Browse Source

Handle DiscoveryFailure errors

DiscoveryFailures can happen for a variety of reasons, ranging
from service misconfiguration to a keystone outage to a transient
network failure. If we don't catch and handle the failure here,
it will almost certainly cause something further up the WSGI stack
to send a 500 Internal Error (and likely log a traceback).

A log line like

    Unable to validate token: Could not find versioned identity
    endpoints when attempting to authenticate. Please check that
    your auth_url is correct. Unable to establish connection to
    http://keystone:35357: HTTPConnectionPool(host='keystone',
    port=35357): Max retries exceeded with url: / (Caused by
    NewConnectionError('<urllib3.connection.HTTPConnection
    object at 0x7fc53e22e050>: Failed to establish a new
    connection: [Errno 111] ECONNREFUSED',))

should be plenty enough for an operator to assess the situation;
I don't need a 29-frame traceback.

Change-Id: I946388c09b2ca0230d2cef009c679a7ac7c8398f
Tim Burke 11 months ago
parent
commit
86904543eb

+ 1
- 0
keystonemiddleware/auth_token/__init__.py View File

@@ -763,6 +763,7 @@ class AuthProtocol(BaseAuthProtocol):
763 763
                 self._token_cache.set(token_hashes[0], data)
764 764
 
765 765
         except (ksa_exceptions.ConnectFailure,
766
+                ksa_exceptions.DiscoveryFailure,
766 767
                 ksa_exceptions.RequestTimeout,
767 768
                 ksm_exceptions.RevocationListError,
768 769
                 ksm_exceptions.ServiceError) as e:

+ 11
- 0
keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py View File

@@ -1070,6 +1070,17 @@ class CommonAuthTokenMiddlewareTest(object):
1070 1070
         self.assertIsNone(self._get_cached_token(ERROR_TOKEN))
1071 1071
         self.assert_valid_last_url(ERROR_TOKEN)
1072 1072
 
1073
+    def test_discovery_failure(self):
1074
+        def discovery_failure_response(request, context):
1075
+            raise ksa_exceptions.DiscoveryFailure(
1076
+                "Could not determine a suitable URL for the plugin")
1077
+
1078
+        self.requests_mock.get(BASE_URI, text=discovery_failure_response)
1079
+        self.call_middleware(headers={'X-Auth-Token': 'token'},
1080
+                             expected_status=503)
1081
+        self.assertIsNone(self._get_cached_token('token'))
1082
+        self.assertEqual(BASE_URI, self.requests_mock.last_request.url)
1083
+
1073 1084
     def test_http_request_max_retries(self):
1074 1085
         times_retry = 10
1075 1086
         body_string = 'The Keystone service is temporarily unavailable.'

Loading…
Cancel
Save