diff options
author | Matt Riedemann <mriedem.os@gmail.com> | 2017-11-21 12:01:33 -0500 |
---|---|---|
committer | Eric Fried <efried@us.ibm.com> | 2017-11-28 12:22:30 -0600 |
commit | cff8b088370c9190e402ece1a9ff48eae27677f7 (patch) | |
tree | 464392ecc0c46d34c8518902fc46cd01158c53c9 /nova/service_auth.py | |
parent | 42706270b92dd12456ba385ebfce38b99431940d (diff) | |
download | nova-cff8b088370c9190e402ece1a9ff48eae27677f7.tar.gz |
Fix NoneType error when [service_user] is misconfigured
If the [service_user]/send_service_user_token option is
set to True but the actual auth options are incomplete,
like missing to set the auth_type option, we eventually
fail to re-auth with keystone due to a NoneType error
in keystoneauth1.
We can detect this issue because load_auth_from_conf_options
will return None and we can just log a warning and continue
as if the service user was never configured in the first place.
Co-Authored-By: Eric Fried <efried@us.ibm.com>
Change-Id: I0a96c835d620307f1ab34736ba42c2deb1321a23
Closes-Bug: #1733642
Diffstat (limited to 'nova/service_auth.py')
-rw-r--r-- | nova/service_auth.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/nova/service_auth.py b/nova/service_auth.py index b9191f3033..f5ae0646d8 100644 --- a/nova/service_auth.py +++ b/nova/service_auth.py @@ -13,15 +13,23 @@ from keystoneauth1 import loading as ks_loading from keystoneauth1 import service_token +from oslo_log import log as logging import nova.conf CONF = nova.conf.CONF +LOG = logging.getLogger(__name__) _SERVICE_AUTH = None +def reset_globals(): + """For async unit test consistency.""" + global _SERVICE_AUTH + _SERVICE_AUTH = None + + def get_auth_plugin(context): user_auth = context.get_auth_plugin() @@ -32,6 +40,12 @@ def get_auth_plugin(context): CONF, group= nova.conf.service_token.SERVICE_USER_GROUP) + if _SERVICE_AUTH is None: + # This indicates a misconfiguration so log a warning and + # return the user_auth. + LOG.warning('Unable to load auth from [service_user] ' + 'configuration. Ensure "auth_type" is set.') + return user_auth return service_token.ServiceTokenAuthWrapper( user_auth=user_auth, service_auth=_SERVICE_AUTH) |