python-keystoneclient

mod_wsgi exception processing UTF-8 Header

Bug #1312971 reported by Adam Young on 2014-04-25

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenStack Identity (keystone)	Fix Released	Medium	Adam Young	OpenStack Identity (keystone) 2014.2 "juno"
Icehouse	Fix Released	Medium	Nathan Kinder	OpenStack Identity (keystone) 2014.1.3
python-keystoneclient	Won't Fix	Medium	Adam Young

Bug Description

Using master version of python-keystoneclient (not yet released) gives the following error when running with Keystone in Apache HTTPD and requesting a V3 Token

[Fri Apr 25 18:28:14.775659 2014] [:error] [pid 5075] [remote 10.10.63.250:2982] mod_wsgi (pid=5075): Exception occurred processing WSGI script '/var/www/cgi-bin/keystone/main'.
[Fri Apr 25 18:28:14.775801 2014] [:error] [pid 5075] [remote 10.10.63.250:2982] TypeError: expected byte string object for header value, value of type unicode found

Its due to the utf-8 encoding in keystoneclient/common/cms.py which is making the PKI token Unicode instead of str.

Dolph Mathews (dolph) on 2014-04-26

affects:	keystone → python-keystoneclient
Changed in python-keystoneclient:
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

Adam Young (ayoung) wrote on 2014-04-26:

Lets track it for both: it might not really be an issue that cms has converted from str to utf-8 for most things, just that mod_wsgi is enforcing what comes across in the header. I have a patch submitted alrady that mitigates the Keystone problem: https://review.openstack.org/#/c/90476/ I'll make sure it gets linked here.

summary:

- mod_wsgi exception processing UTF-F Header
+ mod_wsgi exception processing UTF-8 Header

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-04-28:

I'm not sure I understand the point of a service-side patch to mitigate an issue in an unreleased client. Fix the client, and the service should never actually see the problem?

Changed in keystone:
status:	New → Incomplete

Adam Young (ayoung) on 2014-04-28

Changed in keystone:
assignee:	nobody → Adam Young (ayoung)
Changed in python-keystoneclient:
assignee:	nobody → Adam Young (ayoung)

Openstack Gerrit (openstack-gerrit) on 2014-04-30

Changed in keystone:
status:	Incomplete → In Progress

Revision history for this message

Openstack Gerrit (openstack-gerrit) wrote on 2014-05-02: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/90476
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ba1bba8257716c2f5aa668e496173e96a80f0e43
Submitter: Jenkins
Branch: master

commit ba1bba8257716c2f5aa668e496173e96a80f0e43
Author: Adam Young <email address hidden>
Date: Fri Apr 25 17:03:16 2014 -0400

Ensure token is a string

Token is passed as a header from wsgi to HTTPD
If that token is unicode, it triggers an exception in mod_wsgi

Closes-Bug: 1312971

Change-Id: I4bb6ef6c98fbcd35435956d701f1ee3281e9935a

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-06-11

Changed in keystone:
milestone:	none → juno-1
status:	Fix Committed → Fix Released

Nathan Kinder (nkinder) on 2014-08-26

tags:

added: icehouse-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-26: Fix proposed to keystone (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/116991

Morgan Fainberg (mdrnstm) on 2014-08-31

Changed in python-keystoneclient:
importance:	High → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-04: Fix merged to keystone (stable/icehouse)

Reviewed: https://review.openstack.org/116991
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=824f66df77fbb85fb3d5a36cb7a1fc2308ca519d
Submitter: Jenkins
Branch: stable/icehouse

commit 824f66df77fbb85fb3d5a36cb7a1fc2308ca519d
Author: Adam Young <email address hidden>
Date: Fri Apr 25 17:03:16 2014 -0400

Ensure token is a string

Token is passed as a header from wsgi to HTTPD
If that token is unicode, it triggers an exception in mod_wsgi

Closes-Bug: 1312971

Change-Id: I4bb6ef6c98fbcd35435956d701f1ee3281e9935a
(cherry picked from commit ba1bba8257716c2f5aa668e496173e96a80f0e43)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-15: Change abandoned on keystone (master)

Change abandoned by Ryan Hsu (<email address hidden>) on branch: master
Review: https://review.openstack.org/121711
Reason: Testing

Morgan Fainberg (mdrnstm) on 2014-09-23

tags:

removed: icehouse-backport-potential

Dolph Mathews (dolph) on 2014-09-26

Changed in keystone:
importance:	Undecided → Medium

Thierry Carrez (ttx) on 2014-10-16

Changed in keystone:
milestone:	juno-1 → 2014.2

Revision history for this message

Steve Martinelli (stevemar) wrote on 2015-11-27:

we will not be pursuing any more PKI related work, as of Mitaka the keystone team has deprecated PKI tokens.

Changed in python-keystoneclient:
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.