tripleo

Validations break when authenticating with token

Bug #1678029 reported by Florian Fuchs on 2017-03-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Florian Fuchs	tripleo pike-1 "pike-1"

Bug Description

The tripleo-ansible-inventory script accepts both a keystone token or a username/password combination to connect to undercloud services. However, when using a token the inventory script breaks with the following error:

  ERROR! Attempted to execute "/bin/tripleo-ansible-inventory" as inventory
  script: Inventory script (/bin/tripleo-ansible-inventory) had an execution
  error: Error connecting to Heat: __init__() got an unexpected keyword
  argument 'user_domain_id'"

This is caused by the inventory using the ``user_domain_id parameter`` for token auth, which is only meant to be used for uname/password authentication.

Two ways to reproduce:

- Run a validation via the Mistral workflow (i.e. through the UI)
- Run the inventory script with the ``--list`` option after exporting a valid OS_AUTH_TOKEN env var.

Environment: master or stable/ocata install of the undercloud

See original description

Tags:

Florian Fuchs (flo-fuchs) on 2017-03-31

Changed in tripleo:
importance:	Critical → High
description:	updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-31: Fix proposed to tripleo-validations (master)

Fix proposed to branch: master
Review: https://review.openstack.org/452147

Florian Fuchs (flo-fuchs) on 2017-03-31

tags:

added: ocata-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-03: Fix merged to tripleo-validations (master)

Reviewed: https://review.openstack.org/452147
Committed: https://git.openstack.org/cgit/openstack/tripleo-validations/commit/?id=b669bcbf45e13961b1fb2bc79a6c656fe45180e5
Submitter: Jenkins
Branch: master

commit b669bcbf45e13961b1fb2bc79a6c656fe45180e5
Author: Florian Fuchs <email address hidden>
Date: Fri Mar 31 12:27:09 2017 +0200

Fix token auth in ansible inventory script

    The token authentication in the inventory script currently uses the
    `user_domain_id` parameter, which is supposed to be used with password
    authentication only.

This patch removed the param.

Change-Id: I5ec5aa386eb267283cc187cf1d4206827e6b3191
Closes-Bug: #1678029

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-04: Fix proposed to tripleo-validations (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/453183

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-05: Fix merged to tripleo-validations (stable/ocata)

Reviewed: https://review.openstack.org/453183
Committed: https://git.openstack.org/cgit/openstack/tripleo-validations/commit/?id=bb06b721d76212f02a838f3782c6df875eb4e934
Submitter: Jenkins
Branch: stable/ocata

commit bb06b721d76212f02a838f3782c6df875eb4e934
Author: Florian Fuchs <email address hidden>
Date: Fri Mar 31 12:27:09 2017 +0200

Fix token auth in ansible inventory script

    The token authentication in the inventory script currently uses the
    `user_domain_id` parameter, which is supposed to be used with password
    authentication only.

This patch removed the param.

    Change-Id: I5ec5aa386eb267283cc187cf1d4206827e6b3191
    Closes-Bug: #1678029
    (cherry picked from commit b669bcbf45e13961b1fb2bc79a6c656fe45180e5)