yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #92601
[Bug 2026361] [NEW] API traceback when creating token with body from v2 api on the v3 endpoint
Public bug reported:
When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint.
This will result with a Traceback showing is user/password in the logs
Keystone logs :
ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:
ERROR keystone.server.flask.application
ERROR keystone.server.flask.application Traceback (most recent call last):
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request
ERROR keystone.server.flask.application rv = self.dispatch_request()
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request
ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper
ERROR keystone.server.flask.application resp = resource(*args, **kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view
ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request
ERROR keystone.server.flask.application resp = meth(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper
ERROR keystone.server.flask.application return f(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post
ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth
ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate
ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate
ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail)
ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application On instance:
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}}
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0)
Steps to reproduce :
REQ: stack@devstack:~/devstack$ curl -i http://57.128.26.217/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}'
HTTP/1.1 400 BAD REQUEST
Date: Fri, 07 Jul 2023 09:35:00 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Type: application/json
Content-Length: 3467
Vary: X-Auth-Token
x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf
Connection: close
{"error":{"code":400,"message":"'identity' is a required
property\n\nFailed validating 'required' in schema:\n {'properties':
{'identity': {'properties': {'methods': {'items': {'type': 'string'},\n
'type': 'array'},\n
'password': {'properties': {'user': {'properties': {'domain':
{'properties': {'id': {'type': 'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'id': {'type': 'string'},\n
'name': {'type': 'string'},\n
'password': {'type': 'string'}},\n
'type': 'object'}},\n
'type': 'object'},\n
'token': {'properties': {'id': {'type': 'string'}},\n
'required': ['id'],\n
'type': 'object'}},\n 'required':
['methods'],\n 'type': 'object'},\n
'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id':
{'type': 'string'}},\n
'type': 'object'},\n
'domain': {'properties': {'id': {'type': 'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'project': {'properties': {'domain': {'properties': {'id': {'type':
'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'id': {'type': 'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'system': {'properties': {'all': {'enum': [True,\n
False,\n
None],\n
'type': 'boolean'}},\n
'type': 'object'}},\n 'type': ['object',
'string']}},\n 'required': ['identity'],\n 'type':
'object'}\n\nOn instance:\n {'passwordCredentials': {'password':
'password', 'username': 'admin'}}","title":"Bad Request"}}
Tested on Devstack Env :
- OS Version: Ubuntu 22.04 jammy
- Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 )
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2026361
Title:
API traceback when creating token with body from v2 api on the v3
endpoint
Status in OpenStack Identity (keystone):
New
Bug description:
When requesting a Keystone token, a user may make a mistake and use the api V2 body on an api v3 endpoint.
This will result with a Traceback showing is user/password in the logs
Keystone logs :
ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:
ERROR keystone.server.flask.application
ERROR keystone.server.flask.application Traceback (most recent call last):
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request
ERROR keystone.server.flask.application rv = self.dispatch_request()
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request
ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 467, in wrapper
ERROR keystone.server.flask.application resp = resource(*args, **kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 107, in view
ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs)
ERROR keystone.server.flask.application File "/usr/local/lib/python3.10/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request
ERROR keystone.server.flask.application resp = meth(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/server/flask/common.py", line 1064, in wrapper
ERROR keystone.server.flask.application return f(*args, **kwargs)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/api/auth.py", line 314, in post
ERROR keystone.server.flask.application auth_schema.validate_issue_token_auth(auth_data)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/auth/schema.py", line 113, in validate_issue_token_auth
ERROR keystone.server.flask.application validation.lazy_validate(token_issue, auth)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/__init__.py", line 30, in lazy_validate
ERROR keystone.server.flask.application schema_validator.validate(resource_to_validate)
ERROR keystone.server.flask.application File "/opt/stack/keystone/keystone/common/validation/validators.py", line 89, in validate
ERROR keystone.server.flask.application raise exception.SchemaValidationError(detail=detail)
ERROR keystone.server.flask.application keystone.exception.SchemaValidationError: 'identity' is a required property
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application On instance:
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application {'passwordCredentials': {'password': 'password', 'username': 'admin'}}
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: ERROR keystone.server.flask.application
Jul 07 09:35:00 devstack devstack@keystone.service[60249]: [pid: 60249|app: 0|req: 125/978] 57.128.26.217 () {58 vars in 979 bytes} [Fri Jul 7 09:35:00 2023] POST /identity/v3/auth/tokens => generated 3467 bytes in 14 msecs (HTTP/1.1 400) 5 headers in 187 bytes (1 switches on core 0)
Steps to reproduce :
REQ: stack@devstack:~/devstack$ curl -i http://57.128.26.217/identity/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d'{"auth":{"passwordCredentials":{"username": "admin", "password": "password"}}}'
HTTP/1.1 400 BAD REQUEST
Date: Fri, 07 Jul 2023 09:35:00 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Type: application/json
Content-Length: 3467
Vary: X-Auth-Token
x-openstack-request-id: req-39da835d-6c25-4dfc-9fbc-8326311c44bf
Connection: close
{"error":{"code":400,"message":"'identity' is a required
property\n\nFailed validating 'required' in schema:\n
{'properties': {'identity': {'properties': {'methods': {'items':
{'type': 'string'},\n
'type': 'array'},\n
'password': {'properties': {'user': {'properties': {'domain':
{'properties': {'id': {'type': 'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'id': {'type': 'string'},\n
'name': {'type': 'string'},\n
'password': {'type': 'string'}},\n
'type': 'object'}},\n
'type': 'object'},\n
'token': {'properties': {'id': {'type': 'string'}},\n
'required': ['id'],\n
'type': 'object'}},\n 'required':
['methods'],\n 'type': 'object'},\n
'scope': {'properties': {'OS-TRUST:trust': {'properties': {'id':
{'type': 'string'}},\n
'type': 'object'},\n
'domain': {'properties': {'id': {'type': 'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'project': {'properties': {'domain': {'properties': {'id': {'type':
'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'id': {'type': 'string'},\n
'name': {'type': 'string'}},\n
'type': 'object'},\n
'system': {'properties': {'all': {'enum': [True,\n
False,\n
None],\n
'type': 'boolean'}},\n
'type': 'object'}},\n 'type': ['object',
'string']}},\n 'required': ['identity'],\n 'type':
'object'}\n\nOn instance:\n {'passwordCredentials': {'password':
'password', 'username': 'admin'}}","title":"Bad Request"}}
Tested on Devstack Env :
- OS Version: Ubuntu 22.04 jammy
- Keystone : origin/master ( b80e1df2ef1735d91a1483e1ec64d4048c5b3145 )
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2026361/+subscriptions
