Fix NoneType error when [service_user] is misconfigured

If the [service_user]/send_service_user_token option is
set to True but the actual auth options are incomplete,
like missing to set the auth_type option, we eventually
fail to re-auth with keystone due to a NoneType error
in keystoneauth1.

We can detect this issue because load_auth_from_conf_options
will return None and we can just log a warning and continue
as if the service user was never configured in the first place.

Co-Authored-By: Eric Fried <efried@us.ibm.com>
Change-Id: I0a96c835d620307f1ab34736ba42c2deb1321a23
Closes-Bug: #1733642

1 files changed, 14 insertions, 0 deletions

diff --git a/nova/service_auth.py b/nova/service_auth.py
index b9191f3033..f5ae0646d8 100644
--- a/nova/service_auth.py
+++ b/nova/service_auth.py
@@ -13,15 +13,23 @@
 
 from keystoneauth1 import loading as ks_loading
 from keystoneauth1 import service_token
+from oslo_log import log as logging
 
 import nova.conf
 
 
 CONF = nova.conf.CONF
+LOG = logging.getLogger(__name__)
 
 _SERVICE_AUTH = None
 
 
+def reset_globals():
+    """For async unit test consistency."""
+    global _SERVICE_AUTH
+    _SERVICE_AUTH = None
+
+
 def get_auth_plugin(context):
     user_auth = context.get_auth_plugin()
 
@@ -32,6 +40,12 @@ def get_auth_plugin(context):
                                 CONF,
                                 group=
                                 nova.conf.service_token.SERVICE_USER_GROUP)
+            if _SERVICE_AUTH is None:
+                # This indicates a misconfiguration so log a warning and
+                # return the user_auth.
+                LOG.warning('Unable to load auth from [service_user] '
+                            'configuration. Ensure "auth_type" is set.')
+                return user_auth
         return service_token.ServiceTokenAuthWrapper(
                    user_auth=user_auth,
                    service_auth=_SERVICE_AUTH)