summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Burke <tim.burke@gmail.com>2018-06-13 12:36:21 -0700
committerTim Burke <tim@swiftstack.com>2018-08-01 23:26:13 +0000
commit86904543ebabcc2abe0ac3fea881afa2df81ff07 (patch)
tree10309f960cfd081db2aae84db70c7d5e6ed4682a
parentd1b7a1f0922419f956001f4bf14ad3e77449c860 (diff)
Handle DiscoveryFailure errors
DiscoveryFailures can happen for a variety of reasons, ranging from service misconfiguration to a keystone outage to a transient network failure. If we don't catch and handle the failure here, it will almost certainly cause something further up the WSGI stack to send a 500 Internal Error (and likely log a traceback). A log line like Unable to validate token: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. Unable to establish connection to http://keystone:35357: HTTPConnectionPool(host='keystone', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fc53e22e050>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',)) should be plenty enough for an operator to assess the situation; I don't need a 29-frame traceback. Change-Id: I946388c09b2ca0230d2cef009c679a7ac7c8398f
Notes
Notes (review): Code-Review+2: Colleen Murphy <colleen@gazlene.net> Code-Review+2: Gage Hugo <gagehugo@gmail.com> Workflow+1: Gage Hugo <gagehugo@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 28 Aug 2018 16:21:59 +0000 Reviewed-on: https://review.openstack.org/575214 Project: openstack/keystonemiddleware Branch: refs/heads/master
-rw-r--r--keystonemiddleware/auth_token/__init__.py1
-rw-r--r--keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py11
2 files changed, 12 insertions, 0 deletions
diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index f4917bd..46a6b1e 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -763,6 +763,7 @@ class AuthProtocol(BaseAuthProtocol):
763 self._token_cache.set(token_hashes[0], data) 763 self._token_cache.set(token_hashes[0], data)
764 764
765 except (ksa_exceptions.ConnectFailure, 765 except (ksa_exceptions.ConnectFailure,
766 ksa_exceptions.DiscoveryFailure,
766 ksa_exceptions.RequestTimeout, 767 ksa_exceptions.RequestTimeout,
767 ksm_exceptions.RevocationListError, 768 ksm_exceptions.RevocationListError,
768 ksm_exceptions.ServiceError) as e: 769 ksm_exceptions.ServiceError) as e:
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 4d36be1..f9916cc 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -1070,6 +1070,17 @@ class CommonAuthTokenMiddlewareTest(object):
1070 self.assertIsNone(self._get_cached_token(ERROR_TOKEN)) 1070 self.assertIsNone(self._get_cached_token(ERROR_TOKEN))
1071 self.assert_valid_last_url(ERROR_TOKEN) 1071 self.assert_valid_last_url(ERROR_TOKEN)
1072 1072
1073 def test_discovery_failure(self):
1074 def discovery_failure_response(request, context):
1075 raise ksa_exceptions.DiscoveryFailure(
1076 "Could not determine a suitable URL for the plugin")
1077
1078 self.requests_mock.get(BASE_URI, text=discovery_failure_response)
1079 self.call_middleware(headers={'X-Auth-Token': 'token'},
1080 expected_status=503)
1081 self.assertIsNone(self._get_cached_token('token'))
1082 self.assertEqual(BASE_URI, self.requests_mock.last_request.url)
1083
1073 def test_http_request_max_retries(self): 1084 def test_http_request_max_retries(self):
1074 times_retry = 10 1085 times_retry = 10
1075 body_string = 'The Keystone service is temporarily unavailable.' 1086 body_string = 'The Keystone service is temporarily unavailable.'