If the owner user and project of a lease are deleted or are disabled, the OpenStack admin cannot delete the lease. How to reproduce in DevStack:
source ~/devstack/openrc alt_demo alt_demo
blazar lease-create --physical-reservation min=1,max=1 foo
source ~/devstack/openrc admin
openstack role remove --user alt_demo --project alt_demo member
blazar lease-delete foo
Logs in blazar-m:
ERROR oslo_messaging.rpc.server [-] Exception during message handling: Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-e225fe21-3eec-4071-b8fe-46b404c09913)
ERROR oslo_messaging.rpc.server Traceback (most recent call last):
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/server.py", line 160, in _process_incoming
ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 213, in dispatch
ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 183, in _do_dispatch
ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args)
ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/utils/service.py", line 78, in run_method
ERROR oslo_messaging.rpc.server return method(**kwargs)
ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/manager/service.py", line 447, in delete_lease
ERROR oslo_messaging.rpc.server with trusts.create_ctx_from_trust(lease['trust_id']) as ctx:
ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/utils/trusts.py", line 65, in create_ctx_from_trust
ERROR oslo_messaging.rpc.server ctx=ctx,
ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/utils/openstack/keystone.py", line 121, in __init__
ERROR oslo_messaging.rpc.server self.keystone.authenticate(auth_url=auth_url)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 108, in inner
ERROR oslo_messaging.rpc.server return wrapped(*args, **kwargs)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/httpclient.py", line 581, in authenticate
ERROR oslo_messaging.rpc.server resp = self.get_raw_token_from_identity_service(**kwargs)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/v3/client.py", line 322, in get_raw_token_from_identity_service
ERROR oslo_messaging.rpc.server return plugin.get_auth_ref(self.session)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v3/base.py", line 191, in get_auth_ref
ERROR oslo_messaging.rpc.server authenticated=False, log=False, **rkwargs)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 545, in post
ERROR oslo_messaging.rpc.server return self.request(url, 'POST', **kwargs)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 108, in inner
ERROR oslo_messaging.rpc.server return wrapped(*args, **kwargs)
ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 445, in request
ERROR oslo_messaging.rpc.server raise exceptions.from_response(resp, method, url)
ERROR oslo_messaging.rpc.server Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-e225fe21-3eec-4071-b8fe-46b404c09913)
This is because Blazar tries to use the trust created for the user, which is not valid anymore. Blazar should allow admins to bypass trusts and perform the operations with their own context.