From bc03de9ca412805490a39dfbd00b4f938e64895b Mon Sep 17 00:00:00 2001
From: Guang Yee <guang.yee@suse.com>
Date: Thu, 25 Oct 2018 13:01:23 -0700
Subject: [PATCH] Skip the services with no endpoints when parsing service
 catalog

When parsing the service catalog to find the source, audit middleware
should skip over the services which have no endpoints instead of
assuming they will have at least one endpoint.

Change-Id: I287873e99338d95baaf20d52ecb3a43763a401fc
Closes-Bug: #1800017
(cherry picked from commit 6779838a242b222672721407cc320672ab24067a)
---
 keystonemiddleware/audit/_api.py                |  5 +++++
 .../tests/unit/audit/test_audit_api.py          | 17 +++++++++++++++++
 .../notes/bug-1800017-0e5a9b8f62b5ca60.yaml     |  7 +++++++
 3 files changed, 29 insertions(+)
 create mode 100644 releasenotes/notes/bug-1800017-0e5a9b8f62b5ca60.yaml

diff --git a/keystonemiddleware/audit/_api.py b/keystonemiddleware/audit/_api.py
index d05d7326..e6921518 100644
--- a/keystonemiddleware/audit/_api.py
+++ b/keystonemiddleware/audit/_api.py
@@ -261,6 +261,11 @@ class OpenStackAuditApi(object):
 
         default_endpoint = None
         for endp in catalog:
+            if not endp['endpoints']:
+                self._log.warning(
+                    'Skipping service %s as it have no endpoints.',
+                    endp['name'])
+                continue
             endpoint_urls = endp['endpoints'][0]
             admin_urlparse = urlparse.urlparse(
                 endpoint_urls.get('adminURL', ''))
diff --git a/keystonemiddleware/tests/unit/audit/test_audit_api.py b/keystonemiddleware/tests/unit/audit/test_audit_api.py
index 367d7d06..1512e9dd 100644
--- a/keystonemiddleware/tests/unit/audit/test_audit_api.py
+++ b/keystonemiddleware/tests/unit/audit/test_audit_api.py
@@ -303,6 +303,23 @@ class AuditApiLogicTest(base.BaseAuditMiddlewareTest):
         payload = self.get_payload('GET', url, environ=env_headers)
         self.assertEqual((payload['target']['addresses'][0]['url']), "unknown")
 
+    def test_service_with_no_endpoints(self):
+        env_headers = {'HTTP_X_SERVICE_CATALOG':
+                       '''[{"endpoints_links": [],
+                             "endpoints": [],
+                             "type": "foo",
+                             "name": "bar"}]''',
+                       'HTTP_X_USER_ID': 'user_id',
+                       'HTTP_X_USER_NAME': 'user_name',
+                       'HTTP_X_AUTH_TOKEN': 'token',
+                       'HTTP_X_PROJECT_ID': 'tenant_id',
+                       'HTTP_X_IDENTITY_STATUS': 'Confirmed',
+                       'REQUEST_METHOD': 'GET'}
+
+        url = 'http://public_host:8774/v2/' + str(uuid.uuid4()) + '/servers'
+        payload = self.get_payload('GET', url, environ=env_headers)
+        self.assertEqual(payload['target']['name'], "unknown")
+
     def test_no_auth_token(self):
         # Test cases where API requests such as Swift list public containers
         # which does not require an auth token. In these cases, CADF event
diff --git a/releasenotes/notes/bug-1800017-0e5a9b8f62b5ca60.yaml b/releasenotes/notes/bug-1800017-0e5a9b8f62b5ca60.yaml
new file mode 100644
index 00000000..0b1c75fc
--- /dev/null
+++ b/releasenotes/notes/bug-1800017-0e5a9b8f62b5ca60.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    [`bug 1800017 <https://bugs.launchpad.net/keystonemiddleware/+bug/1800017>`_]
+    Fix audit middleware service catalog parsing for the scenario where a
+    service does not contain any endpoints. In that case, we should just skip
+    over that service.