puppet-keystone

keystone_user used project for testing password can be disabled

Bug #1814906 reported by Tobias Urdin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-keystone
Fix Released
Undecided
Tobias Urdin

Bug Description

On a puppet run the keystone_user password parameter can break idempotency because when it's testing the password it can use a disabled project if it's first in the list.

The issue is here [1] where puppet-keystone's keystone_user resource assumes the first project
in the list is good to go but it could be disabled causing a auth error that makes puppet-keystone
assume the password should be changed since it's not the current one.

puppet-agent[3613]: (/Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]/password) changed password

[1] https://github.com/openstack/puppet-keystone/blob/master/lib/puppet/provider/keystone_user/openstack.rb#L127

Tobias Urdin (tobias-urdin)
Changed in puppet-keystone:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/635162

Changed in puppet-keystone:
assignee: nobody → Tobias Urdin (tobias-urdin)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (master)

Reviewed: https://review.openstack.org/635162
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=c2456fcaa849d16273f6d00cf8cf07d02b949272
Submitter: Zuul
Branch: master

commit c2456fcaa849d16273f6d00cf8cf07d02b949272
Author: Tobias Urdin <email address hidden>
Date: Wed Feb 6 15:03:29 2019 +0100

    Keystone_user should not use disabled projects

    When testing the password for a keystone_user
    resource we need to ensure the project id that
    is used for testing auth is not disabled causing
    it to fail and puppet things the password should
    be changed.

    Change-Id: Ic4b17a2c750c3162cc609a9469d7422c2084b977
    Closes-Bug: 1814906

Changed in puppet-keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/635249

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/635453

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/635455

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/635456

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (stable/rocky)

Reviewed: https://review.openstack.org/635249
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=2707b13628c575c69cb02ad15e0a9d50bc2bbbc6
Submitter: Zuul
Branch: stable/rocky

commit 2707b13628c575c69cb02ad15e0a9d50bc2bbbc6
Author: Tobias Urdin <email address hidden>
Date: Wed Feb 6 15:03:29 2019 +0100

    Keystone_user should not use disabled projects

    When testing the password for a keystone_user
    resource we need to ensure the project id that
    is used for testing auth is not disabled causing
    it to fail and puppet things the password should
    be changed.

    Change-Id: Ic4b17a2c750c3162cc609a9469d7422c2084b977
    Closes-Bug: 1814906
    (cherry picked from commit c2456fcaa849d16273f6d00cf8cf07d02b949272)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (stable/queens)

Reviewed: https://review.openstack.org/635453
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=292fa922e36ef69e81b1d0bee956b2825b8f5f8d
Submitter: Zuul
Branch: stable/queens

commit 292fa922e36ef69e81b1d0bee956b2825b8f5f8d
Author: Tobias Urdin <email address hidden>
Date: Wed Feb 6 15:03:29 2019 +0100

    Keystone_user should not use disabled projects

    When testing the password for a keystone_user
    resource we need to ensure the project id that
    is used for testing auth is not disabled causing
    it to fail and puppet things the password should
    be changed.

    Change-Id: Ic4b17a2c750c3162cc609a9469d7422c2084b977
    Closes-Bug: 1814906
    (cherry picked from commit c2456fcaa849d16273f6d00cf8cf07d02b949272)

tags: added: in-stable-queens
tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (stable/pike)

Reviewed: https://review.openstack.org/635455
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=974ee3e51c2e836c9b8652dd7fa5dff10260f37a
Submitter: Zuul
Branch: stable/pike

commit 974ee3e51c2e836c9b8652dd7fa5dff10260f37a
Author: Tobias Urdin <email address hidden>
Date: Wed Feb 6 15:03:29 2019 +0100

    Keystone_user should not use disabled projects

    When testing the password for a keystone_user
    resource we need to ensure the project id that
    is used for testing auth is not disabled causing
    it to fail and puppet things the password should
    be changed.

    Change-Id: Ic4b17a2c750c3162cc609a9469d7422c2084b977
    Closes-Bug: 1814906
    (cherry picked from commit c2456fcaa849d16273f6d00cf8cf07d02b949272)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (stable/ocata)

Reviewed: https://review.openstack.org/635456
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=30aea4941b44b7c3816bba8d2ca4076b90901e23
Submitter: Zuul
Branch: stable/ocata

commit 30aea4941b44b7c3816bba8d2ca4076b90901e23
Author: Tobias Urdin <email address hidden>
Date: Wed Feb 6 15:03:29 2019 +0100

    Keystone_user should not use disabled projects

    When testing the password for a keystone_user
    resource we need to ensure the project id that
    is used for testing auth is not disabled causing
    it to fail and puppet things the password should
    be changed.

    Change-Id: Ic4b17a2c750c3162cc609a9469d7422c2084b977
    Closes-Bug: 1814906
    (cherry picked from commit c2456fcaa849d16273f6d00cf8cf07d02b949272)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-keystone 14.3.0

This issue was fixed in the openstack/puppet-keystone 14.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-keystone 11.6.0

This issue was fixed in the openstack/puppet-keystone 11.6.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-keystone queens-eol

This issue was fixed in the openstack/puppet-keystone queens-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-keystone rocky-eol

This issue was fixed in the openstack/puppet-keystone rocky-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.