[SRU] application credentials created via Horizon with the admin project scope have project_id == None

Status changed to 'Confirmed' because the bug affects multiple users.

in /openstack/venvs/keystone-18.1.5/lib/python2.7/site-packages/keystone/token/token_formatters.py on line 290 there is the named parameter "hex" missing for uuid.UUID()

uuid_obj = uuid.UUID(hex=uuid_string)
instead of
uuid_obj = uuid.UUID(uuid_string)

The same is happening on focal/ussuri

If an user that has a role in the domain (admin or member) either a direct role or inherited from the group, creates an application credentials, this is created without the project id and when the user tries to use them, it gets the following error:

$ . app-cred-no-project-id-openrc.sh
$ openstack server list
The service catalog is empty.

If an user with no role in the domain but only roles in the projects, creates an application credentials, this is created with the project id and it works correctly.

Marking it as field-high, as there is a workaround for it that is:
not granting domain roles to the user

https://review.opendev.org/c/openstack/horizon/+/856308

I did more testing around this and found out that there are only specific combinations where the problems happens. See combinations below:

project admin in same domain as user + domain admin in same domain as user = Fail
project admin in other domain + domain admin in same domain as user = Fail
project admin in same domain as user + domain admin in other domain = works
project admin in other domain + domain admin in other domain = works

testing the member variations on the 2 variations above that work:

project admin in same domain as user + domain member in same domain as user = works
project member in same domain as user + domain admin in same domain as user = works
project admin in other domain + domain member in same domain as user = works
project member in other domain + domain admin in same domain as user = works

therefore it is necessary for the user to be both project + domain admin for it to fail, and the user has to be a domain admin in his/her own user domain

Thanks Rodrigo. Uploaded and subscribed ubuntu-sru.

Hello Dmitrii, or anyone else affected,

Accepted horizon into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/4:23.0.0-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Dmitrii, or anyone else affected,

Accepted horizon into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/4:22.1.0-0ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Dmitrii, or anyone else affected,

Accepted horizon into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/3:18.3.5-0ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Dmitrii, or anyone else affected,

Accepted horizon into wallaby-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:wallaby-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-wallaby-needed to verification-wallaby-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-wallaby-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Dmitrii, or anyone else affected,

Accepted horizon into xena-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:xena-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-xena-needed to verification-xena-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-xena-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Dmitrii, or anyone else affected,

Accepted horizon into victoria-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:victoria-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-victoria-needed to verification-victoria-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-victoria-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Dmitrii, or anyone else affected,

Accepted horizon into zed-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:zed-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-zed-needed to verification-zed-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-zed-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Dmitrii, or anyone else affected,

Accepted horizon into yoga-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:yoga-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-yoga-needed to verification-yoga-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-yoga-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Dmitrii, or anyone else affected,

Accepted horizon into ussuri-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ussuri-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ussuri-needed to verification-ussuri-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ussuri-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

This bug was fixed in the package horizon - 4:23.0.0-0ubuntu1.1

---------------
horizon (4:23.0.0-0ubuntu1.1) kinetic; urgency=medium

  * d/gbp.conf: Create stable/zed branch.
  * d/p/lp1827120.patch: Fix missing project_id in application credential
    create when user has both project+domain admin role (LP: #1827120).

 -- Rodrigo Barbieri <email address hidden> Mon, 05 Dec 2022 13:27:43 +0000

The verification of the Stable Release Update for horizon has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package horizon - 4:22.1.0-0ubuntu2.1

---------------
horizon (4:22.1.0-0ubuntu2.1) jammy; urgency=medium

  [ Corey Bryant ]
  * d/gbp.conf: Create stable/yoga branch.

  [ Rodrigo Barbieri ]
  * d/p/lp1827120.patch: Fix missing project_id in application credential
    create when user has both project+domain admin role (LP: #1827120).

 -- Rodrigo Barbieri <email address hidden> Mon, 05 Dec 2022 13:51:11 +0000

This bug was fixed in the package horizon - 3:18.3.5-0ubuntu2.1

---------------
horizon (3:18.3.5-0ubuntu2.1) focal; urgency=medium

  * d/p/lp1827120.patch: Fix missing project_id in application credential
    create when user has both project+domain admin role (LP: #1827120).

 -- Rodrigo Barbieri <email address hidden> Mon, 05 Dec 2022 14:53:55 +0000

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package horizon - 4:23.0.0-0ubuntu1.1~cloud0
---------------

 horizon (4:23.0.0-0ubuntu1.1~cloud0) jammy-zed; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 horizon (4:23.0.0-0ubuntu1.1) kinetic; urgency=medium
 .
   * d/gbp.conf: Create stable/zed branch.
   * d/p/lp1827120.patch: Fix missing project_id in application credential
     create when user has both project+domain admin role (LP: #1827120).

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package horizon - 4:22.1.0-0ubuntu2.1~cloud0
---------------

 horizon (4:22.1.0-0ubuntu2.1~cloud0) focal-yoga; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 horizon (4:22.1.0-0ubuntu2.1) jammy; urgency=medium
 .
   [ Corey Bryant ]
   * d/gbp.conf: Create stable/yoga branch.
 .
   [ Rodrigo Barbieri ]
   * d/p/lp1827120.patch: Fix missing project_id in application credential
     create when user has both project+domain admin role (LP: #1827120).

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package horizon - 4:20.1.2-0ubuntu1~cloud1
---------------

 horizon (4:20.1.2-0ubuntu1~cloud1) focal-xena; urgency=medium
 .
   * d/p/lp1827120.patch: Fix missing project_id in application credential
     create when user has both project+domain admin role (LP: #1827120).

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package horizon - 4:19.4.0-0ubuntu1~cloud1
---------------

 horizon (4:19.4.0-0ubuntu1~cloud1) focal-wallaby; urgency=medium
 .
   * d/p/lp1827120.patch: Fix missing project_id in application credential
     create when user has both project+domain admin role (LP: #1827120).
 .
 horizon (4:19.4.0-0ubuntu1~cloud0) focal-wallaby; urgency=medium
 .
   * New stable point release for OpenStack Wallaby (LP: #1998824).

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package horizon - 4:18.6.4-0ubuntu1~cloud1
---------------

 horizon (4:18.6.4-0ubuntu1~cloud1) focal-victoria; urgency=medium
 .
   * d/p/lp1827120.patch: Fix missing project_id in application credential
     create when user has both project+domain admin role (LP: #1827120).

This issue was fixed in the openstack/horizon 20.1.3 release.

The verification of the Stable Release Update for horizon has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package horizon - 4:20.1.3-0ubuntu1~cloud1
---------------

 horizon (4:20.1.3-0ubuntu1~cloud1) focal-xena; urgency=medium
 .
   * New stable point release for OpenStack Xena (LP: #2004032).
   * d/p/lp1827120.patch: Dropped. Fixed in stable point release.
 .
 horizon (4:20.1.2-0ubuntu1~cloud1) focal-xena; urgency=medium
 .
   * d/p/lp1827120.patch: Fix missing project_id in application credential
     create when user has both project+domain admin role (LP: #1827120).
 .
 horizon (4:20.1.2-0ubuntu1~cloud0) focal-xena; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 horizon (4:20.1.2-0ubuntu1) impish; urgency=medium
 .
   * New stable point release for OpenStack Xena (LP: #1972665).
   * Remove patches that have landed upstream:
     - d/p/0001-Fix-for-Resize-instance-button.patch
 .
 horizon (4:20.1.1-0ubuntu2) impish; urgency=medium
 .
   * d/p/0001-Fix-for-Resize-instance-button.patch: Fixes resize instance
     widget (LP: #1940834).
 .
 horizon (4:20.1.1-0ubuntu1) impish; urgency=medium
 .
   [ Corey Bryant ]
   * d/gbp.conf: Create stable/xena branch.
 .
   [ Felipe Reyes ]
   * New stable point release for OpenStack Xena (LP: #1962582).
 .
 horizon (4:20.1.0-0ubuntu1) impish; urgency=medium
 .
   * d/watch: Scope to 20.x series.
   * New upstream release for OpenStack Xena.
 .
 horizon (4:20.0.0+git2021091315.420eaa5ba-0ubuntu1) impish; urgency=medium
 .
   * New upstream snapshot for OpenStack Xena.
 .
 horizon (4:19.2.0+git2021072116.b58ac2894-0ubuntu1) impish; urgency=medium
 .
   * New upstream snapshot for OpenStack Xena.
 .
 horizon (4:19.2.0+git2021062815.310a24d05-0ubuntu1) impish; urgency=medium
 .
   * New upstream snapshot for OpenStack Xena.
 .
 horizon (4:19.2.0-0ubuntu1) hirsute; urgency=medium
 .
   * New upstream release for OpenStack Wallaby.
   * d/control: Align (Build-)Depends with upstream.
 .
 horizon (4:19.1.0-0ubuntu1) hirsute; urgency=medium
 .
   * d/watch: Fix tarball path.
   * New upstream stable point release for OpenStack Wallaby.
   * d/control: Align (Build-)Depends with upstream.
 .
 horizon (4:19.0.0+git2021012814.944902c5c-0ubuntu1) hirsute; urgency=medium
 .
   * New upstream snapshot for OpenStack Wallaby.
 .
 horizon (4:19.0.0-0ubuntu1) hirsute; urgency=medium
 .
   * d/watch: Scope to 19.x series.
   * New upstream release for OpenStack Wallaby.
   * d/p/fix-dashboard-django-wsgi.patch: Removed. Upstream removed deprecated file.
   * d/p/ubuntu_settings.patch: Refreshed.
 .
 horizon (4:18.6.1-0ubuntu2) hirsute; urgency=medium
 .
   * d/control: Ensure min version of python3-swiftclient can get
     capabilities when using ceph radosgw swift API (LP: #1902944).
 .
 horizon (4:18.6.1-0ubuntu1) groovy; urgency=medium
 .
   * New upstream release for OpenStack Victoria.
 .
 horizon (4:18.6.0-0ubuntu1) groovy; urgency=medium
 .
   [ Chris MacNaughton ]
   * d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.
 .
   [ Corey Bryant ]
   * New upstream release for OpenStack Victoria.
 .
 horizon (3:19.0.0~b3~git2020091105.79e505520-0ubuntu1) groovy; urgency=medium
 .
   * d/control: Remove Breaks/Replaces that are older than Focal (LP...

This issue was fixed in the openstack/horizon 23.1.0 release.

This issue was fixed in the openstack/horizon 22.1.1 release.

This issue was fixed in the openstack/horizon ussuri-eol release.

This issue was fixed in the openstack/horizon 23.0.1 release.

This issue was fixed in the openstack/horizon victoria-eom release.

This issue was fixed in the openstack/horizon wallaby-eom release.