Last active
May 21, 2016 06:26
-
-
Save briancline/f425684f01bde0a40094d049f8009a33 to your computer and use it in GitHub Desktop.
Unmangled bug report #1584289 (https://bugs.launchpad.net/keystonemiddleware/+bug/1584289)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Starting with keystonemiddleware v4.5.0 (specifically, commit | |
| f54ff06c1f5e274ea31ffac5faf1f57557fe586a), if a token is found to be cached but | |
| is cached with an invalid state, the middleware attempts to log a debug message | |
| indicating as much. However, the logger it references does not exist and | |
| results in an AttributeError. As a result, this yields HTTP 500 responses once | |
| the invalid token gets cached, rather than 401s. | |
| To reproduce (in my case, with Swift using keystonemiddleware in the pipeline): | |
| 1. As expected, this fails with a 401: | |
| (py27) root@saio:~/keystonemiddleware# http -v GET localhost/v1/AUTH_test/ x-auth-token:wat | |
| GET /v1/AUTH_test/ HTTP/1.1 | |
| Accept: */* | |
| Accept-Encoding: gzip, deflate | |
| Connection: keep-alive | |
| Host: localhost | |
| User-Agent: HTTPie/0.9.3 | |
| x-auth-token: wat | |
| HTTP/1.1 401 Unauthorized | |
| Connection: keep-alive | |
| Content-Length: 131 | |
| Content-Type: text/html; charset=UTF-8 | |
| Date: Sat, 21 May 2016 05:53:13 GMT | |
| WWW-Authenticate: Keystone uri='http://10.0.2.15:35357/' | |
| Www-Authenticate: Swift realm="AUTH_test" | |
| X-Trans-Id: tx7ee1359f7e4e46cc9fa5a-00573ff7c9 | |
| <html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html> | |
| 2. This should return a 401 as well, just slightly quicker than the first. | |
| (py27) root@saio:~/keystonemiddleware# http -v GET localhost/v1/AUTH_test/ x-auth-token:wat | |
| GET /v1/AUTH_test/ HTTP/1.1 | |
| Accept: */* | |
| Accept-Encoding: gzip, deflate | |
| Connection: keep-alive | |
| Host: localhost | |
| User-Agent: HTTPie/0.9.3 | |
| x-auth-token: wat | |
| HTTP/1.1 500 Internal Error | |
| Connection: keep-alive | |
| Content-Length: 17 | |
| Content-Type: text/plain | |
| Date: Sat, 21 May 2016 05:53:17 GMT | |
| X-Trans-Id: txaa05ce4bdf9a40e5bfa34-00573ff7cd | |
| An error occurred | |
| The Swift proxy logs showing the precise reason for the 500: | |
| May 21 05:46:55 saio proxy-server: Error: An error occurred: | |
| Traceback (most recent call last): | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/catch_errors.py", line 41, in handle_request | |
| resp = self._app_call(env) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/wsgi.py", line 1038, in _app_call | |
| resp = self.app(env, self._start_response) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/gatekeeper.py", line 99, in __call__ | |
| return self.app(env, gatekeeper_response) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/healthcheck.py", line 57, in __call__ | |
| return self.app(env, start_response) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/proxy_logging.py", line 346, in __call__ | |
| six.reraise(exc_type, exc_value, exc_traceback) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/proxy_logging.py", line 338, in __call__ | |
| iterable = self.app(env, my_start_response) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/memcache.py", line 109, in __call__ | |
| return self.app(env, start_response) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/swob.py", line 1386, in _wsgify_self | |
| return func(self, Request(env))(env, start_response) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/tempurl.py", line 346, in __call__ | |
| return self.app(env, start_response) | |
| File "/usr/local/lib/python2.7/dist-packages/swift/common/middleware/formpost.py", line 239, in __call__ | |
| return self.app(env, start_response) | |
| File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 130, in __call__ | |
| resp = self.call_func(req, *args, **self.kwargs) | |
| File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 195, in call_func | |
| return self.func(req, *args, **kwargs) | |
| File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 469, in __call__ | |
| response = self.process_request(req) | |
| File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 738, in process_request | |
| resp = super(AuthProtocol, self).process_request(request) | |
| File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 497, in process_request | |
| data, user_auth_ref = self._do_fetch_token(request.user_token) | |
| File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 537, in _do_fetch_token | |
| data = self.fetch_token(token) | |
| File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 851, in fetch_token | |
| self.log.debug('Cached token is marked unauthorized') | |
| AttributeError: 'AuthProtocol' object has no attribute '_LOG' (txn: tx3f7e3d36d87044c4a96b5-00573ff64f) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment