[barbican][OC4.0] lbaas creation fails for non-admin user in non-default domain
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenContrail |
New
|
Undecided
|
Unassigned |
Bug Description
Env: OS pike, opencontrail 4.0, barbican, keystone domain.
Steps to reproduce:
- Create some users in keystone domain.
- Follow instructions on lbaas creation [1]
Follow the steps from the link below with following difference.
https:/
1 Make sure you are using user from non-default domain with member and creator role to upload secret with ssl certificate.
2 Make sure when you create lbaas VIP you are doing this in non-default domain project and user is also not;
Expected result:
VIP with https is created and ssl certificate is installed.
Actual result:
lbaas is not able to download secret created by user in any project other than the project where opencontrail_
/var/log/
08/13/2018 20:31:31 ERROR Exception in Createing haproxy config for Loadbalancer-ID ee51ff08-
Traceback (most recent call last):
File "/usr/lib/
haproxy_
File "/usr/lib/
provider, haproxy_config, lbaas_auth_conf, dir_name)
File "/usr/lib/
update_
File "/usr/lib/
pem_file_name = tls.create_
File "/usr/lib/
pem_file_name = dest_dir + '/'+ self.primary_cn + '.pem'
TypeError: cannot concatenate 'str' and 'NoneType' objects
08/13/2018 20:31:31 ERROR <type 'exceptions.
08/13/2018 20:31:31 ERROR Inappropriate argument type.
08/13/2018 20:31:31 ERROR cannot concatenate 'str' and 'NoneType' objects
08/13/2018 20:31:31 MSG Stopping haproxy for Loadbalancer-ID
From what I see in the code it is a by design behavior as all resources are accessed as contrail admin https:/
looking at the code, the same bug should affect OpenContrail 3.x as well