Juniper Openstack

Keystone v3 domain scoped authentication fails

Bug #1710736 reported by Senthilnathan Murugappan on 2017-08-14

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.2	Fix Committed	High	Ignatious Johnson Christopher	Juniper Openstack r3.2.5.0
Trunk	Fix Committed	High	Ignatious Johnson Christopher	Juniper Openstack r4.1.0.0-fcs "r4.1"

Bug Description

If keystone v3 is enabled we always try to do project scoped authentication.
_user_domain_name is by default set to 'Default' hence the below condtn is always True

https://github.com/Juniper/contrail-controller/blob/R3.2/src/config/vnc_openstack/vnc_openstack/__init__.py#L317
                if self._user_domain_name:
                    kwargs.update({
                        'project_domain_name': self._project_domain_name,
                        'project_name': self._project_name,
                    })
                else:
                    kwargs.update({
                        'domain_id': self._domain_id,
                    })

The condtn should be based on Domain name and not user_domain_name since user_domain_name is reqd for both domain scoped and project scoped auth.

BTW, our current provisioning(SM and Fab) doesnt set admin_project_domain_name and admin_project_name in keystone.conf hence the project scoped auth fails. One may set these manually in keystone.conf till this issue is resolved.

Tags:

Jeba Paulaiyan (jebap) on 2017-08-22

tags:

added: config
removed: releasenote

Senthilnathan Murugappan (msenthil) on 2017-08-24

no longer affects:

juniperopenstack/r4.0

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-24: [Review update] R3.2

Review in progress for https://review.opencontrail.org/34866
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-24: [Review update] master

Review in progress for https://review.opencontrail.org/34868
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-24: A change has been merged

Reviewed: https://review.opencontrail.org/34866
Committed: http://github.com/Juniper/contrail-controller/commit/46cfb842be04fbf00b7d06d9fb12bcbcebccca82
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 46cfb842be04fbf00b7d06d9fb12bcbcebccca82
Author: Ignatious Johnson Christopher <email address hidden>
Date: Wed Aug 23 22:29:23 2017 -0700

Using domain scoped password auth for connecting

to keystone v3.

Change-Id: If2c575673dd71301fb4794db8eee3c85d72e1c43
Closes-Bug: 1710736

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-08-27:

Reviewed: https://review.opencontrail.org/34868
Committed: http://github.com/Juniper/contrail-controller/commit/86dc25974994fee414db0e4e48a992736c7670ae
Submitter: Zuul (<email address hidden>)
Branch: master

commit 86dc25974994fee414db0e4e48a992736c7670ae
Author: Ignatious Johnson Christopher <email address hidden>
Date: Wed Aug 23 22:39:45 2017 -0700

Using domain scoped password auth for connecting

to keystone v3.

Change-Id: Idc729abc70664cf955da40abde794393843ce27c
Closes-Bug: 1710736

Mladen Maric (mmaric) on 2017-09-01

tags:

added: workday

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.