user/tenant/user-role pattern is broken for empty tenants
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-keystone |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The pattern shown on the README for making a user, a tenant, and then a role for said user in said tenant is broken unless a tenant is specified.
Here is the broken pattern:
keystone_tenant { $monitor_project:
ensure => present,
enabled => True,
}
keystone_user { $monitor_user:
ensure => present,
enabled => True,
email => $monitor_email,
password => $monitor_password,
}
keystone_
ensure => present,
roles => ['_member_']
}
The issue manifests itself like this:
Error: /Stage[
The issue there is that --user-id is followed by nothing. I traced the Ruby code to the best of my limited Ruby skills and found that it is first trying to find the ID of the new user "monitoring" by doing this: keystone user-list --tenant-id icinga. Since the icinga tenant is new, there are no users, so when that fails, it doesn't find the user ID. It then takes this empty user-id and tries to see if the role for it already is set, leading to the error message.
The work-around is to set the tenant property on the $monitor_user, this seeds them into the tenant properly, but this is annoying and should be fixed.
This happened in stable/icehouse.
description: | updated |
Changed in puppet-keystone: | |
status: | New → Triaged |
Is this still a problem in the latest code?