OpenStack Identity (keystone)

auth_token needs logging enabled

Bug #942986 reported by Joseph Heck
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
High
Jesse Andrews
OpenStack Identity (keystone) 2012.1 "essex"

Bug Description

auth_token (keystone.middleware.auth_token) needs to have logging in the midst of it to be able to log messages to the hosting service using it (glance, nova, etc) when authorization sequences fail.

currently, auth_token returns no responses or logging up to the hosting applicaiton.

Revision history for this message
Deepak Garg (deepak.garg) wrote :

HI Joseph,

Is this the reason for the Improper result when either of service_token OR service_endpoint is not set. E.g. I get the msg:
" No handlers could be found for logger "keystoneclient.v2_0.client"
when I unset the SERVICE_ENDPOINT.

deepak@deepak-devvm:~/devstack$ keystone --token admintoken tenant-list
+----------------------------------+--------------------+---------+
| id | name | enabled |
 +----------------------------------+--------------------+---------+
| 0427c8663a744e3e9fb0ae3e9dc481c7 | admin | True |
| 18c5ced234e341ab9dc8d826411ca3ef | dg2 | True |
| 99edfffc78f14ca2b77680d574afe196 | demo | True |
| ddaa5907076b44fdb423986650c4068e | invisible_to_admin | True |
 +----------------------------------+--------------------+---------+

deepak@deepak-devvm:~/devstack$ unset SERVICE_ENDPOINT
deepak@deepak-devvm:~/devstack$ keystone --token admintoken tenant-list
No handlers could be found for logger "keystoneclient.v2_0.client"
+----------------------------------+-------+---------+
| id | name | enabled |
 +----------------------------------+-------+---------+
| 0427c8663a744e3e9fb0ae3e9dc481c7 | admin | True |
| 99edfffc78f14ca2b77680d574afe196 | demo | True |
 +----------------------------------+-------+---------+

Revision history for this message
Joseph Heck (heckj) wrote :

No, it's unrelated - the error message you're getting it no python logging handlers in the keystone client code to forward log messages. A root handler enabled in a program should generally take care of that.

This is logging in the keystone.middleware.auth_token which should be applicable to the owning application (nova, glance, etc) so that if the middleware needs or wants to send out a debug log (i.e. to indicate a reason for failure to the system owner), it can. RIght now, there is no logging happening in the middleware.

Ben McGraw (mcgrue)
Changed in keystone:
assignee: nobody → Ben McGraw (mcgrue)
Revision history for this message
Deepak Garg (deepak.garg) wrote :

Thanks Joseph,
So, whats the correct way to resolve the issue.
  a. Manually enable the handler in the client code ( using cmd line probably ) ?
  b. It should have been enabled by the code and we should raise a bug.

Revision history for this message
Deepak Garg (deepak.garg) wrote :

I am talking about my issue here, ( to be clear )

Revision history for this message
Joseph Heck (heckj) wrote :

Deepak - please open a separate bug or open a "Question" in Keystone and let's discuss it there. I'd rather than confuse this bug/issue with unrelated discussion.

Revision history for this message
Joseph Heck (heckj) wrote :

Marking as fix committed based on the auth_token rewrite last week

Changed in keystone:
status: Confirmed → Fix Committed
Jesse Andrews (anotherjesse)
Changed in keystone:
assignee: Ben McGraw (mcgrue) → anotherjesse (anotherjesse)
Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: essex-rc1 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.