OpenStack Heat

Can't use instance credentials for describe_stack_resource

Bug #1299982 reported by Steve Baker on 2014-03-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	High	Steve Baker	OpenStack Heat 2014.1 "icehouse"

Bug Description

There are 2 issues preventing stack user credentials from being used to call describe_stack_resource (heat resource-metadata)

* 1. _authorize_stack_user only looks for ec2Credentials in the context, instead of cnxt.user_id
* 2. The context has no user_id set, thanks to the context middleware only setting the user_id if the username is also set

Steve Baker (steve-stevebaker) on 2014-03-31

Changed in heat:
importance:	Undecided → High
assignee:	nobody → Steve Baker (steve-stevebaker)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-31: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/84047

Changed in heat:
status:	Triaged → In Progress

Steve Baker (steve-stevebaker) on 2014-04-01

tags:

added: icehouse-rc-potential

Steve Baker (steve-stevebaker) on 2014-04-06

Changed in heat:
milestone:	juno-1 → icehouse-rc2
tags:	removed: icehouse-rc-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-04-07: Fix merged to heat (master)

Reviewed: https://review.openstack.org/84047
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=57f508908346fdfd3d2e3e6a0af107411a58e245
Submitter: Jenkins
Branch: master

commit 57f508908346fdfd3d2e3e6a0af107411a58e245
Author: Steve Baker <email address hidden>
Date: Mon Apr 7 16:56:13 2014 +1200

Allow for stack users in _authorize_stack_user

This change allows stack user credentials to be used to call
describe_stack_resource (heat resource-metadata)

    It makes the following changes:
    * _authorize_stack_user first attempts authorize with
      stack.access_allowed using the context user_id before falling back
      to looking for ec2 credentials
    * context middleware sets the user_id on the context even when the
      username is not specified

This change also adds missing test coverage to ContextMiddleware

Change-Id: Idb655e403ba11a3144dacf34eba0feb59ab8d911
Closes-Bug: #1299982

Changed in heat:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-04-08: Fix proposed to heat (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/85898

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-04-08: Fix merged to heat (milestone-proposed)

Reviewed: https://review.openstack.org/85898
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=b3942fd443a197fec9fb7e3a9ebdf08655159f06
Submitter: Jenkins
Branch: milestone-proposed

commit b3942fd443a197fec9fb7e3a9ebdf08655159f06
Author: Steve Baker <email address hidden>
Date: Mon Apr 7 16:56:13 2014 +1200

Allow for stack users in _authorize_stack_user

This change allows stack user credentials to be used to call
describe_stack_resource (heat resource-metadata)

This change also adds missing test coverage to ContextMiddleware

Change-Id: Idb655e403ba11a3144dacf34eba0feb59ab8d911
Closes-Bug: #1299982

Changed in heat:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in heat:
milestone:	icehouse-rc2 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.