os_magnum playbook can not assign user role on project: ''

I have strong feeling, I've already dealt with that and issue was resolved quite some time ago.

I'd even say, that this patch should handle the issue in topic: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/880028

But hard to be sure without output of the failure or at least task name that failed. So at least we need an actual failure output to be able to triage this issue.

I've removed the role assignments, here's the trace of the failed rerun:

TASK [openstack.osa.service_setup : Add service users to roles] ******************************************************************************************************************************************************************
task path: /etc/ansible/ansible_collections/openstack/osa/roles/service_setup/tasks/setup_roles.yml:32
container_name: "cont01_utility_container-94aa78da"
physical_host: "cont01"
Container confirmed
Container type "lxc"
The full traceback is:
  File "/tmp/ansible_openstack.cloud.role_assignment_payload_142909u1/ansible_openstack.cloud.role_assignment_payload.zip/ansible_collections/openstack/cloud/plugins/module_utils/openstack.py", line 415, in __call__
    results = self.run()
  File "/tmp/ansible_openstack.cloud.role_assignment_payload_142909u1/ansible_openstack.cloud.role_assignment_payload.zip/ansible_collections/openstack/cloud/plugins/modules/role_assignment.py", line 179, in run
  File "/openstack/venvs/utility-27.3.0/lib/python3.8/site-packages/openstack/cloud/_identity.py", line 1238, in grant_role
    data = self._get_grant_revoke_params(
  File "/openstack/venvs/utility-27.3.0/lib/python3.8/site-packages/openstack/cloud/_identity.py", line 1199, in _get_grant_revoke_params
    raise exc.OpenStackCloudException(
failed: [cont01_magnum_container-07246985 -> cont01_utility_container-94aa78da(192.168.233.89)] (item=admin) => {
    "ansible_loop_var": "role",
    "attempts": 5,
    "changed": false,
    "extra_data": {
        "data": null,
        "details": "None",
        "response": "None"
    },
    "invocation": {
        "module_args": {
            "api_timeout": null,
            "auth": null,
            "auth_type": null,
            "ca_cert": null,
            "client_cert": null,
            "client_key": null,
            "domain": "magnum",
            "endpoint_type": "admin",
            "group": null,
            "interface": "admin",
            "project": "",
            "region_name": null,
            "role": "admin",
            "sdk_log_level": "INFO",
            "sdk_log_path": null,
            "state": "present",
            "system": null,
            "timeout": 180,
            "user": "trustee_domain_admin",
            "validate_certs": true,
            "wait": true
        }
    },
    "msg": "Must specify either a user or a group",
    "role": "admin"
}

Ok, this error is slightly different from what I originally assumed. I don't see any failures in CI for 2023.1 release, so will try to reproduce the error in sandbox.

I was not able to reproduce the error on 27.3.0 in my sandbox. Magnum was successfully installed without any errors.

It fails for me every time, but I'm not sure how to narrow it down. Any pointers?

It kinda looks like issue in collection module to me.
As I see all data as I would expect to see for the module, and contains "user" while module says it doesn't.

Could it be that you have some alternative collection version in some different path then /etc/ansible (like ~/.ansible) that may take prescedence over osa installed version?

No other collections or modifications there. I've re-bootstrapped OSA to make sure.
The only override for Magnum I have is magnum_cert_manager_type=barbican, not sure if it's relevant.

Also have Octavia installed, but apparently it only comes into play during cluster creation if LB for Kuber Master is ticked.

I initially installed magnum about 2 months ago and had that failure right off. I've eventually solved it by manually assigning roles, so don't remember much, except that it was somehow connected to project='' although it failed later in the code, but maybe I'm mistaken here.

Just to make sure that all required libraries are also correct, can you kindly provide output of:

/openstack/venvs/utility-27.3.0/bin/pip list | grep openstacksdk

from inside of cont01_utility_container-94aa78da container?

root@cont01-utility-container-94aa78da:~# /openstack/venvs/utility-27.3.0/bin/pip list | grep openstacksdk
openstacksdk 1.0.1
root@cont01-utility-container-94aa78da:~#

It is the same on all 3 controller's utility containers in the installation.