Cinder

Domain information is ignored when contacting Novaclient

Bug #1599168 reported by Clenimar Filemon on 2016-07-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	Fix Released	Medium	Clenimar Filemon	Cinder ocata-1 "o1"

Bug Description

When using Assisted Snapshot feature, Cinder creates a Novaclient instance using a keystoneauth Session, but ignores domain information when creating the auth plugin. This won't work in an Identity v3 scenario, since domain information is necessary when doing v3 auth.

Code: https://github.com/openstack/cinder/blob/master/cinder/compute/nova.py#L142-L147

    loader = keystoneauth1.loading.get_plugin_loader('password')
    auth = loader.load_from_options(auth_url=url,
                                    username=context.user_id,
                                    password=context.auth_token,
                                    project_name=context.project_name)
    keystone_session = keystoneauth1.session.Session(auth=auth)

Domain information is already available in the context, we just need to read it.

Clenimar Filemon (clenimar-filemon) on 2016-07-05

Changed in cinder:
assignee:	nobody → Clenimar Filemon (clenimar-filemon)

OpenStack Infra (hudson-openstack) on 2016-07-05

Changed in cinder:
status:	New → In Progress

Revision history for this message

Clenimar Filemon (clenimar-filemon) wrote on 2016-07-05:

fix proposed: https://review.openstack.org/#/c/337322/

Sean McGinnis (sean-mcginnis) on 2016-10-05

Changed in cinder:
importance:	Undecided → Medium
milestone:	none → ocata-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-13: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/337322
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=4fe3f4cfdaf3ed08cd61ed18a8e31ecf4b36f682
Submitter: Jenkins
Branch: master

commit 4fe3f4cfdaf3ed08cd61ed18a8e31ecf4b36f682
Author: Clenimar Filemon <email address hidden>
Date: Mon Jul 4 13:40:59 2016 -0300

Read domain info from context when contacting nova

    When we make a keystoneauth Session instance we are not looking at domain
    info. This way we're always creating v2Password auth plugin, which will
    obviously fail in an Identity v3-only scenario.

This patch makes domain information (i.e user_domain_id and project_domain_id)
be read from the context so that we can issue v3Password plugin as well.

    Also, the logic behind auth plugin creation has been changed, as long as the
    loading mechanism is designed to read options from config files, which is not
    the case. Creating the plugin directly seems to fit better here.

This change is backwards compatible, since identity.Password can figure
out what Identity version is in use and will ignore domain info if v2.0

Change-Id: I687a73cce4230e1d98d5c42fdc81549d5bc6ab1a
Closes-Bug: #1599168

Changed in cinder:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-16: Fix included in openstack/cinder 10.0.0.0b1

This issue was fixed in the openstack/cinder 10.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.