OpenStack Identity (keystone)

auth_token.py of keystone error when I use glance

Bug #888448 reported by livemoon on 2011-11-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Critical	Yogeshwar	OpenStack Identity (keystone) 2012.1 "essex"

Bug Description

When I use glance , it show error:
openstack@pre-production:~/openstack/glance$ glance -A 999888777666 index
Failed to show index. Got error:
Internal Server error: Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in handle_one_response
    result = self.application(self.environ, start_response)
  File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/home/openstack/openstack/glance/glance/common/wsgi.py", line 174, in __call__
    response = req.get_response(self.application)
  File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/local/lib/python2.7/dist-packages/keystone-2012.1-py2.7.egg/keystone/middleware/auth_token.py", line 197, in __call__
    claims = self._expound_claims(claims)
  File "/usr/local/lib/python2.7/dist-packages/keystone-2012.1-py2.7.egg/keystone/middleware/auth_token.py", line 321, in _expound_claims
    verified_claims = {'user': token_info['access']['user']['name'],
KeyError: 'name'

Revision history for this message

Yogeshwar (yogesh-srikrishnan) wrote on 2011-11-10:

This is the issue
The code in keystone/logic/types/auth.py

auth['user'] = {
'id': unicode(self.user.id),
'name': unicode(self.user.username)}

Builds user like this for authenticate response.However for validate response it builds user like

user = {
"id": unicode(self.user.id),
"username": unicode(self.user.username)}

Contract right now defines name to be returned and not username.
This inconsistency coupled with previous change has caused this bug.

Yogeshwar (yogesh-srikrishnan) on 2011-11-10

Changed in keystone:
status:	New → Confirmed
importance:	Undecided → Critical

Yogeshwar (yogesh-srikrishnan) on 2011-11-11

Changed in keystone:
assignee:	nobody → Yogeshwar (yogesh-srikrishnan)

Revision history for this message

Openstack Gerrit (openstack-gerrit) wrote on 2011-11-11: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/1509
Committed: http://github.com/openstack/keystone/commit/eed8a937a61b564614deed933ef6159f42a7c814
Submitter: Jenkins
Branch: master

status fixcommitted
done

commit eed8a937a61b564614deed933ef6159f42a7c814
Author: Yogeshwar Srikrishnan <email address hidden>
Date: Thu Nov 10 10:00:53 2011 -0600

    Bug 888448:
    - Changes to allow validate token call return user name as per contract.
    - Additional test assertions to test the same.
    - Changes to middleware.

Change-Id: I7138deb4a260e47a50625b2c49132691f7e5a970

Changed in keystone:
status:	Confirmed → Fix Committed

Revision history for this message

livemoon (mwjpiero) wrote on 2011-11-11:

Yogeshwar

I have replace auth['user'] and name with user and username
but error still exists

Revision history for this message

Dolph Mathews (dolph) wrote on 2011-11-11:

Which release of keystone are you calling?

Yogeshwar (yogesh-srikrishnan) on 2011-11-11

Changed in keystone:
milestone:	none → essex-2

Revision history for this message

Yogeshwar (yogesh-srikrishnan) wrote on 2011-11-11:

Also where did u change keystone or the middleware??
Did u see the auth_token.py changes?
This is how validate token looks

{
    "access":{
        "token":{
            "expires":"2012-02-05T00:00:00",
            "id":"887665443383838",
            "tenant":{
                "id":"1",
                "name":"customer-x"
            }
        },
        "user":{
            "roles":[{
                    "serviceId":"1",
                    "id":"3",
                    "name":"Member"
                }
            ],
            "tenantId":"1",
            "id":"1",
            "tenantName":"customer-x",
            "name":"joeuser" ===============> Returning name.
        }
    }
}

I tested the middleware with our echo service.That also is fine.
Did u try whatever in code base after the latest commit?

Thierry Carrez (ttx) on 2011-12-14

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2012-04-05

Changed in keystone:
milestone:	essex-2 → 2012.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.