Public bug reported: Description =========== Under an application credential user, you can issue a token, but if you try to specify this token with the openstack client, it will produce a 500 internal server error.
Steps to reproduce ================== 1. Deploy train devstack git clone https://opendev.org/openstack/devstack -b stable/train 2. Create application credential user under admin user credentials: openstack application credential create auckland_scripts --role admin 3. Source these generated application credentials: export OS_AUTH_URL=http://x.x.x.x/identity/v3 export OS_AUTH_TYPE=v3applicationcredential export OS_APPLICATION_CREDENTIAL_ID=5d1e3e381d184671a63af22b94d05b7b export OS_APPLICATION_CREDENTIAL_SECRET=[SECRET] 4. Generate a token under this application credential user: TOKEN=$(openstack token issue --format value -c id) 5. Try to use this token to run a command: openstack --os-token $TOKEN --os-auth-type v3token project list Expected result =============== Successfully use the token specified to authorise and run command. Actual result ============= Internal Server Error (HTTP 500) Environment =========== Train devstack (confirmed also in Stein however): stack@sean-devstack:~/devstack$ git log -1 commit 18ecda418dd2585cdd92abb3e4d3ffd3112a1474 (HEAD -> stable/train, origin/stable/train) Merge: cbae2d17 9764fadc Author: Zuul <[email protected]> Date: Mon Jun 22 14:25:29 2020 +0000 keystone (16.0.2.dev6, /opt/stack/keystone) keystoneauth1 (3.17.2) keystonemiddleware (7.0.1) python-keystoneclient (3.21.0) python-openstackclient (4.0.0) Logs & Configs ============== Using auth plugin: v3token Using parameters {'token': '***', 'auth_url': 'http://10.31.80.104/identity/v3'} Get auth_ref Making authentication request to http://10.31.80.104/identity/v3/auth/tokens Starting new HTTP connection (1): 10.31.80.104:80 http://10.31.80.104:80 "POST /identity/v3/auth/tokens HTTP/1.1" 500 609 Request returned failure status: 500 Internal Server Error (HTTP 500) Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand self.prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command return super(OpenStackShell, self).prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command self.client_manager.auth_ref File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref self._auth_ref = self.auth.get_auth_ref(self.session) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref authenticated=False, log=False, **rkwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post return self.request(url, 'POST', **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request raise exceptions.from_response(resp, method, url) InternalServerError: Internal Server Error (HTTP 500) clean_up ListProject: Internal Server Error (HTTP 500) Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 136, in run ret_val = super(OpenStackShell, self).run(argv) File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 281, in run result = self.run_subcommand(remainder) File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 176, in run_subcommand ret_value = super(OpenStackShell, self).run_subcommand(argv) File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand self.prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command return super(OpenStackShell, self).prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command self.client_manager.auth_ref File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref self._auth_ref = self.auth.get_auth_ref(self.session) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref authenticated=False, log=False, **rkwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post return self.request(url, 'POST', **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request raise exceptions.from_response(resp, method, url) InternalServerError: Internal Server Error (HTTP 500) Local.conf (absolute default): [[local|localrc]] ADMIN_PASSWORD=secret DATABASE_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD HOST_IP=[localhost ip] keystone.conf (default devstack config): [token] provider = fernet [fernet_tokens] key_repository = /etc/keystone/fernet-keys/ [credential] key_repository = /etc/keystone/credential-keys/ ** Affects: keystone Importance: Undecided Status: New ** Attachment added: "verbose output" https://bugs.launchpad.net/bugs/1886607/+attachment/5390363/+files/keystone_bug.txt -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1886607 Title: Application Credentials Specifying Token Produces 500 Internal Server Error Status in OpenStack Identity (keystone): New Bug description: Description =========== Under an application credential user, you can issue a token, but if you try to specify this token with the openstack client, it will produce a 500 internal server error. Steps to reproduce ================== 1. Deploy train devstack git clone https://opendev.org/openstack/devstack -b stable/train 2. Create application credential user under admin user credentials: openstack application credential create auckland_scripts --role admin 3. Source these generated application credentials: export OS_AUTH_URL=http://x.x.x.x/identity/v3 export OS_AUTH_TYPE=v3applicationcredential export OS_APPLICATION_CREDENTIAL_ID=5d1e3e381d184671a63af22b94d05b7b export OS_APPLICATION_CREDENTIAL_SECRET=[SECRET] 4. Generate a token under this application credential user: TOKEN=$(openstack token issue --format value -c id) 5. Try to use this token to run a command: openstack --os-token $TOKEN --os-auth-type v3token project list Expected result =============== Successfully use the token specified to authorise and run command. Actual result ============= Internal Server Error (HTTP 500) Environment =========== Train devstack (confirmed also in Stein however): stack@sean-devstack:~/devstack$ git log -1 commit 18ecda418dd2585cdd92abb3e4d3ffd3112a1474 (HEAD -> stable/train, origin/stable/train) Merge: cbae2d17 9764fadc Author: Zuul <[email protected]> Date: Mon Jun 22 14:25:29 2020 +0000 keystone (16.0.2.dev6, /opt/stack/keystone) keystoneauth1 (3.17.2) keystonemiddleware (7.0.1) python-keystoneclient (3.21.0) python-openstackclient (4.0.0) Logs & Configs ============== Using auth plugin: v3token Using parameters {'token': '***', 'auth_url': 'http://10.31.80.104/identity/v3'} Get auth_ref Making authentication request to http://10.31.80.104/identity/v3/auth/tokens Starting new HTTP connection (1): 10.31.80.104:80 http://10.31.80.104:80 "POST /identity/v3/auth/tokens HTTP/1.1" 500 609 Request returned failure status: 500 Internal Server Error (HTTP 500) Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand self.prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command return super(OpenStackShell, self).prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command self.client_manager.auth_ref File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref self._auth_ref = self.auth.get_auth_ref(self.session) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref authenticated=False, log=False, **rkwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post return self.request(url, 'POST', **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request raise exceptions.from_response(resp, method, url) InternalServerError: Internal Server Error (HTTP 500) clean_up ListProject: Internal Server Error (HTTP 500) Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 136, in run ret_val = super(OpenStackShell, self).run(argv) File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 281, in run result = self.run_subcommand(remainder) File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 176, in run_subcommand ret_value = super(OpenStackShell, self).run_subcommand(argv) File "/usr/local/lib/python2.7/dist-packages/cliff/app.py", line 394, in run_subcommand self.prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/openstackclient/shell.py", line 166, in prepare_to_run_command return super(OpenStackShell, self).prepare_to_run_command(cmd) File "/usr/local/lib/python2.7/dist-packages/osc_lib/shell.py", line 493, in prepare_to_run_command self.client_manager.auth_ref File "/usr/local/lib/python2.7/dist-packages/osc_lib/clientmanager.py", line 202, in auth_ref self._auth_ref = self.auth.get_auth_ref(self.session) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref authenticated=False, log=False, **rkwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 1106, in post return self.request(url, 'POST', **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 943, in request raise exceptions.from_response(resp, method, url) InternalServerError: Internal Server Error (HTTP 500) Local.conf (absolute default): [[local|localrc]] ADMIN_PASSWORD=secret DATABASE_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD HOST_IP=[localhost ip] keystone.conf (default devstack config): [token] provider = fernet [fernet_tokens] key_repository = /etc/keystone/fernet-keys/ [credential] key_repository = /etc/keystone/credential-keys/ To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1886607/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
