puppet-keystone

keystone_user keeps updating passwords due to missing auth_url

Bug #2010894 reported by Christian Rohmann on 2023-03-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	puppet-keystone	Fix Released	Undecided	Unassigned

Bug Description

The keystone_user provider keeps on changing the user password, even though no update is required.
While there is an attempt to fetch a token with the credentials to determine if the password is set correctly, this constantly fails due to a missing auth_url setting:

```
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cliff/app.py", line 397, in run_subcommand
    self.prepare_to_run_command(cmd)
  File "/usr/lib/python3/dist-packages/osc_lib/shell.py", line 474, in prepare_to_run_command
    self.cloud = self.cloud_config.get_one(
  File "/usr/lib/python3/dist-packages/openstack/config/loader.py", line 1139, in get_one
    config = self._validate_auth(config, loader)
  File "/usr/lib/python3/dist-packages/osc_lib/cli/client_config.py", line 217, in _validate_auth
    raise sdk_exceptions.OpenStackConfigException('\n'.join(msgs))
openstack.exceptions.ConfigException: Missing value auth-url required for auth plugin password
```

... unfortunately the "password needs changing" check using the Puppet::Error::OpenstackUnauthorizedError exception can not distinguish between a general configuration error of the openstack client's auth (missing variable) or an incorrect password.

This is simply due to https://opendev.org/openstack/puppet-openstacklib/src/commit/a1dfd6861f9593f005e72acaef7262e618d2cf6c/lib/puppet/provider/openstack.rb#L129 making all cases look equal.

Tags:

OpenStack Infra (hudson-openstack) on 2023-03-10

Changed in puppet-keystone:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-11: Related fix proposed to puppet-keystone (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/puppet-keystone/+/877148

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-12: Fix merged to puppet-keystone (master)

Reviewed: https://review.opendev.org/c/openstack/puppet-keystone/+/877103
Committed: https://opendev.org/openstack/puppet-keystone/commit/5a6378c6dfc053f2e65867ae9b27537b4bc558a5
Submitter: "Zuul (22348)"
Branch: master

commit 5a6378c6dfc053f2e65867ae9b27537b4bc558a5
Author: Christian Rohmann <email address hidden>
Date: Fri Mar 10 15:39:41 2023 +0100

Fix access to configs hash symbol in get_auth_endpoint

The hash returned by the request method of Puppet::Provider::Openstack
uses symbols instead of strings as keys, see [1].

    This prepends the missing ':' in front of the 'auth.auth_url' key to
    make it a symbol and to have it return the actual value instead of
    always coming back empty.

[1] https://opendev.org/openstack/puppet-openstacklib/src/commit/a1dfd6861f9593f005e72acaef7262e618d2cf6c/lib/puppet/provider/openstack.rb#L123

Closes-Bug: #2010894

Change-Id: I97546a1030559d1f91030a668106e220ce7a7650

Changed in puppet-keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-12: Fix proposed to puppet-keystone (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/puppet-keystone/+/877183

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-12: Fix proposed to puppet-keystone (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/puppet-keystone/+/877184

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-13: Fix merged to puppet-keystone (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/puppet-keystone/+/877183
Committed: https://opendev.org/openstack/puppet-keystone/commit/aab1d5b365d806d87bc9c82bb098d882d48d0e2d
Submitter: "Zuul (22348)"
Branch: stable/zed

commit aab1d5b365d806d87bc9c82bb098d882d48d0e2d
Author: Christian Rohmann <email address hidden>
Date: Fri Mar 10 15:39:41 2023 +0100

Fix access to configs hash symbol in get_auth_endpoint

The hash returned by the request method of Puppet::Provider::Openstack
uses symbols instead of strings as keys, see [1].

    This prepends the missing ':' in front of the 'auth.auth_url' key to
    make it a symbol and to have it return the actual value instead of
    always coming back empty.

[1] https://opendev.org/openstack/puppet-openstacklib/src/commit/a1dfd6861f9593f005e72acaef7262e618d2cf6c/lib/puppet/provider/openstack.rb#L123

Closes-Bug: #2010894

Change-Id: I97546a1030559d1f91030a668106e220ce7a7650
(cherry picked from commit 5a6378c6dfc053f2e65867ae9b27537b4bc558a5)

tags:

added: in-stable-zed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-14: Fix merged to puppet-keystone (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/puppet-keystone/+/877184
Committed: https://opendev.org/openstack/puppet-keystone/commit/75b22b925019f4d080874e41bffd70baa36c423d
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 75b22b925019f4d080874e41bffd70baa36c423d
Author: Christian Rohmann <email address hidden>
Date: Fri Mar 10 15:39:41 2023 +0100

Fix access to configs hash symbol in get_auth_endpoint

The hash returned by the request method of Puppet::Provider::Openstack
uses symbols instead of strings as keys, see [1].

    This prepends the missing ':' in front of the 'auth.auth_url' key to
    make it a symbol and to have it return the actual value instead of
    always coming back empty.

[1] https://opendev.org/openstack/puppet-openstacklib/src/commit/a1dfd6861f9593f005e72acaef7262e618d2cf6c/lib/puppet/provider/openstack.rb#L123

Closes-Bug: #2010894

    Change-Id: I97546a1030559d1f91030a668106e220ce7a7650
    (cherry picked from commit 5a6378c6dfc053f2e65867ae9b27537b4bc558a5)
    (cherry picked from commit aab1d5b365d806d87bc9c82bb098d882d48d0e2d)