Public bug reported: Ther'a 2 issues with authentication.
1. Consider the following code. """ client = swift_api_client.Connection( user=keystone.user.username, preauthurl=url, preauthtoken=keystone.user.token.id, tenant_name=keystone.user.tenant_name, insecure=insecure, cacert=cacert) """ Since ther's no ``auth_version`` specified, 1 used by default. In this case swiftclient will try to use ``get_auth_1_0``: """ storage_url, token = get_auth_1_0(auth_url, user, key, kwargs.get('snet'), insecure=insecure) """ As you can see, no keystone token passed to that function, therefore authentication fails. Furthermore, swiftclient will fail miserably with exception: """ Traceback (most recent call last): File "./test_keystone.py", line 22, in <module> t.run('blah', user_id=483) File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 75, in run return self.test(swift_client) File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 45, in test swift_client.get_capabilities() File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities url, _ = self.get_auth() File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth insecure=self.insecure) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth insecure=insecure) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0 parsed, conn = http_connection(url, insecure=insecure) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection conn = HTTPConnection(*arg, **kwarg) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__ self.parsed_url = urlparse(url) File "/usr/lib/python2.7/urlparse.py", line 143, in urlparse tuple = urlsplit(url, scheme, allow_fragments) File "/usr/lib/python2.7/urlparse.py", line 182, in urlsplit i = url.find(':') AttributeError: 'NoneType' object has no attribute 'find' """ 2. If you specify auth_version = 2, the following code will be executed. """ elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3: # We are allowing to specify a token/storage-url to re-use # without having to re-authenticate. if (os_options.get('object_storage_url') and os_options.get('auth_token')): return (os_options.get('object_storage_url'), os_options.get('auth_token')) """ It checks if there are ``object_storage_url`` and ``auth_token`` argumens were provided. Of course they were absent, since initial values were: os_options or {} So in order to get it working, you have to specify those options manually: """ client.os_options = { 'object_storage_url': url, 'auth_token': keystone.user.token.id, } """ Conclusion. The only way to use swift client with existing tokens is the following: """ def get_swift_client(self, keystone): insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) url = keystone.url_for('object-store') client = swift_api_client.Connection( user=keystone.user.username, preauthurl=url, preauthtoken=keystone.user.token.id, tenant_name=keystone.user.tenant_name, insecure=insecure, cacert=cacert, auth_version=2) client.os_options = { 'object_storage_url': url, 'auth_token': keystone.user.token.id, } return client """ I think you should fix version handling or reflect the way it works in documentation. ** Affects: python-swiftclient Importance: Undecided Status: New ** Project changed: nova => python-swiftclient ** Description changed: Ther'a 2 issues with authentication. 1. Consider the following code. """ - client = swift_api_client.Connection( - user=keystone.user.username, - preauthurl=url, - preauthtoken=keystone.user.token.id, - tenant_name=keystone.user.tenant_name, - insecure=insecure, - cacert=cacert) + client = swift_api_client.Connection( + user=keystone.user.username, + preauthurl=url, + preauthtoken=keystone.user.token.id, + tenant_name=keystone.user.tenant_name, + insecure=insecure, + cacert=cacert) """ Since ther's no ``auth_version`` specified, 1 used by default. In this case swiftclient will try to use ``get_auth_1_0``: """ - storage_url, token = get_auth_1_0(auth_url, - user, - key, - kwargs.get('snet'), - insecure=insecure) + storage_url, token = get_auth_1_0(auth_url, + user, + key, + kwargs.get('snet'), + insecure=insecure) """ As you can see, no keystone token passed to that function, therefore authentication fails. Furthermore, swiftclient will fail miserably with exception: """ Traceback (most recent call last): File "./test_keystone.py", line 22, in <module> t.run('blah', user_id=483) - File "/home/xentime/src/xentime_dev/stack/swift_task.py", line 75, in run + File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 75, in run return self.test(swift_client) - File "/home/xentime/src/xentime_dev/stack/swift_task.py", line 45, in test + File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 45, in test swift_client.get_capabilities() - File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities + File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities url, _ = self.get_auth() - File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth + File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth insecure=self.insecure) - File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth + File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth insecure=insecure) - File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0 + File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0 parsed, conn = http_connection(url, insecure=insecure) - File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection + File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection conn = HTTPConnection(*arg, **kwarg) - File "/home/xentime/.virtualenvs/xentime/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__ + File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__ self.parsed_url = urlparse(url) File "/usr/lib/python2.7/urlparse.py", line 143, in urlparse tuple = urlsplit(url, scheme, allow_fragments) File "/usr/lib/python2.7/urlparse.py", line 182, in urlsplit i = url.find(':') AttributeError: 'NoneType' object has no attribute 'find' + """ 2. If you specify auth_version = 2, the following code will be executed. """ - elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3: - # We are allowing to specify a token/storage-url to re-use - # without having to re-authenticate. - if (os_options.get('object_storage_url') and - os_options.get('auth_token')): - return (os_options.get('object_storage_url'), - os_options.get('auth_token')) + elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3: + # We are allowing to specify a token/storage-url to re-use + # without having to re-authenticate. + if (os_options.get('object_storage_url') and + os_options.get('auth_token')): + return (os_options.get('object_storage_url'), + os_options.get('auth_token')) """ It checks if there are ``object_storage_url`` and ``auth_token`` argumens were provided. Of course they were absent, since initial values were: os_options or {} So in order to get it working, you have to specify those options manually: """ - client.os_options = { - 'object_storage_url': url, - 'auth_token': keystone.user.token.id, - } + client.os_options = { + 'object_storage_url': url, + 'auth_token': keystone.user.token.id, + } """ Conclusion. The only way to use swift client with existing tokens is the following: """ - def get_swift_client(self, keystone): - insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) - cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) - url = keystone.url_for('object-store') + def get_swift_client(self, keystone): + insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) + cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) + url = keystone.url_for('object-store') - client = swift_api_client.Connection( - user=keystone.user.username, - preauthurl=url, - preauthtoken=keystone.user.token.id, - tenant_name=keystone.user.tenant_name, - insecure=insecure, - cacert=cacert, - auth_version=2) + client = swift_api_client.Connection( + user=keystone.user.username, + preauthurl=url, + preauthtoken=keystone.user.token.id, + tenant_name=keystone.user.tenant_name, + insecure=insecure, + cacert=cacert, + auth_version=2) - client.os_options = { - 'object_storage_url': url, - 'auth_token': keystone.user.token.id, - } - return client + client.os_options = { + 'object_storage_url': url, + 'auth_token': keystone.user.token.id, + } + return client """ - - I think you should fix version handling or reflect the way it works in documentation. + I think you should fix version handling or reflect the way it works in + documentation. -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1483254 Title: Swift fails to authenticate user by token Status in python-swiftclient: New Bug description: Ther'a 2 issues with authentication. 1. Consider the following code. """ client = swift_api_client.Connection( user=keystone.user.username, preauthurl=url, preauthtoken=keystone.user.token.id, tenant_name=keystone.user.tenant_name, insecure=insecure, cacert=cacert) """ Since ther's no ``auth_version`` specified, 1 used by default. In this case swiftclient will try to use ``get_auth_1_0``: """ storage_url, token = get_auth_1_0(auth_url, user, key, kwargs.get('snet'), insecure=insecure) """ As you can see, no keystone token passed to that function, therefore authentication fails. Furthermore, swiftclient will fail miserably with exception: """ Traceback (most recent call last): File "./test_keystone.py", line 22, in <module> t.run('blah', user_id=483) File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 75, in run return self.test(swift_client) File "/home/testproject/src/testproject_dev/stack/swift_task.py", line 45, in test swift_client.get_capabilities() File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1386, in get_capabilities url, _ = self.get_auth() File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 1210, in get_auth insecure=self.insecure) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 377, in get_auth insecure=insecure) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 255, in get_auth_1_0 parsed, conn = http_connection(url, insecure=insecure) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 249, in http_connection conn = HTTPConnection(*arg, **kwarg) File "/home/testproject/.virtualenvs/testproject/local/lib/python2.7/site-packages/swiftclient/client.py", line 156, in __init__ self.parsed_url = urlparse(url) File "/usr/lib/python2.7/urlparse.py", line 143, in urlparse tuple = urlsplit(url, scheme, allow_fragments) File "/usr/lib/python2.7/urlparse.py", line 182, in urlsplit i = url.find(':') AttributeError: 'NoneType' object has no attribute 'find' """ 2. If you specify auth_version = 2, the following code will be executed. """ elif auth_version in AUTH_VERSIONS_V2 + AUTH_VERSIONS_V3: # We are allowing to specify a token/storage-url to re-use # without having to re-authenticate. if (os_options.get('object_storage_url') and os_options.get('auth_token')): return (os_options.get('object_storage_url'), os_options.get('auth_token')) """ It checks if there are ``object_storage_url`` and ``auth_token`` argumens were provided. Of course they were absent, since initial values were: os_options or {} So in order to get it working, you have to specify those options manually: """ client.os_options = { 'object_storage_url': url, 'auth_token': keystone.user.token.id, } """ Conclusion. The only way to use swift client with existing tokens is the following: """ def get_swift_client(self, keystone): insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) url = keystone.url_for('object-store') client = swift_api_client.Connection( user=keystone.user.username, preauthurl=url, preauthtoken=keystone.user.token.id, tenant_name=keystone.user.tenant_name, insecure=insecure, cacert=cacert, auth_version=2) client.os_options = { 'object_storage_url': url, 'auth_token': keystone.user.token.id, } return client """ I think you should fix version handling or reflect the way it works in documentation. To manage notifications about this bug go to: https://bugs.launchpad.net/python-swiftclient/+bug/1483254/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp