Description of problem: Sending invalid token (containing space) leads to exceptions in api.log. Version-Release number of selected component (if applicable): openstack-keystone-2012.1.2-4.el6.noarch How reproducible: Steps to Reproduce: 1. curl http://nova-api:8774/v2/d4319f044dd043ec964f235cc2993e40/servers/559ab9d4-8ace-41d8-a03f-2edd57dd972a/action -H 'X-Auth-Token: a b' -H 'Content-Type: application/json' -d '<?xml version="1.0" encoding="UTF-8"?>\n<addFloatingIp address="10.11.12.13"/>' -X POST -v Actual results: 2012-10-15 11:39:15 INFO nova.api.openstack [-] http://nova-api:8774/v2/d4319f044dd043ec964f235cc2993e40/servers/559ab9d4-8ace-41d8-a03f-2edd57dd972a/action returned with HTTP 500 2012-10-15 11:39:20 INFO nova.virt.libvirt.connection [-] Compute_service record updated for node-02.lithium.rhev.lab.eng.brq.redhat.com 2012-10-15 11:39:53 ERROR nova.api.openstack [-] Caught error: 'access' 2012-10-15 11:39:53 TRACE nova.api.openstack Traceback (most recent call last): 2012-10-15 11:39:53 TRACE nova.api.openstack File "/usr/lib/python2.6/site-packages/nova/api/openstack/__init__.py", line 82, in __call__ 2012-10-15 11:39:53 TRACE nova.api.openstack return req.get_response(self.application) 2012-10-15 11:39:53 TRACE nova.api.openstack File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response 2012-10-15 11:39:53 TRACE nova.api.openstack application, catch_exc_info=False) 2012-10-15 11:39:53 TRACE nova.api.openstack File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application 2012-10-15 11:39:53 TRACE nova.api.openstack app_iter = application(self.environ, start_response) 2012-10-15 11:39:53 TRACE nova.api.openstack File "/usr/lib/python2.6/site-packages/keystone/middleware/auth_token.py", line 174, in __call__ 2012-10-15 11:39:53 TRACE nova.api.openstack user_headers = self._build_user_headers(token_info) 2012-10-15 11:39:53 TRACE nova.api.openstack File "/usr/lib/python2.6/site-packages/keystone/middleware/auth_token.py", line 396, in _build_user_headers 2012-10-15 11:39:53 TRACE nova.api.openstack user = token_info['access']['user'] 2012-10-15 11:39:53 TRACE nova.api.openstack KeyError: 'access' 2012-10-15 11:39:53 TRACE nova.api.openstack Expected results: Some message about auth deny. Additional info:
The POST to the nova-api looks like following: > POST /v2/d4319f044dd043ec964f235cc2993e40/servers/559ab9d4-8ace-41d8-a03f-2edd57dd972a/action HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.5.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1 > Host: nova-api.lithium.rhev.lab.eng.brq.redhat.com:8774 > Accept: */* > X-Auth-Token: a b > Content-Type: application/json > Content-Length: 77 > * upload completely sent off: 77 out of 77 bytes < HTTP/1.1 500 Internal Server Error < Content-Length: 128 < Content-Type: application/json; charset=UTF-8 < Date: Mon, 15 Oct 2012 12:04:01 GMT < * Connection #0 to host nova-api... left intact {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}* Closing connection #0 I also don't like it is failing with HTTP 500 and not with HTTP 401 Unauthorized. Note there is https://bugs.launchpad.net/keystone/+bug/974319
Upstream fix for Grizzly https://review.openstack.org/#/c/18062/
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0672.html