[Openstack] Possible keystone/common/controller.py Token Bug

Miller, Mark M (EB SW Cloud - R&D - Corvallis) mark.m.miller at hp.com
Sat Mar 2 00:52:20 UTC 2013 

You are correct. I am trying to see if our previous code built around v2.0 works with v3. I have been using the v3 REST APIs to put entries into the keystone database and then am running my regression tests using v2.0 REST calls. We will be moving fully to v3, but for now I have a lot of people asking about compatibility.

Mark

From: Dolph Mathews [mailto:dolph.mathews at gmail.com]
Sent: Friday, March 01, 2013 4:46 PM
To: Miller, Mark M (EB SW Cloud - R&D - Corvallis)
Cc: openstack at lists.launchpad.net (openstack at lists.launchpad.net); Yee, Guang
Subject: Re: [Openstack] Possible keystone/common/controller.py Token Bug

Looks like a valid bug to me -- this code just merged a week ago.

How did you create the token? I'm guessing it was generated by v2 and utilized here on v3?


-Dolph

On Fri, Mar 1, 2013 at 5:03 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <mark.m.miller at hp.com<mailto:mark.m.miller at hp.com>> wrote:
Hello,

In trying to understand the Keystone Grizzly-3 release, I decided to add a service via a REST API call using an admin user's token instead of the admin token found in keystone.conf. When I do I get error:


Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/wsgi.py", line 231, in __call__
    result = method(context, **params)
  File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/controller.py", line 66, in wrapper
    context, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1.g3-py2.7.egg/keystone/common/controller.py", line 32, in _build_policy_check_credentials
    token_data = token_ref['token_data']
KeyError: 'token_data'
(access): 2013-03-01 13:53:26,754 INFO 15.253.58.148 - - [01/Mar/2013:21:53:26 +0000] "POST http://15.253.58.165:35357/v3/services HTTP/1.0" 500 156
(eventlet.wsgi.server): 2013-03-01 13:53:26,755 DEBUG 15.253.58.148 - - [01/Mar/2013 13:53:26] "POST /v3/services HTTP/1.1" 500 328 0.020434


When I change line 32 in the file from "token_data = token_ref['token_data']" to "token_data = token_ref", the code appears to work.


def _build_policy_check_credentials(self, action, context, kwargs):

    LOG.debug(_('RBAC: Authorizing %s(%s)') % (
        action,
        ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])))

    try:
        token_ref = self.token_api.get_token(
            context=context, token_id=context['token_id'])
    except exception.TokenNotFound:
        LOG.warning(_('RBAC: Invalid token'))
        raise exception.Unauthorized()

    creds = {}

#   token_data = token_ref['token_data']
    token_data = token_ref


So my question is do I need to have "token_data" in the token table somehow or is this a code bug?

Regards,

Mark Miller

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130302/45c14977/attachment.html>

More information about the Openstack mailing list