Public bug reported:
The project is documented as being optional when creating credentials
via the v3/credentials API, but not providing a project when creating
ec2 credentials, then validating a signed request signed with those
credentials via ec2tokens fails:
2014-01-14 13:53:19.390 10908 ERROR keystone.common.wsgi [-] object of type
'NoneType' has no len()
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi Traceback (most recent
call last):
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/common/wsgi.py", line 213, in __call__
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi result =
method(context, **params)
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/contrib/ec2/controllers.py", line 103, in
authenticate
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi tenant_ref =
self.assignment_api.get_project(creds_ref['tenant_id'])
So we should probably raise an error when creating the credential, since
we can never create an appropriately scoped token in ec2tokens without
knowing the user and project associated with the credentials.
** Affects: keystone
Importance: Undecided
Assignee: Steven Hardy (shardy)
Status: New
** Changed in: keystone
Assignee: (unassigned) => Steven Hardy (shardy)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1268977
Title:
v3 credentials project is not optional for type=ec2
Status in OpenStack Identity (Keystone):
New
Bug description:
The project is documented as being optional when creating credentials
via the v3/credentials API, but not providing a project when creating
ec2 credentials, then validating a signed request signed with those
credentials via ec2tokens fails:
2014-01-14 13:53:19.390 10908 ERROR keystone.common.wsgi [-] object of type
'NoneType' has no len()
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi Traceback (most
recent call last):
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/common/wsgi.py", line 213, in __call__
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi result =
method(context, **params)
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/contrib/ec2/controllers.py", line 103, in
authenticate
2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi tenant_ref =
self.assignment_api.get_project(creds_ref['tenant_id'])
So we should probably raise an error when creating the credential,
since we can never create an appropriately scoped token in ec2tokens
without knowing the user and project associated with the credentials.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1268977/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
