ansible-collections-openstack

dynamic inventory doesn't use username/password env variables

Bug #2046662 reported by Mathias Petermann on 2023-12-17

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	ansible-collections-openstack	New	Undecided	Unassigned

Bug Description

Using a rather minimal inventory configuration, the dynamic inventory reads the clouds.yaml as intended, but doesn't use the OS_USERNAME/OS_PASSWORD environment variables if no credentials are configured in the clouds.yaml

We are using the same credentials for multiple accounts, and don't want to specify them for each cloud separately but rather once for all of them (and in a secure way, thus the environment variables).

dynamic inventory / openstack.yaml
==================================
plugin: openstack.cloud.openstack
all_projects: false
expand_hostvars: true
fail_on_errors: true
strict: true
keyed_groups:
- key: openstack.tags
separator: ""

clouds.yaml
==========
clouds:
  example-region-zh:
    auth:
      auth_url: https://keystone.cloud.switch.ch:5000/v3
      project_name: example-project
      domain_name: Default
    region_name: "ZH"
    interface: "public"
    identity_api_version: 3

  example-region-ls:
    auth:
      auth_url: https://keystone.cloud.switch.ch:5000/v3
      project_name: example-project
      domain_name: Default
    region_name: "LS"
    interface: "public"
    identity_api_version: 3

Give the above configurations, and the username & password set using the environment variables, the openstack CLI is able to fetch projects and servers as intended (eg. openstack --os-cloud example-region-ls server list ), but the dynamic inventory fails with the following error.

Traceback (most recent call last):
  File "$HOME/ansible-pipeline/venv/bin/openstack-inventory", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/openstack/cloud/cmd/inventory.py", line 75, in main
    output = inventory.list_hosts()
             ^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/openstack/cloud/inventory.py", line 73, in list_hosts
    for server in cloud.list_servers(
                  ^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/openstack/cloud/_compute.py", line 363, in list_servers
    for server in self.compute.servers(
                  ^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/openstack/service_description.py", line 89, in __get__
    proxy = self._make_proxy(instance)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/openstack/service_description.py", line 265, in _make_proxy
    found_version = temp_adapter.get_api_major_version()
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/adapter.py", line 354, in get_api_major_version
    return self.session.get_api_major_version(auth or self.auth, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/session.py", line 1279, in get_api_major_version
    return auth.get_api_major_version(self, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/identity/base.py", line 497, in get_api_major_version
    data = get_endpoint_data(discover_versions=discover_versions)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/identity/base.py", line 268, in get_endpoint_data
    service_catalog = self.get_access(session).service_catalog
                      ^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/identity/base.py", line 131, in get_access
    self.auth_ref = self.get_auth_ref(session)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/identity/generic/base.py", line 205, in get_auth_ref
    return self._plugin.get_auth_ref(session, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/identity/v3/base.py", line 185, in get_auth_ref
    resp = session.post(token_url, json=body, headers=headers,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/session.py", line 1152, in post
    return self.request(url, 'POST', **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "$HOME/ansible-pipeline/venv/lib/python3.11/site-packages/keystoneauth1/session.py", line 978, in request
    raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.BadRequest: Invalid input for field 'identity/password/user/password': None is not of type 'string'

Failed validating 'type' in schema['properties']['identity']['properties']['password']['properties']['user']['properties']['password']:
{'type': 'string'}

On instance['identity']['password']['user']['password']:
None (HTTP 400) (Request-ID: req-....)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.