Public bug reported: list revoked tokens API returns 500 InternalServerError
The documentation [1] says that the API should return list of expired PKI tokens, signed by the cryptographic message syntax (CMS) but I am using token format as UUID. [1] https://developer.openstack.org/api-ref/identity/v3/?expanded=list- revoked-tokens-detail#list-revoked-tokens Sample program: 1 from keystoneauth1.identity import v3 2 from keystoneauth1 import session 3 from keystoneclient.v3 import client 4 auth = v3.Password(auth_url='http://<host-ip>/identity/v3', 5 user_id=<user_id>, 6 password=<password>, 7 project_id=<project-id>) 8 sess = session.Session(auth=auth) 9 keystone = client.Client(session=sess) 10 11 a = keystone.tokens.get_revoked() The API which is getting used is below: GET http://<host-ip>/identity/v3/auth/tokens/OS-PKI/revoked Curl command: $ curl -g -i -X GET http://10.232.48.201/identity/v3/auth/tokens/OS-PKI/revoked -H "X-Auth-Token: eb8fc9de9d154c6daa6b26a14d7c4e0f" HTTP/1.1 500 Internal Server Error Date: Wed, 07 Jun 2017 05:51:14 GMT Server: Apache/2.4.18 (Ubuntu) Vary: X-Auth-Token Content-Type: application/json Content-Length: 143 x-openstack-request-id: req-a6517dc2-08ac-4d62-8d21-c3405159e1f3 Connection: close {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} command prompt traceback: Traceback (most recent call last): File "3_keystoneclient_program.py", line 12, in <module> a = keystone.tokens.get_revoked() File "/usr/local/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/opt/stack/python-keystoneclient/keystoneclient/v3/tokens.py", line 62, in get_revoked resp, body = self._client.get(path) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 223, in get return self.request(url, 'GET', **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 382, in request resp = super(LegacyJsonAdapter, self).request(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 148, in request return self.session.request(url, method, **kwargs) File "/usr/local/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 655, in request raise exceptions.from_response(resp, method, url) keystoneauth1.exceptions.http.InternalServerError: An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-7004583f-3556-4b38-877a-b7669b3df3f8) Keystone logs: 2017-06-07 11:07:13.262 DEBUG keystone.middleware.auth [req-78ad2fdd-6a2d-4489-96c0 -98c7373b3eb2 None None] Authenticating user token from (pid=9498) process_request /usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py:40 1 2017-06-07 11:07:13.270 DEBUG keystone.middleware.auth [req-44f7294f-8430-48d3-b9a6 -4f531544c893 None None] RBAC: auth_context: {'is_delegated_auth': False, 'access_t oken_id': None, 'user_id': u'3ad182b5723d4e88b97ea7a52bf50cea', 'roles': [u'admin'] , 'user_domain_id': u'default', 'consumer_id': None, 'trustee_id': None, 'is_domain ': False, 'is_admin_project': True, 'trustor_id': None, 'token': <KeystoneToken (au dit_id=lYYEPEZaT_m5X-15TEepPQ, audit_chain_id=lYYEPEZaT_m5X-15TEepPQ) at 0x7f9872b4 f3c8>, 'project_id': u'c76af8728a56496fb67c6ace6e78657d', 'trust_id': None, 'projec t_domain_id': u'default'} from (pid=9498) fill_context /opt/stack/keystone/keystone /middleware/auth.py:239 2017-06-07 11:07:13.271 INFO keystone.common.wsgi [req-44f7294f-8430-48d3-b9a6-4f53 1544c893 None None] GET http://10.232.48.201/identity/v3/auth/tokens/OS-PKI/revoked 2017-06-07 11:07:13.271 DEBUG keystone.common.authorization [req-44f7294f-8430-48d3 -b9a6-4f531544c893 None None] RBAC: Authorizing identity:revocation_list() from (pi d=9498) _build_policy_check_credentials /opt/stack/keystone/keystone/common/authori zation.py:136 2017-06-07 11:07:13.272 DEBUG keystone.policy.backends.rules [req-44f7294f-8430-48d 3-b9a6-4f531544c893 None None] enforce identity:revocation_list: {'is_delegated_aut h': False, 'access_token_id': None, 'user_id': u'3ad182b5723d4e88b97ea7a52bf50cea', 'roles': [u'admin'], 'user_domain_id': u'default', 'consumer_id': None, 'trustee_i d': None, 'is_domain': False, 'is_admin_project': True, 'trustor_id': None, 'token' : <KeystoneToken (audit_id=lYYEPEZaT_m5X-15TEepPQ, audit_chain_id=lYYEPEZaT_m5X-15TEepPQ) at 0x7f9872b4f3c8>, 'project_id': u'c76af8728a56496fb67c6ace6e78657d', 'trust_id': None, 'project_domain_id': u'default'} from (pid=9498) enforce /opt/stack/keystone/keystone/policy/backends/rules.py:33 2017-06-07 11:07:13.274 DEBUG keystone.common.authorization [req-44f7294f-8430-48d3-b9a6-4f531544c893 None None] RBAC: Authorization granted from (pid=9498) check_policy /opt/stack/keystone/keystone/common/authorization.py:240 Wed Jun 7 09:49:23 2017 - SIGPIPE: writing to a closed pipe/socket/fd (probably th e client disconnected) on request /identity/v3/auth/tokens/OS-PKI/revoked (ip 10.23 2.48.201) !!! 2017-06-07 09:49:23.972 ERROR keystoneclient.common.cms [req-7004583f-3556-4b38-877 a-b7669b3df3f8 None None] Signing error: Unable to load certificate - ensure you ha ve configured PKI with "keystone-manage pki_setup" 2017-06-07 09:49:23.972 ERROR keystone.common.wsgi [req-7004583f-3556-4b38-877a-b76 69b3df3f8 None None] Command 'openssl' returned non-zero exit status 3: CalledProce ssError: Command 'openssl' returned non-zero exit status 3 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi Traceback (most recent call last ): 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/opt/stack/keystone/keys tone/common/wsgi.py", line 228, in __call__ 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi result = method(req, **param s) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/opt/stack/keystone/keys tone/common/controller.py", line 94, in inner 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi return f(self, request, *arg s, **kwargs) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/opt/stack/keystone/keys tone/auth/controllers.py", line 350, in revocation_list 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi CONF.signing.keyfile) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7 /dist-packages/keystoneclient/common/cms.py", line 336, in cms_sign_text 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi signing_key_file_name, messa ge_digest=message_digest) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7 /dist-packages/keystoneclient/common/cms.py", line 384, in cms_sign_data 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi raise subprocess.CalledProce ssError(retcode, 'openssl') 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi CalledProcessError: Command 'ope nssl' returned non-zero exit status 3 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi [pid: 9498|app: 0|req: 13930/27834] 10.232.48.201 () {58 vars in 1084 bytes} [Wed J un 7 09:49:23 2017] GET /identity/v3/auth/tokens/OS-PKI/revoked => generated 143 b ytes in 67 msecs (HTTP/1.1 500) 5 headers in 196 bytes (1 switches on core 0) ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1696308 Title: list revoked tokens API returns 500 InternalServerError Status in OpenStack Identity (keystone): New Bug description: list revoked tokens API returns 500 InternalServerError The documentation [1] says that the API should return list of expired PKI tokens, signed by the cryptographic message syntax (CMS) but I am using token format as UUID. [1] https://developer.openstack.org/api-ref/identity/v3/?expanded =list-revoked-tokens-detail#list-revoked-tokens Sample program: 1 from keystoneauth1.identity import v3 2 from keystoneauth1 import session 3 from keystoneclient.v3 import client 4 auth = v3.Password(auth_url='http://<host-ip>/identity/v3', 5 user_id=<user_id>, 6 password=<password>, 7 project_id=<project-id>) 8 sess = session.Session(auth=auth) 9 keystone = client.Client(session=sess) 10 11 a = keystone.tokens.get_revoked() The API which is getting used is below: GET http://<host-ip>/identity/v3/auth/tokens/OS-PKI/revoked Curl command: $ curl -g -i -X GET http://10.232.48.201/identity/v3/auth/tokens/OS-PKI/revoked -H "X-Auth-Token: eb8fc9de9d154c6daa6b26a14d7c4e0f" HTTP/1.1 500 Internal Server Error Date: Wed, 07 Jun 2017 05:51:14 GMT Server: Apache/2.4.18 (Ubuntu) Vary: X-Auth-Token Content-Type: application/json Content-Length: 143 x-openstack-request-id: req-a6517dc2-08ac-4d62-8d21-c3405159e1f3 Connection: close {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}} command prompt traceback: Traceback (most recent call last): File "3_keystoneclient_program.py", line 12, in <module> a = keystone.tokens.get_revoked() File "/usr/local/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/opt/stack/python-keystoneclient/keystoneclient/v3/tokens.py", line 62, in get_revoked resp, body = self._client.get(path) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 223, in get return self.request(url, 'GET', **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 382, in request resp = super(LegacyJsonAdapter, self).request(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 148, in request return self.session.request(url, method, **kwargs) File "/usr/local/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 655, in request raise exceptions.from_response(resp, method, url) keystoneauth1.exceptions.http.InternalServerError: An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-7004583f-3556-4b38-877a-b7669b3df3f8) Keystone logs: 2017-06-07 11:07:13.262 DEBUG keystone.middleware.auth [req-78ad2fdd-6a2d-4489-96c0 -98c7373b3eb2 None None] Authenticating user token from (pid=9498) process_request /usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py:40 1 2017-06-07 11:07:13.270 DEBUG keystone.middleware.auth [req-44f7294f-8430-48d3-b9a6 -4f531544c893 None None] RBAC: auth_context: {'is_delegated_auth': False, 'access_t oken_id': None, 'user_id': u'3ad182b5723d4e88b97ea7a52bf50cea', 'roles': [u'admin'] , 'user_domain_id': u'default', 'consumer_id': None, 'trustee_id': None, 'is_domain ': False, 'is_admin_project': True, 'trustor_id': None, 'token': <KeystoneToken (au dit_id=lYYEPEZaT_m5X-15TEepPQ, audit_chain_id=lYYEPEZaT_m5X-15TEepPQ) at 0x7f9872b4 f3c8>, 'project_id': u'c76af8728a56496fb67c6ace6e78657d', 'trust_id': None, 'projec t_domain_id': u'default'} from (pid=9498) fill_context /opt/stack/keystone/keystone /middleware/auth.py:239 2017-06-07 11:07:13.271 INFO keystone.common.wsgi [req-44f7294f-8430-48d3-b9a6-4f53 1544c893 None None] GET http://10.232.48.201/identity/v3/auth/tokens/OS-PKI/revoked 2017-06-07 11:07:13.271 DEBUG keystone.common.authorization [req-44f7294f-8430-48d3 -b9a6-4f531544c893 None None] RBAC: Authorizing identity:revocation_list() from (pi d=9498) _build_policy_check_credentials /opt/stack/keystone/keystone/common/authori zation.py:136 2017-06-07 11:07:13.272 DEBUG keystone.policy.backends.rules [req-44f7294f-8430-48d 3-b9a6-4f531544c893 None None] enforce identity:revocation_list: {'is_delegated_aut h': False, 'access_token_id': None, 'user_id': u'3ad182b5723d4e88b97ea7a52bf50cea', 'roles': [u'admin'], 'user_domain_id': u'default', 'consumer_id': None, 'trustee_i d': None, 'is_domain': False, 'is_admin_project': True, 'trustor_id': None, 'token' : <KeystoneToken (audit_id=lYYEPEZaT_m5X-15TEepPQ, audit_chain_id=lYYEPEZaT_m5X-15TEepPQ) at 0x7f9872b4f3c8>, 'project_id': u'c76af8728a56496fb67c6ace6e78657d', 'trust_id': None, 'project_domain_id': u'default'} from (pid=9498) enforce /opt/stack/keystone/keystone/policy/backends/rules.py:33 2017-06-07 11:07:13.274 DEBUG keystone.common.authorization [req-44f7294f-8430-48d3-b9a6-4f531544c893 None None] RBAC: Authorization granted from (pid=9498) check_policy /opt/stack/keystone/keystone/common/authorization.py:240 Wed Jun 7 09:49:23 2017 - SIGPIPE: writing to a closed pipe/socket/fd (probably th e client disconnected) on request /identity/v3/auth/tokens/OS-PKI/revoked (ip 10.23 2.48.201) !!! 2017-06-07 09:49:23.972 ERROR keystoneclient.common.cms [req-7004583f-3556-4b38-877 a-b7669b3df3f8 None None] Signing error: Unable to load certificate - ensure you ha ve configured PKI with "keystone-manage pki_setup" 2017-06-07 09:49:23.972 ERROR keystone.common.wsgi [req-7004583f-3556-4b38-877a-b76 69b3df3f8 None None] Command 'openssl' returned non-zero exit status 3: CalledProce ssError: Command 'openssl' returned non-zero exit status 3 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi Traceback (most recent call last ): 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/opt/stack/keystone/keys tone/common/wsgi.py", line 228, in __call__ 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi result = method(req, **param s) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/opt/stack/keystone/keys tone/common/controller.py", line 94, in inner 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi return f(self, request, *arg s, **kwargs) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/opt/stack/keystone/keys tone/auth/controllers.py", line 350, in revocation_list 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi CONF.signing.keyfile) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7 /dist-packages/keystoneclient/common/cms.py", line 336, in cms_sign_text 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi signing_key_file_name, messa ge_digest=message_digest) 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi File "/usr/local/lib/python2.7 /dist-packages/keystoneclient/common/cms.py", line 384, in cms_sign_data 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi raise subprocess.CalledProce ssError(retcode, 'openssl') 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi CalledProcessError: Command 'ope nssl' returned non-zero exit status 3 2017-06-07 09:49:23.972 TRACE keystone.common.wsgi [pid: 9498|app: 0|req: 13930/27834] 10.232.48.201 () {58 vars in 1084 bytes} [Wed J un 7 09:49:23 2017] GET /identity/v3/auth/tokens/OS-PKI/revoked => generated 143 b ytes in 67 msecs (HTTP/1.1 500) 5 headers in 196 bytes (1 switches on core 0) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1696308/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
