OpenStack Heat

Stack abandon deletes stack domain project

Bug #1300734 reported by Steven Hardy on 2014-04-01

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	High	Steven Hardy	OpenStack Heat 2014.2 "juno"

Bug Description

When you abandon a stack, instead of exporting the stack domain project ID, it deletes it, which will make any adopted stack very broken if it contains any resources which have related keystone users.

-bash-4.2$ cat user.yaml
heat_template_version: 2013-05-23

resources:
user:
type: AWS::IAM::User

outputs:
  user:
    description: user
    value: { get_resource : user }

-bash-4.2$ openstack --os-token foobar --os-url=http://127.0.0.1:5000/v3 --os-identity-api-version=3 project list --domain heat | grep 56248495
| 011431bd9bb74020bd8a11ffec7a4ca4 | 048aeaa4c2714d268d669521d314c304-56248495-9917-42fe-9b43-18e2a0b |
-bash-4.2$ heat stack-abandon u11 | tee /tmp/u1.json{
  "status": "COMPLETE",
  "name": "u11",
  "template": {
    "outputs": {
      "user": {
        "description": "user",
        "value": {
          "get_resource": "user"
        }
      }
    },
    "heat_template_version": "2013-05-23",
    "resources": {
      "user": {
        "type": "AWS::IAM::User"
      }
    }
  },
  "action": "CREATE",
  "id": "56248495-9917-42fe-9b43-18e2a0be11b2",
  "resources": {
    "user": {
      "status": "COMPLETE",
      "name": "user",
      "resource_data": {
        "user_id": "431fe91a6e4c44ac9923f3f586375fe3"
      },
      "resource_id": "431fe91a6e4c44ac9923f3f586375fe3",
      "action": "CREATE",
      "type": "AWS::IAM::User",
      "metadata": {}
    }
  }
}
-bash-4.2$ openstack --os-token foobar --os-url=http://127.0.0.1:5000/v3 --os-identity-api-version=3 project list --domain heat | grep 56248495
-bash-4.2$

Tags:

Steven Hardy (shardy) on 2014-04-01

Changed in heat:
assignee:	nobody → Steven Hardy (shardy)

Revision history for this message

JunJie Nan (nanjj) wrote on 2014-04-01:

It may be same issue with bug 1298888

Steve Baker (steve-stevebaker) on 2014-04-01

Changed in heat:
status:	New → Triaged
importance:	Undecided → High
milestone:	none → juno-1

Thierry Carrez (ttx) on 2014-06-11

Changed in heat:
milestone:	juno-1 → juno-2

Steven Hardy (shardy) on 2014-07-21

Changed in heat:
milestone:	juno-2 → juno-3

Steven Hardy (shardy) on 2014-09-02

Changed in heat:
milestone:	juno-3 → juno-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-08: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/119847

Changed in heat:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-16: Fix merged to heat (master)

Reviewed: https://review.openstack.org/119847
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=6e95e28c4d8392be2720fc1437222debda660523
Submitter: Jenkins
Branch: master

commit 6e95e28c4d8392be2720fc1437222debda660523
Author: Steven Hardy <email address hidden>
Date: Mon Sep 8 18:58:47 2014 +0100

Don't delete stack domain project on stack-abandon

    Currently we delete the stack domain project on abandon, which will
    break any resources being abandoned that depend on users created in
    the stack user domain. So add a flag to skip deletion on abandon
    and some tests to prove it works.

Change-Id: I883831a33d5bd326523836247683c161f797ee2a
Closes-Bug: #1300734

Changed in heat:
status:	In Progress → Fix Committed

Zane Bitter (zaneb) on 2014-09-30

tags:

added: abandon-adopt

Thierry Carrez (ttx) on 2014-10-02

Changed in heat:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-10-16

Changed in heat:
milestone:	juno-rc1 → 2014.2

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1298888

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.