Glance

Glance does not error gracefully on token validation error

  1. Series liberty
  2. Bug #1504184
Bug #1504184 reported by Martin Tsvetanov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
High
Martin Tsvetanov
Glance mitaka-1 "m1"
Kilo
New
Undecided
Unassigned
Liberty
Fix Committed
High
Flavio Percoco

Bug Description

When the registry has an error validating the token that the api has sent it a 500 is returned, rather than 401. This is with the latest master.

{code}
2015-10-08 15:03:16.939 ERROR glance.registry.client.v1.client [req-b561060e-d60c-4085-820d-1e87e64448ed 9f81b40c4b484be99a06754f32500271 51852dcd7e304719939f29fc2c3f3558] Registry client request GET /images/detail raised NotAuthenticated
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client Traceback (most recent call last):
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client File "/opt/stack/glance/glance/registry/client/v1/client.py", line 121, in do_request
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client **kwargs)
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client File "/opt/stack/glance/glance/common/client.py", line 74, in wrapped
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client return func(self, *args, **kwargs)
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client File "/opt/stack/glance/glance/common/client.py", line 375, in do_request
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client headers=copy.deepcopy(headers))
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client File "/opt/stack/glance/glance/common/client.py", line 88, in wrapped
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client return func(self, method, url, body, headers)
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client File "/opt/stack/glance/glance/common/client.py", line 517, in _do_request
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client raise exception.NotAuthenticated(res.read())
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client NotAuthenticated: Authentication required
2015-10-08 15:03:16.939 TRACE glance.registry.client.v1.client
2015-10-08 15:03:16.940 ERROR glance.common.wsgi [req-b561060e-d60c-4085-820d-1e87e64448ed 9f81b40c4b484be99a06754f32500271 51852dcd7e304719939f29fc2c3f3558] Caught error: Authentication required
2015-10-08 15:03:16.940 TRACE glance.common.wsgi Traceback (most recent call last):
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/common/wsgi.py", line 879, in __call__
2015-10-08 15:03:16.940 TRACE glance.common.wsgi request, **action_args)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/common/wsgi.py", line 907, in dispatch
2015-10-08 15:03:16.940 TRACE glance.common.wsgi return method(*args, **kwargs)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/api/v1/images.py", line 366, in detail
2015-10-08 15:03:16.940 TRACE glance.common.wsgi images = registry.get_images_detail(req.context, **params)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/registry/client/v1/api.py", line 161, in get_images_detail
2015-10-08 15:03:16.940 TRACE glance.common.wsgi return c.get_images_detailed(**kwargs)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/registry/client/v1/client.py", line 150, in get_images_detailed
2015-10-08 15:03:16.940 TRACE glance.common.wsgi res = self.do_request("GET", "/images/detail", params=params)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/registry/client/v1/client.py", line 136, in do_request
2015-10-08 15:03:16.940 TRACE glance.common.wsgi 'exc_name': exc_name})
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 195, in __exit__
2015-10-08 15:03:16.940 TRACE glance.common.wsgi six.reraise(self.type_, self.value, self.tb)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/registry/client/v1/client.py", line 121, in do_request
2015-10-08 15:03:16.940 TRACE glance.common.wsgi **kwargs)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/common/client.py", line 74, in wrapped
2015-10-08 15:03:16.940 TRACE glance.common.wsgi return func(self, *args, **kwargs)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/common/client.py", line 375, in do_request
2015-10-08 15:03:16.940 TRACE glance.common.wsgi headers=copy.deepcopy(headers))
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/common/client.py", line 88, in wrapped
2015-10-08 15:03:16.940 TRACE glance.common.wsgi return func(self, method, url, body, headers)
2015-10-08 15:03:16.940 TRACE glance.common.wsgi File "/opt/stack/glance/glance/common/client.py", line 517, in _do_request
2015-10-08 15:03:16.940 TRACE glance.common.wsgi raise exception.NotAuthenticated(res.read())
2015-10-08 15:03:16.940 TRACE glance.common.wsgi NotAuthenticated: Authentication required
2015-10-08 15:03:16.940 TRACE glance.common.wsgi
2015-10-08 15:03:16.993 INFO eventlet.wsgi.server [req-b561060e-d60c-4085-820d-1e87e64448ed 9f81b40c4b484be99a06754f32500271 51852dcd7e304719939f29fc2c3f3558] 192.168.0.100 - - [08/Oct/2015 15:03:16] "GET /v1/images/detail?sort_key=name&sort_dir=asc&limit=20 HTTP/1.1" 500 454 0.891754
{code}

Martin Tsvetanov (martin-iva-tsvetanov)
Changed in glance:
assignee: nobody → Martin Tsvetanov (martin-iva-tsvetanov)
Erno Kuvaja (jokke)
Changed in glance:
status: New → Triaged
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/235841

Changed in glance:
status: Triaged → In Progress
Flavio Percoco (flaper87)
Changed in glance:
milestone: none → mitaka-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/236679

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/235841
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=5734d7c16f3a41c250249f538f70634ad521207e
Submitter: Jenkins
Branch: master

commit 5734d7c16f3a41c250249f538f70634ad521207e
Author: Martin Tsvetanov <email address hidden>
Date: Fri Oct 16 10:28:01 2015 +0000

    Fixed registry invalid token exception handling

    When the registry has an error validating the token that the api
    has sent it a 500 is returned rather than 401. This fix catches the
    NotAuthenticated exception and throws an HTTPUnauthorized instead.

    Change-Id: I405cd98346e2df06c02e37bfdf903a54a29f7b19
    Closes-bug:1504184

Changed in glance:
status: In Progress → Fix Committed
Revision history for this message
Erno Kuvaja (jokke) wrote :

I think craping out due to missed authentication is critical enough to backport to Kilo as well.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (stable/liberty)

Reviewed: https://review.openstack.org/236679
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=25ead6a4dab48950bf1cd36d7d554c9e8c20add4
Submitter: Jenkins
Branch: stable/liberty

commit 25ead6a4dab48950bf1cd36d7d554c9e8c20add4
Author: Martin Tsvetanov <email address hidden>
Date: Fri Oct 16 10:28:01 2015 +0000

    Fixed registry invalid token exception handling

    When the registry has an error validating the token that the api
    has sent it a 500 is returned rather than 401. This fix catches the
    NotAuthenticated exception and throws an HTTPUnauthorized instead.

    Change-Id: I405cd98346e2df06c02e37bfdf903a54a29f7b19
    Closes-bug:1504184
    (cherry picked from 5734d7c16f3a41c250249f538f70634ad521207e)

Doug Hellmann (doug-hellmann)
Changed in glance:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/glance 11.0.1

This issue was fixed in the openstack/glance 11.0.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.