd)
    File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command
      self.client_manager.auth_ref
    File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref
      self._auth_ref = self.auth.get_auth_ref(self.session)
    File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref
      authenticated=False, log=False, **rkwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post
      return self.request(url, 'POST', **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request
      raise exceptions.from_response(resp, method, url)
  InternalServerError: Internal Server Error (HTTP 500)

  Local.conf (absolute default):
  [[local|localrc]]
  ADMIN_PASSWORD=secret
  DATABASE_PASSWORD=$ADMIN_PASSWORD
  RABBIT_PASSWORD=$ADMIN_PASSWORD
  SERVICE_PASSWORD=$ADMIN_PASSWORD
  HOST_IP=[localhost ip]

  keystone.conf (default devstack config):
  [token]
  provider = fernet

  [fernet_tokens]
  key_repository = /etc/keystone/fernet-keys/

  [credential]
  key_repository = /etc/keystone/credential-keys/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1886607/+subscriptions