From 86904543ebabcc2abe0ac3fea881afa2df81ff07 Mon Sep 17 00:00:00 2001 From: Tim Burke Date: Wed, 13 Jun 2018 12:36:21 -0700 Subject: [PATCH] Handle DiscoveryFailure errors DiscoveryFailures can happen for a variety of reasons, ranging from service misconfiguration to a keystone outage to a transient network failure. If we don't catch and handle the failure here, it will almost certainly cause something further up the WSGI stack to send a 500 Internal Error (and likely log a traceback). A log line like Unable to validate token: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. Unable to establish connection to http://keystone:35357: HTTPConnectionPool(host='keystone', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] ECONNREFUSED',)) should be plenty enough for an operator to assess the situation; I don't need a 29-frame traceback. Change-Id: I946388c09b2ca0230d2cef009c679a7ac7c8398f --- keystonemiddleware/auth_token/__init__.py | 1 + .../unit/auth_token/test_auth_token_middleware.py | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py index f4917bde..46a6b1e5 100644 --- a/keystonemiddleware/auth_token/__init__.py +++ b/keystonemiddleware/auth_token/__init__.py @@ -763,6 +763,7 @@ class AuthProtocol(BaseAuthProtocol): self._token_cache.set(token_hashes[0], data) except (ksa_exceptions.ConnectFailure, + ksa_exceptions.DiscoveryFailure, ksa_exceptions.RequestTimeout, ksm_exceptions.RevocationListError, ksm_exceptions.ServiceError) as e: diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py index 4d36be14..f9916ccd 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py @@ -1070,6 +1070,17 @@ class CommonAuthTokenMiddlewareTest(object): self.assertIsNone(self._get_cached_token(ERROR_TOKEN)) self.assert_valid_last_url(ERROR_TOKEN) + def test_discovery_failure(self): + def discovery_failure_response(request, context): + raise ksa_exceptions.DiscoveryFailure( + "Could not determine a suitable URL for the plugin") + + self.requests_mock.get(BASE_URI, text=discovery_failure_response) + self.call_middleware(headers={'X-Auth-Token': 'token'}, + expected_status=503) + self.assertIsNone(self._get_cached_token('token')) + self.assertEqual(BASE_URI, self.requests_mock.last_request.url) + def test_http_request_max_retries(self): times_retry = 10 body_string = 'The Keystone service is temporarily unavailable.'