Public bug reported: The project is documented as being optional when creating credentials via the v3/credentials API, but not providing a project when creating ec2 credentials, then validating a signed request signed with those credentials via ec2tokens fails:
2014-01-14 13:53:19.390 10908 ERROR keystone.common.wsgi [-] object of type 'NoneType' has no len() 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi Traceback (most recent call last): 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 213, in __call__ 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi result = method(context, **params) 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/contrib/ec2/controllers.py", line 103, in authenticate 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi tenant_ref = self.assignment_api.get_project(creds_ref['tenant_id']) So we should probably raise an error when creating the credential, since we can never create an appropriately scoped token in ec2tokens without knowing the user and project associated with the credentials. ** Affects: keystone Importance: Undecided Assignee: Steven Hardy (shardy) Status: New ** Changed in: keystone Assignee: (unassigned) => Steven Hardy (shardy) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1268977 Title: v3 credentials project is not optional for type=ec2 Status in OpenStack Identity (Keystone): New Bug description: The project is documented as being optional when creating credentials via the v3/credentials API, but not providing a project when creating ec2 credentials, then validating a signed request signed with those credentials via ec2tokens fails: 2014-01-14 13:53:19.390 10908 ERROR keystone.common.wsgi [-] object of type 'NoneType' has no len() 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi Traceback (most recent call last): 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 213, in __call__ 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi result = method(context, **params) 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/contrib/ec2/controllers.py", line 103, in authenticate 2014-01-14 13:53:19.390 10908 TRACE keystone.common.wsgi tenant_ref = self.assignment_api.get_project(creds_ref['tenant_id']) So we should probably raise an error when creating the credential, since we can never create an appropriately scoped token in ec2tokens without knowing the user and project associated with the credentials. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1268977/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp