Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 12-04-2016 at 09:04
Please, ANSWER this question AT https://stackoverflow.com/questions/36566048/keyrock-error-taking-token-with-script-auth-token
Question:
Keyrock error taking token with script auth-token
Description:
trying to obtain oauth2 token with script in Get auth token for accesing Orion FI-LAB instance. I change my parameters in script, and when i try to execute :
./auth-token.sh myuser@mail.com mypass
X-Auth-Token for 'myuser@mail.com':
No token was found. I receive this in keystone.log:
2016-04-12 06:46:55.705 2171 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /etc/keystone/keystone/middleware/core.py:269
2016-04-12 06:46:55.715 2171 DEBUG keystone.common.wsgi [-] arg_dict: {} _call_ /etc/keystone/keystone/common/wsgi.py:192
2016-04-12 06:46:55.732 2171 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [12/Apr/2016 06:46:55] "GET /v3/ HTTP/1.1" 200 484 0.027293
2016-04-12 06:46:55.753 2171 DEBUG keystone.common.kvs.core [-] KVS lock acquired for: os-revoke-events acquire /etc/keystone/keystone/common/kvs/core.py:380
2016-04-12 06:46:55.753 2171 DEBUG keystone.common.kvs.core [-] KVS lock released for: os-revoke-events release /etc/keystone/keystone/common/kvs/core.py:399
2016-04-12 06:46:55.754 2171 DEBUG keystone.middleware.core [-] RBAC: auth_context:
process_request /etc/keystone/keystone/middleware/core.py:279
2016-04-12 06:46:55.772 2171 DEBUG keystone.common.wsgi [-] arg_dict: {} _call_ /etc/keystone/keystone/common/wsgi.py:192
2016-04-12 06:46:55.773 2171 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:list_roles() _build_policy_check_credentials /etc/keystone/keystone/common/controller.py:56
2016-04-12 06:46:55.773 2171 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment _build_policy_check_credentials /etc/keystone/keystone/common/controller.py:61
2016-04-12 06:46:55.774 2171 DEBUG keystone.common.controller [-] RBAC: Adding query filter params (name=basic) wrapper /etc/keystone/keystone/common/controller.py:188
2016-04-12 06:46:55.775 2171 DEBUG keystone.policy.backends.rules [-] enforce identity:list_roles:
enforce /etc/keystone/keystone/policy/backends/rules.py:100
2016-04-12 06:46:55.783 2171 ERROR keystone.common.wsgi [-] Expecting ':' delimiter: line 236 column 40 (char 12086)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi Traceback (most recent call last):
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/common/wsgi.py", line 224, in _call_
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi result = method(context, **params)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/common/controller.py", line 196, in wrapper
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi utils.flatten_dict(target))
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/policy/backends/rules.py", line 101, in enforce
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi enforce(credentials, action, target)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/policy/backends/rules.py", line 93, in enforce
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi return _ENFORCER.enforce(action, target, credentials, **extra)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/openstack/common/policy.py", line 314, in enforce
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi self.load_rules()
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/openstack/common/policy.py", line 243, in load_rules
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi self._load_policy_file(self.policy_path, force_reload)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/openstack/common/policy.py", line 265, in _load_policy_file
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi rules = Rules.load_json(data, self.default_rule)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/keystone/openstack/common/policy.py", line 132, in load_json
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi jsonutils.loads(data).items())
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/etc/keystone/.venv/local/lib/python2.7/site-packages/oslo_serialization/jsonutils.py", line 213, in loads
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi return json.loads(encodeutils.safe_decode(s, encoding), **kwargs)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/usr/lib/python2.7/json/_init_.py", line 338, in loads
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi return _default_decoder.decode(s)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/usr/lib/python2.7/json/decoder.py", line 366, in decode
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi obj, end = self.raw_decode(s, idx=_w(s, 0).end())
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi obj, end = self.scan_once(s, idx)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi ValueError: Expecting ':' delimiter: line 236 column 40 (char 12086)
2016-04-12 06:46:55.783 2171 TRACE keystone.common.wsgi
2016-04-12 06:46:55.802 2171 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [12/Apr/2016 06:46:55] "GET /v3/roles?name=basic HTTP/1.1" 500 420 0.067987
but, if i execute this curl:
curl -d '{"auth":{"passwordCredentials":
{"username": "myuser@mail.com", "password": "mypass"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens
json appears to be correct:
{"access": {"token":
{"issued_at": "2016-04-12T07:06:02.555240", "expires": "2016-04-12T08:06:02Z", "id": "39b2a5ba3459495fb411bd39c7c71477", "audit_ids": ["PMdnBWRuRvi970ulYIwOfA"]}, "serviceCatalog": [], "user":
{"username": "myuser@mail.com", "roles_links": [], "id": "myuser", "roles": [], "name": "myuser@mail.com"}, "metadata":
{"is_admin": 0, "roles": []}}}
and log show me this:
2016-04-12 07:07:40.213 2173 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /etc/keystone/keystone/middleware/core.py:269
2016-04-12 07:07:40.222 2173 DEBUG keystone.common.wsgi [-] arg_dict: {} _call_ /etc/keystone/keystone/common/wsgi.py:192
2016-04-12 07:07:40.473 2173 INFO eventlet.wsgi.server [-] 13.81.11.211 - - [12/Apr/2016 07:07:40] "POST /v2.0/tokens HTTP/1.1" 200 507 0.260248
I dont undestand first log. I think have some error in the keystone.conf, but curl with correct response ?¿?¿?¿?
Anyone can help me?
Activity
2017-05-22 18:10|UPDATED status: transition Answer| # answers= 1, accepted answer= True
2017-05-22 21:10|UPDATED status: transition Finish| # answers= 1, accepted answer= True
2017-05-22 15:15|CREATED monitor | # answers= 1, accepted answer= True