1688685 – Dashboard crashing during login in a multi-domain environment

Bug 1688685 - Dashboard crashing during login in a multi-domain environment

Summary: Dashboard crashing during login in a multi-domain environment

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-django-horizon
Sub Component:
Version:	10.0 (Newton)
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	10.0 (Newton)
Assignee:	Radomir Dopieralski
QA Contact:	Beth White
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1689626
TreeView+	depends on / blocked

Reported:	2019-03-14 08:41 UTC by PURANDHAR SAIRAM MANNIDI
Modified:	2019-03-17 04:12 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-03-15 05:51:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Launchpad	1587951	0	None	None	None	2019-03-14 10:04:02 UTC
OpenStack gerrit	323986	0	None	None	None	2019-03-14 10:04:51 UTC

Description PURANDHAR SAIRAM MANNIDI 2019-03-14 08:41:01 UTC

Description of problem:

Dashboard crashing during login using a domain admin in a multi-domain environment.

2019-03-14 10:29:34,569 430054 WARNING openstack_dashboard.api.keystone Pure project admin doesn't have a domain token
2019-03-14 10:29:34,569 430054 ERROR django.request Internal Server Error: /dashboard/identity/
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/lib/python2.7/site-packages/horizon/decorators.py", line 36, in dec
    return view_func(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/horizon/decorators.py", line 52, in dec
    return view_func(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/horizon/decorators.py", line 36, in dec
    return view_func(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 89, in dispatch
    return handler(request, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/horizon/tables/views.py", line 219, in get
    handled = self.construct_tables()
  File "/usr/lib/python2.7/site-packages/horizon/tables/views.py", line 210, in construct_tables
    handled = self.handle_table(table)
  File "/usr/lib/python2.7/site-packages/horizon/tables/views.py", line 123, in handle_table
    data = self._get_data_dict()
  File "/usr/lib/python2.7/site-packages/horizon/tables/views.py", line 247, in _get_data_dict
    self._data = {self.table_class._meta.name: self.get_data()}
  File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/identity/projects/views.py", line 118, in get_data
    t.domain_name = domain_lookup.get(t.domain_id)
AttributeError: 'NoneType' object has no attribute 'get'

Version-Release number of selected component (if applicable):
Red Hat OpenStack Platform 10

How reproducible:
Always

Steps to Reproduce:
1. Create a admin user for a domain who doesn't have access to other domains
2. Try to login using the new user and horizon is crashing.
3.

Actual results:
horizon crashing

Expected results:
horizon should show identity page

Additional info:

Comment 1 PURANDHAR SAIRAM MANNIDI 2019-03-14 08:58:33 UTC

The issue is with /usr/share/openstack-dashboard/openstack_dashboard/api/keystone.py in domain_lookup function.


when the user doesn't have list_domains privilege, the exception is generated.

================================
def domain_lookup(request):
    if policy.check((("identity", "identity:list_domains"),), request) \
            and request.session.get('domain_token'):
        try:
            domains = domain_list(request)
            return dict((d.id, d.name) for d in domains)
        except Exception:
            LOG.warning("Pure project admin doesn't have a domain token")
            return None <====== here
    else:
        domain = get_default_domain(request)
        return {domain.id: domain.name}
==================================

Tested by commenting out the following code:

def domain_lookup(request):
    if policy.check((("identity", "identity:list_domains"),), request) \
            and request.session.get('domain_token'):
        try:
            domains = domain_list(request)
            return dict((d.id, d.name) for d in domains)
        except Exception:
            LOG.warning("Pure project admin doesn't have a domain token")
            #return None
    #else:
    domain = get_default_domain(request)
    return {domain.id: domain.name}

=======================================

Note You need to log in before you can comment on or make changes to this bug.