Migrating noauth to keystone auth changes user passwords
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Mark McLoughlin |
Bug Description
I had a diablo Nova install which was using noauth and I upgraded to Essex and did:
$> sudo nova-manage export auth > auth-export.json
$> sudo keystone-manage import_nova_auth auth-export.json
and then changed auth_strategy to keystone
Attempting to do any operations with the existing credentials in a nova.zip/novarc fails with 401 Unauthorized
The issue is that this code in nova/auth/
# NOTE(vish): Deprecated auth uses an access key, no auth uses a
# the user_id in place of it.
if FLAGS.auth_strategy == 'deprecated':
access = user.access
else:
access = user.id
means that the password exported to novarc with noauth is the user id
However, when you do 'nova-manage export auth' the password exported is a random UUID which the user knows nothing about
It seems obvious enough to me that, with noauth, 'nova-manage export auth' should also use the user id as the password
Changed in nova: | |
assignee: | nobody → Mark McLoughlin (markmc) |
status: | New → In Progress |
tags: | added: essex-rc-potential |
Changed in nova: | |
importance: | Undecided → Low |
Changed in nova: | |
milestone: | none → 2012.1 |
Fix proposed to branch: master /review. openstack. org/5994
Review: https:/