Leases cannot be deleted if the owner user and project are gone

Bug #1712381 reported by Pierre Riteau on 2017-08-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Blazar
Critical
Pierre Riteau

Bug Description

If the owner user and project of a lease are deleted or are disabled, the OpenStack admin cannot delete the lease. How to reproduce in DevStack:

    source ~/devstack/openrc alt_demo alt_demo
    blazar lease-create --physical-reservation min=1,max=1 foo

    source ~/devstack/openrc admin
    openstack role remove --user alt_demo --project alt_demo member
    blazar lease-delete foo

Logs in blazar-m:

    ERROR oslo_messaging.rpc.server [-] Exception during message handling: Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-e225fe21-3eec-4071-b8fe-46b404c09913)
    ERROR oslo_messaging.rpc.server Traceback (most recent call last):
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/server.py", line 160, in _process_incoming
    ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 213, in dispatch
    ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 183, in _do_dispatch
    ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args)
    ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/utils/service.py", line 78, in run_method
    ERROR oslo_messaging.rpc.server return method(**kwargs)
    ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/manager/service.py", line 447, in delete_lease
    ERROR oslo_messaging.rpc.server with trusts.create_ctx_from_trust(lease['trust_id']) as ctx:
    ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/utils/trusts.py", line 65, in create_ctx_from_trust
    ERROR oslo_messaging.rpc.server ctx=ctx,
    ERROR oslo_messaging.rpc.server File "/opt/stack/blazar/blazar/utils/openstack/keystone.py", line 121, in __init__
    ERROR oslo_messaging.rpc.server self.keystone.authenticate(auth_url=auth_url)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 108, in inner
    ERROR oslo_messaging.rpc.server return wrapped(*args, **kwargs)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/httpclient.py", line 581, in authenticate
    ERROR oslo_messaging.rpc.server resp = self.get_raw_token_from_identity_service(**kwargs)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/v3/client.py", line 322, in get_raw_token_from_identity_service
    ERROR oslo_messaging.rpc.server return plugin.get_auth_ref(self.session)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v3/base.py", line 191, in get_auth_ref
    ERROR oslo_messaging.rpc.server authenticated=False, log=False, **rkwargs)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 545, in post
    ERROR oslo_messaging.rpc.server return self.request(url, 'POST', **kwargs)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 108, in inner
    ERROR oslo_messaging.rpc.server return wrapped(*args, **kwargs)
    ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 445, in request
    ERROR oslo_messaging.rpc.server raise exceptions.from_response(resp, method, url)
    ERROR oslo_messaging.rpc.server Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-e225fe21-3eec-4071-b8fe-46b404c09913)

Pierre Riteau (priteau) wrote :

This is because Blazar tries to use the trust created for the user, which is not valid anymore. Blazar should allow admins to bypass trusts and perform the operations with their own context.

Changed in blazar:
importance: Undecided → Medium
Nick Timkovich (nicktimko) wrote :

It seems to bother a former user's coworkers within a project most of all, who would ordinarily be able to delete the lease.

Changed in blazar:
status: New → Triaged
Pierre Riteau (priteau) wrote :

This also impacts the end_lease event if the user has been disabled or deleted in the meantime.

description: updated
Changed in blazar:
milestone: none → rocky-3
Pierre Riteau (priteau) on 2018-09-10
Changed in blazar:
importance: Medium → Critical
assignee: nobody → Pierre Riteau (priteau)
milestone: rocky-3 → stein-1
Pierre Riteau (priteau) on 2018-10-23
Changed in blazar:
milestone: stein-1 → stein-2
Pierre Riteau (priteau) on 2019-01-10
Changed in blazar:
milestone: stein-2 → stein-3
Pierre Riteau (priteau) on 2019-02-11
description: updated
Pierre Riteau (priteau) on 2019-02-11
Changed in blazar:
status: Triaged → Won't Fix
status: Won't Fix → In Progress
Pierre Riteau (priteau) on 2019-04-15
Changed in blazar:
milestone: stein-3 → train-1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers