Fuel for OpenStack

Unlock settings tab: Changes of openstack admin user do not purge previous users

Bug #1578348 reported by Tatyanka on 2016-05-04

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Committed	High	Stanislaw Bogatkin	Fuel for OpenStack 10.0
	Mitaka	Fix Released	High	Stanislaw Bogatkin	Fuel for OpenStack 9.1

Bug Description

Detailed bug description:
Unlock settings tab: Changes in openstack data do not replaced existing one, they just extend it
Steps to reproduce:
1. Setup master node
2. Create any environment
3. Go to settings tab and put next data for openstack user: admin rados, password : rados, project: rados
4. Deploy environment
5. For ready environment - go to the setting tab and change openstack data to something else: admin test-123, password: test 123, project test 123
6. Redeploy
7. ssh on ready controller, check keystone project list, check keystone user list ---> RADOS user/project is present here
8. Change openrc for usage of rados user/password, get project/user list / update password for new user test123 -----> rados user is active and has admin permission for all operation

Expected results:
Old admin user were replaced with new one(from updated settings data) so it should not be active/existing after successful re-deployment

Actual result:
It is still here and has admine permission , so can easily update password/tenant for new admin user
http://paste.openstack.org/show/496134/

Version:
[root@nailgun ~]# shotgun2 short-report
cat /etc/fuel_build_id:
250
cat /etc/fuel_build_number:
250
cat /etc/fuel_release:
9.0
cat /etc/fuel_openstack_version:
mitaka-9.0
rpm -qa | egrep 'fuel|astute|network-checker|nailgun|packetary|shotgun':
fuel-release-9.0.0-1.mos6341.noarch
fuel-misc-9.0.0-1.mos8322.noarch
fuel-mirror-9.0.0-1.mos133.noarch
shotgun-9.0.0-1.mos88.noarch
fuel-openstack-metadata-9.0.0-1.mos8669.noarch
fuel-notify-9.0.0-1.mos8322.noarch
fuel-ostf-9.0.0-1.mos926.noarch
fuel-provisioning-scripts-9.0.0-1.mos8669.noarch
python-fuelclient-9.0.0-1.mos312.noarch
fuel-9.0.0-1.mos6341.noarch
fuel-utils-9.0.0-1.mos8322.noarch
fuel-nailgun-9.0.0-1.mos8669.noarch
rubygem-astute-9.0.0-1.mos740.noarch
fuel-library9.0-9.0.0-1.mos8322.noarch
network-checker-9.0.0-1.mos72.x86_64
fuel-agent-9.0.0-1.mos273.noarch
fuel-ui-9.0.0-1.mos2676.noarch
fuel-setup-9.0.0-1.mos6341.noarch
nailgun-mcagents-9.0.0-1.mos740.noarch
python-packetary-9.0.0-1.mos133.noarch
fuelmenu-9.0.0-1.mos269.noarch
fuel-bootstrap-cli-9.0.0-1.mos273.noarch
fuel-migrate-9.0.0-1.mos8322.noarch
[root@nailgun ~]#

Version: iso 250

Tags:

Revision history for this message

Tatyanka (tatyana-leontovich) wrote on 2016-05-04:

Set to high according to issue leads to bad user UX as well as some admin data became unsafely

Changed in fuel:
milestone:	none → 10.0
importance:	Undecided → Medium
importance:	Medium → High
assignee:	nobody → Alexey Shtokolov (ashtokolov)

Oleksiy Molchanov (omolchanov) on 2016-05-05

Changed in fuel:
status:	New → Confirmed

Revision history for this message

Tatyanka (tatyana-leontovich) wrote on 2016-05-05:

https://drive.google.com/open?id=0B_tSitrwrgvoMGp0VW9RbWEtNEU

Dmitry Pyzhov (dpyzhov) on 2016-05-06

tags:

added: area-python

Alexey Shtokolov (ashtokolov) on 2016-05-06

Changed in fuel:
assignee:	Alexey Shtokolov (ashtokolov) → Fuel Toolbox (fuel-toolbox)

Alexey Shtokolov (ashtokolov) on 2016-05-11

Changed in fuel:
assignee:	Fuel Toolbox (fuel-toolbox) → Stanislaw Bogatkin (sbogatkin)

Revision history for this message

Stanislaw Bogatkin (sbogatkin) wrote on 2016-06-01:

ETA: 2016.06.02

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-01: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/323982

Changed in fuel:
status:	Confirmed → In Progress

Vladimir Kuklin (vkuklin) on 2016-06-06

summary:

- Unlock settings tab: Changes in openstack data do not replaced existing
- one, they just extend it
+ Unlock settings tab: Changes of openstack admin user do not purge
+ previous users

OpenStack Infra (hudson-openstack) on 2016-06-07

Changed in fuel:
assignee:	Stanislaw Bogatkin (sbogatkin) → Alexey Shtokolov (ashtokolov)

OpenStack Infra (hudson-openstack) on 2016-06-08

Changed in fuel:
assignee:	Alexey Shtokolov (ashtokolov) → Vladimir Kuklin (vkuklin)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-08: Related fix proposed to fuel-web (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/327047

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-08: Related fix proposed to fuel-web (stable/mitaka)

Related fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/327052

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-08: Related fix merged to fuel-web (master)

Reviewed: https://review.openstack.org/327047
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=3305e1dccea502bcf3207e56f2139190dde1c80a
Submitter: Jenkins
Branch: master

commit 3305e1dccea502bcf3207e56f2139190dde1c80a
Author: Bulat Gaifullin <email address hidden>
Date: Wed Jun 8 15:00:04 2016 +0300

If old context is not present returns empty dict

The old context shall be instance of dict, because
library tasks expects instance of dict

Change-Id: I9980310a7a180252afb14810717165b95f6ffdbf
Related-Bug: 1578348

tags:

added: in-stable-mitaka

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-08: Related fix merged to fuel-web (stable/mitaka)

Reviewed: https://review.openstack.org/327052
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=5d442c3210db81e88d6dd2e96066c4de2ba1abe6
Submitter: Jenkins
Branch: stable/mitaka

commit 5d442c3210db81e88d6dd2e96066c4de2ba1abe6
Author: Bulat Gaifullin <email address hidden>
Date: Wed Jun 8 15:00:04 2016 +0300

If old context is not present returns empty dict

The old context shall be instance of dict, because
library tasks expects instance of dict

Change-Id: I9980310a7a180252afb14810717165b95f6ffdbf
Related-Bug: 1578348

Alexey Shtokolov (ashtokolov) on 2016-06-08

tags:

added: move-to-mu
removed: in-stable-mitaka

OpenStack Infra (hudson-openstack) on 2016-06-10

Changed in fuel:
assignee:	Vladimir Kuklin (vkuklin) → Stanislaw Bogatkin (sbogatkin)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-16: Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/323982
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=0a36a3bb8cb65dba7896d2edb72c122f13d63596
Submitter: Jenkins
Branch: master

commit 0a36a3bb8cb65dba7896d2edb72c122f13d63596
Author: Stanislaw Bogatkin <email address hidden>
Date: Wed Jun 1 18:30:23 2016 +0300

Purge old openstack admin access user if changed

    If operator has changed admin user, old one will now be stored in
    /etc/hiera/old_admin_user.yaml as an access hash. Then it will be
    deleted after new user creation.

Change-Id: I30213c02c4a370aee9db1597cf32dd8f08ae6539
Closes-Bug: #1578348

Changed in fuel:
status:	In Progress → Fix Committed

Dmitry Pyzhov (dpyzhov) on 2016-08-04

tags:

added: 9.1-proposed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-10: Fix proposed to fuel-library (stable/mitaka)

#10

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/353462

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-01: Fix merged to fuel-library (stable/mitaka)

#11

Reviewed: https://review.openstack.org/353462
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=e905ddeb3e5df24e22bd8a96e033b9a1765b82d5
Submitter: Jenkins
Branch: stable/mitaka

commit e905ddeb3e5df24e22bd8a96e033b9a1765b82d5
Author: Stanislaw Bogatkin <email address hidden>
Date: Wed Jun 1 18:30:23 2016 +0300

Purge old openstack admin access user if changed

    If operator has changed admin user, old one will now be stored in
    /etc/hiera/old_admin_user.yaml as an access hash. Then it will be
    deleted after new user creation.

    Change-Id: I30213c02c4a370aee9db1597cf32dd8f08ae6539
    Closes-Bug: #1578348
    (cherry picked from commit 0a36a3bb8cb65dba7896d2edb72c122f13d63596)

TatyanaGladysheva (tgladysheva) on 2016-09-05

tags:

added: on-verification

Revision history for this message

TatyanaGladysheva (tgladysheva) wrote on 2016-09-05:

#12

Verified on 9.1 snapshot #222.

tags:

removed: on-verification

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1587914

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.