Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-8261

Quay 3.13.1 login with Openstack Keystone authentication hit 501 error code

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • quay-v3.12.4, quay-v3.13.1
    • quay
    • False
    • None
    • False

      Description:

      This is an issue found in Quay 3.13, when configured Quay with Keystone authentication, Login Quay hit error "NotImplementedError()", pls review this issue, see detailed Quay APP POD logs quay313_keystone_authentication_app.logs 

      Quay: 3.13.1

      Quay 3.13 login with Keystone authentication get 501 error:

      Quay Config.yaml:

      AUTHENTICATION_TYPE: Keystone
KEYSTONE_ADMIN_PASSWORD: ***
KEYSTONE_ADMIN_TENANT: admin
KEYSTONE_ADMIN_USERNAME: admin
KEYSTONE_AUTH_URL: http://54.190.94.238:5000/v3
KEYSTONE_AUTH_VERSION: "3"

      Quay Logs:

      gunicorn-web stdout | 2024-11-25 14:41:21,985 [240] [ERROR] [endpoints.decorated]
gunicorn-web stdout | Traceback (most recent call last):
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 1484, in full_dispatch_request
gunicorn-web stdout |     rv = self.dispatch_request()
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask/app.py", line 1469, in dispatch_request
gunicorn-web stdout |     return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
gunicorn-web stdout |   File "/quay-registry/endpoints/decorators.py", line 310, in wrapper
gunicorn-web stdout |     return func(*args, **kwargs)
gunicorn-web stdout |   File "/quay-registry/auth/decorators.py", line 69, in wrapper
gunicorn-web stdout |     return func(*args, **kwargs)
gunicorn-web stdout |   File "/quay-registry/util/request.py", line 64, in wrapper
gunicorn-web stdout |     return decorator(func)(*args, **kwargs)
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask_restful/utils/cors.py", line 35, in wrapped_function
gunicorn-web stdout |     resp = make_response(f(*args, **kwargs))
gunicorn-web stdout |   File "/quay-registry/endpoints/csrf.py", line 71, in wrapper
gunicorn-web stdout |     resp = func(*args, **kwargs)
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask_restful/__init__.py", line 489, in wrapper
gunicorn-web stdout |     resp = resource(*args, **kwargs)
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask/views.py", line 109, in view
gunicorn-web stdout |     return current_app.ensure_sync(self.dispatch_request)(**kwargs)
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask_restful/__init__.py", line 604, in dispatch_request
gunicorn-web stdout |     resp = meth(*args, **kwargs)
gunicorn-web stdout |   File "/quay-registry/endpoints/decorators.py", line 185, in wrapper
gunicorn-web stdout |     return func(*args, **kwargs)
gunicorn-web stdout |   File "/quay-registry/endpoints/decorators.py", line 164, in wrapper
gunicorn-web stdout |     return func(*args, **kwargs)
gunicorn-web stdout |   File "/quay-registry/endpoints/api/__init__.py", line 561, in wrapped
gunicorn-web stdout |     return func(*args, **kwargs)
gunicorn-web stdout |   File "/quay-registry/endpoints/api/__init__.py", line 646, in wrapped
gunicorn-web stdout |     resp = func(self, *args, **kwargs)
gunicorn-web stdout |   File "/quay-registry/endpoints/api/user.py", line 387, in get
gunicorn-web stdout |   File "/quay-registry/endpoints/api/user.py", line 206, in user_view
gunicorn-web stdout |     if features.SUPER_USERS and SuperUserPermission().can():
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask_principal.py", line 347, in can
gunicorn-web stdout |     return self.require().can()
gunicorn-web stdout |   File "/app/lib/python3.9/site-packages/flask_principal.py", line 193, in can
gunicorn-web stdout |     return self.identity.can(self.permission)
gunicorn-web stdout |   File "/quay-registry/auth/permissions.py", line 233, in can
gunicorn-web stdout |     self._populate_superuser_provides(user_object)
gunicorn-web stdout |   File "/quay-registry/auth/permissions.py", line 201, in _populate_superuser_provides
gunicorn-web stdout |     ) and usermanager.is_superuser(user_object.username):
gunicorn-web stdout |   File "/quay-registry/data/users/__init__.py", line 423, in is_superuser
gunicorn-web stdout |     return self.federated_users.is_superuser(username) or super().is_superuser(username)
gunicorn-web stdout |   File "/quay-registry/data/users/__init__.py", line 367, in is_superuser
gunicorn-web stdout |     return self.state.is_superuser(username)
gunicorn-web stdout |   File "/quay-registry/data/users/keystone.py", line 359, in is_superuser
gunicorn-web stdout |     raise NotImplementedError()
gunicorn-web stdout | NotImplementedError
nginx stdout | 10.128.2.22 (-) - - [25/Nov/2024:14:41:21 +0000] "GET /api/v1/user/ HTTP/1.1" 501 15 "https://quay-quay-quay.apps.quaytest-3364.qe.devcluster.openshift.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0" (0.034 1486 0.034)
gunicorn-web stdout | 2024-11-25 14:41:21,987 [240] [INFO] [gunicorn.access] 10.128.2.22 - - [25/Nov/2024:14:41:21 +0000] "GET /api/v1/user/ HTTP/1.0" 501 15 "https://quay-quay-quay.apps.quaytest-3364.qe.devcluster.openshift.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0"

        1. image-2024-11-25-22-44-03-701.png
          image-2024-11-25-22-44-03-701.png
          394 kB
        2. quay313_keystone_authentication_app.logs
          168 kB

              Unassigned Unassigned
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: