1. heat stack-create -f bug-1356084.yaml a
an instance and a first user is created.
2. heat stack-update -f bug-1356084.yaml -P user_data=two bug-1356084
After a new instance and the second user have been created, the primary instance and the first user will be deleted. But there comes the 403 failure from keystone during deleting the first user, which cause the failure of updating stack.
The primary cause of failure when updating the userdata of instance during stack update is that stack.stack_user_project_id is None when deleting the primary stack domain user. See in heat/engine/resources/stack_user.py
def _delete_user(self):
user_id = self._get_user_id()
if user_id is None:
return
try: self.keystone().delete_stack_domain_user( user_id=user_id, project_id=self.stack.stack_user_project_id)
except kc_exception.NotFound:
pass
except ValueError:
# FIXME(shardy): This is a legacy delete path for backwards
# compatibility with resources created before the migration
# to stack_user.StackUser domain users. After an appropriate
# transitional period, this should be removed. LOG.warn(_LW('Reverting to legacy user delete path'))
try: self.keystone().delete_stack_user(user_id)
except kc_exception.NotFound: pass
Because self.stack.stack_user_project_id is None, then delete_stack_domain_user fails and self.keystone().delete_stack_user(user_id) is to be called. The member role of demo user causes 403 failure from keystone during delete user.
So pass the stack_user_project_id to updated_stack, oldstack and backup_stack, then updates succeessfully.
1. heat stack-create -f bug-1356084.yaml a
an instance and a first user is created.
2. heat stack-update -f bug-1356084.yaml -P user_data=two bug-1356084
After a new instance and the second user have been created, the primary instance and the first user will be deleted. But there comes the 403 failure from keystone during deleting the first user, which cause the failure of updating stack.
The primary cause of failure when updating the userdata of instance during stack update is that stack.stack_ user_project_ id is None when deleting the primary stack domain user. See in heat/engine/ resources/ stack_user. py
def _delete_user(self):
self. keystone( ).delete_ stack_domain_ user(
user_ id=user_ id, project_ id=self. stack.stack_ user_project_ id) NotFound: StackUser domain users. After an appropriate
LOG. warn(_LW( 'Reverting to legacy user delete path'))
self. keystone( ).delete_ stack_user( user_id) NotFound:
pass
user_id = self._get_user_id()
if user_id is None:
return
try:
except kc_exception.
pass
except ValueError:
# FIXME(shardy): This is a legacy delete path for backwards
# compatibility with resources created before the migration
# to stack_user.
# transitional period, this should be removed.
try:
except kc_exception.
Because self.stack. stack_user_ project_ id is None, then delete_ stack_domain_ user fails and self.keystone( ).delete_ stack_user( user_id) is to be called. The member role of demo user causes 403 failure from keystone during delete user.
So pass the stack_user_ project_ id to updated_stack, oldstack and backup_stack, then updates succeessfully.