[openstackclient] Existing user validation from different domain fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack + Chef |
Fix Released
|
Undecided
|
Henrique Santos |
Bug Description
The "create" action from the "openstack_user" resource defined in the "openstackclient" cookbook does not perform correct validation if the indicated user is from a domain other than "default".
From "cookbook-
"
action :create do
user = new_resource.
project = new_resource.
domain = new_resource.
if user
log "User with name: \"#{new_
"
I believe that the line "user = new_resource.
Therefore when the validation for the existence of the user is done, it always reports the user does not exist if the domain of the user is different.
Example:
The "openstack-
# Create heat_domain_admin in domain heat
openstack_user stack_domain_admin do
domain_name heat_domain_name
password stack_domain_
connection_params connection_params
end
However when running this recipe for the second time, it fails because of this resource with the following error:
"
FATAL: Excon::
:body => "{\"error\": {\"message\": \"Conflict occurred attempting to store user - Duplicate entry found with name heat_domain_admin at domain ID 3164c1efabb6472
:cookies => [
]
:headers => {
"Date" => "Tue, 24 Mar 2020 17:34:46 GMT"
"Server" => "Apache"
"Vary" => "X-Auth-Token"
}
:host => "127.0.0.1"
:path => "/v3/users"
:port => 5000
:remote_ip => "127.0.0.1"
:status => 409
"
It indicates that the "openstack_user" resource tried to create the user even though it already exists. However this resource should detect the existence of the user and report the user already exists, just like it happens with other users created in the "default" domain in this recipe:
"
* openstack_
* log[User with name: "heat" already exists] action write
"
After reviewing the code in "cookbook- openstackclient /libraries/ openstack_ user.rb" , I believe the user validation is not done correctly in the other actions, i.e ":delete", ":grant_role", ":revoke_role", etc.