python-keystoneclient

token-get fails without a management_url

Bug #1081192 reported by Dolph Mathews
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-keystoneclient
Fix Released
High
Dolph Mathews
python-keystoneclient 0.2.1

Bug Description

token-get fails with the following authentication response from keystone:

{"access": {"token": {"issued_at": "2012-11-20T15:59:08.040496", "expires": "2012-11-21T15:59:08Z", "id": "a7242b15acc94a6089ee73b870b233fb", "tenant": {"enabled": true, "description": null, "name": "project-x", "id": "c72ad33b78054683afc8741642cb6fa2"}}, "serviceCatalog": [{"endpoints": [{"adminURL": null, "region": "North", "internalURL": null, "id": "425de0e81586448bb6af3be5591f1fd2", "publicURL": "http://north.nova.openstack/"}, {"adminURL": null, "region": "South", "internalURL": null, "id": "82b79795a20e4c77bf62b474edc48252", "publicURL": "http://south.supernova.openstack/"}], "endpoints_links": [], "type": "compute", "name": "Supernova"}], "user": {"username": "joe", "roles_links": [], "id": "2f6e164bf01b45c2bb5440b3b1d5ed61", "roles": [{"name": "member"}], "name": "joe"}, "metadata": {"is_admin": 0, "roles": ["5336ade4c234492097be35b82f2627e3"]}}}

Due to:

Traceback (most recent call last):
  File "/Users/dolph/Environments/os/bin/keystone", line 9, in <module>
    load_entry_point('python-keystoneclient==0.2.0', 'console_scripts', 'keystone')()
  File "/Users/dolph/Projects/keystone/vendor/python-keystoneclient-master/keystoneclient/shell.py", line 432, in main
    OpenStackIdentityShell().main(sys.argv[1:])
  File "/Users/dolph/Projects/keystone/vendor/python-keystoneclient-master/keystoneclient/shell.py", line 373, in main
    debug=args.debug)
  File "/Users/dolph/Projects/keystone/vendor/python-keystoneclient-master/keystoneclient/v2_0/client.py", line 135, in __init__
    self.authenticate()
  File "/Users/dolph/Projects/keystone/vendor/python-keystoneclient-master/keystoneclient/v2_0/client.py", line 197, in authenticate
    "%s" % e)
keystoneclient.exceptions.AuthorizationFailure: Authorization Failed: 'NoneType' object has no attribute '__getitem__'

The client is assuming that a management URL exists just because authentication is scoped, even though a management URL is not necessary or applicable to non-admin users.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-keystoneclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/16540

Changed in python-keystoneclient:
status: New → In Progress
Dolph Mathews (dolph)
Changed in python-keystoneclient:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-keystoneclient (master)

Reviewed: https://review.openstack.org/16540
Committed: http://github.com/openstack/python-keystoneclient/commit/e4ed1f39a03d9979e8b41cfc6ef0daea159034a4
Submitter: Jenkins
Branch: master

commit e4ed1f39a03d9979e8b41cfc6ef0daea159034a4
Author: Dolph Mathews <email address hidden>
Date: Tue Nov 20 10:16:56 2012 -0600

    Fix scoped auth for non-admins (bug 1081192)

    Change-Id: I6c92e026c5f46ac29947d6e0e94f571ccd48f032

Changed in python-keystoneclient:
status: In Progress → Fix Committed
Dolph Mathews (dolph)
Changed in python-keystoneclient:
milestone: none → 0.2.1
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.