Public bug reported:
Description of problem:
In the past (OSP less then 17.1 +SRBAC configuration)
we were able to use only the rc file if we wanted to source the user, without
the need to update the clouds.yml and with no obligation to put other value in
the OS_CLOUD filed.
Version-Release number of selected component (if applicable):
RHOS-17.1-RHEL-9-20230607.n.2 +SRBAC configuration
How reproducible:
Every time, in the same session.
Steps to Reproduce:
Prerequisites:
1.Create a project under the default domain (fro example "project2"
2.Create the user:
(overcloud) [stack@undercloud-0 ~]$ openstack user create admin3 --password
12345678
3.Add a role to the user-
(overcloud) [stack@undercloud-0 ~]$ openstack role add --user admin3 --project
project2 admin
3.Make sure the user is assign with the right role-
(overcloud) [stack@undercloud-0 ~]$ openstack role assignment list --user
admin3 --names
4.Copy the overcloudrc file and give it a new name like "admin3rc"
5.Change the file’s fields to be compatible to the new user.
6.***In this point, if we don't change the clouds.yml file, this user will not
be able to send requests.***- This is new -Is it part of the bug?
7. Change the clouds.yml - Add the new user and make sure the user's name is
right above auth: in the clouds.yml file+ make sure the same name is the same
as in the field of "OS_CLOUD=" of the admin3rc file. This is the way it should
be:"OS_CLOUD=admin3"
8.Sourcing admin3rc and sending regular commands in a new session when all env
variables are empty will end successfully-
[stack@undercloud-0 ~]$ . admin3rc
(admin3) [stack@undercloud-0 ~]$ openstack user list
+----------------------------------+-------------------------------------------------------------------+
| ID | Name
|
+----------------------------------+-------------------------------------------------------------------+
| 1735403404384416876f68c51c0388c7 | admin
|
| 2b82835faf1b4f479cd0395036dcd677 | barbican
|
....
..
.
Leaving overcloud in the OS_CLOUD filed e.g. export OS_CLOUD=overcloud in the
admin3rc file, will make a confution in this scenario:
Steps:
1. [stack@undercloud-0 ~]$ . admin3rc
2. (overcloud) [stack@undercloud-0 ~]$ openstack user list
The request you have made requires authentication. (HTTP 401) (Request-ID:
req-fa114d20-5492-4e61-bfc9-6f9586b8aafe)
Actual results:
There is a confusion in priority between when clouds.yml parameters are used
and when the exported variables are used. We get the error "The request you
have made requires authentication. (HTTP 401) "
Expected results:
The action should end successfully.
If the behavior was not changed, we need to be able to use only the rc file if
we want to , without the need to update the clouds.yml and with no obligation
to put other value in the OS_CLOUD filed.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2025146
Title:
There is a confusion in priority between when clouds.yml parameters
are used and when the exported variables are used
Status in OpenStack Identity (keystone):
New
Bug description:
Description of problem:
In the past (OSP less then 17.1 +SRBAC configuration)
we were able to use only the rc file if we wanted to source the user, without
the need to update the clouds.yml and with no obligation to put other value in
the OS_CLOUD filed.
Version-Release number of selected component (if applicable):
RHOS-17.1-RHEL-9-20230607.n.2 +SRBAC configuration
How reproducible:
Every time, in the same session.
Steps to Reproduce:
Prerequisites:
1.Create a project under the default domain (fro example "project2"
2.Create the user:
(overcloud) [stack@undercloud-0 ~]$ openstack user create admin3 --password
12345678
3.Add a role to the user-
(overcloud) [stack@undercloud-0 ~]$ openstack role add --user admin3
--project project2 admin
3.Make sure the user is assign with the right role-
(overcloud) [stack@undercloud-0 ~]$ openstack role assignment list --user
admin3 --names
4.Copy the overcloudrc file and give it a new name like "admin3rc"
5.Change the file’s fields to be compatible to the new user.
6.***In this point, if we don't change the clouds.yml file, this user will
not be able to send requests.***- This is new -Is it part of the bug?
7. Change the clouds.yml - Add the new user and make sure the user's name is
right above auth: in the clouds.yml file+ make sure the same name is the same
as in the field of "OS_CLOUD=" of the admin3rc file. This is the way it should
be:"OS_CLOUD=admin3"
8.Sourcing admin3rc and sending regular commands in a new session when all
env variables are empty will end successfully-
[stack@undercloud-0 ~]$ . admin3rc
(admin3) [stack@undercloud-0 ~]$ openstack user list
+----------------------------------+-------------------------------------------------------------------+
| ID | Name
|
+----------------------------------+-------------------------------------------------------------------+
| 1735403404384416876f68c51c0388c7 | admin
|
| 2b82835faf1b4f479cd0395036dcd677 | barbican
|
....
..
.
Leaving overcloud in the OS_CLOUD filed e.g. export OS_CLOUD=overcloud in the
admin3rc file, will make a confution in this scenario:
Steps:
1. [stack@undercloud-0 ~]$ . admin3rc
2. (overcloud) [stack@undercloud-0 ~]$ openstack user list
The request you have made requires authentication. (HTTP 401) (Request-ID:
req-fa114d20-5492-4e61-bfc9-6f9586b8aafe)
Actual results:
There is a confusion in priority between when clouds.yml parameters are used
and when the exported variables are used. We get the error "The request you
have made requires authentication. (HTTP 401) "
Expected results:
The action should end successfully.
If the behavior was not changed, we need to be able to use only the rc file
if we want to , without the need to update the clouds.yml and with no
obligation to put other value in the OS_CLOUD filed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2025146/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
