python-muranoclient

auth against keyston v3 doesn't work

Bug #1600181 reported by justinc111
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-muranoclient
Fix Released
High
Jose Phillips
python-muranoclient 0.12.0

Bug Description

Openstack mitaka already installed, now trying to add murano. We use multi-domain setup. The openrc file downloaded from dashboard contains:
```
cat xlab-justin-openrc-v3.sh | grep OS

export OS_AUTH_URL=http://10.10.43.2:5000/v3
export OS_PROJECT_ID=22c94848f1054c0b85350f3f54824d6e
export OS_PROJECT_NAME="xlab"
export OS_USER_DOMAIN_NAME="xlab"
if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi
unset OS_TENANT_ID
unset OS_TENANT_NAME
export OS_USERNAME="justin_cinkelj"
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
# OS_REGION_NAME is optional and only valid in certain environments.
export OS_REGION_NAME="xlab"
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
```

Then:
```
murano environment-list
The request you have made requires authentication. (HTTP 401) (Request-ID: req-2dda05a3-12d1-4b8d-8363-869c10878d98)

[root@murano ~]# murano --os-user-domain-id 5ec86d5474fb4d618b342813377e6ef5 environment-list
(this one does work)
```

Keystone log - during failed command, domain with id (not name) 'default' is being searched for.

OpenStack Infra (hudson-openstack)
Changed in python-muranoclient:
assignee: nobody → justinc111 (justin-cinkelj)
status: New → In Progress
Valerii Kovalchuk (vakovalchuk)
Changed in python-muranoclient:
milestone: none → 0.9.1
importance: Undecided → High
Kirill Zaitsev (kzaitsev)
Changed in python-muranoclient:
milestone: 0.10.0 → 0.10.1
Revision history for this message
Kirill Zaitsev (kzaitsev) wrote :

I believe we've fixed this one, also all of our tests run keystone v3

Changed in python-muranoclient:
milestone: 0.11.0 → 0.12.0
status: In Progress → Incomplete
status: Incomplete → Fix Released
Revision history for this message
justinc111 (justin-cinkelj) wrote :

In stable/mitaka and in master I still see the same line of code, which caused me a problem.
https://git.openstack.org/cgit/openstack/python-muranoclient/tree/muranoclient/shell.py?h=master#n378,
```
args.os_project_domain_id = (args.os_project_domain_id or
                                             'default')
```
'default' is domain_name, not domain_id. This could work only if some code before makes sure the line never gets executed (then dead code should be removed - btw, what does code coverage say?), or some code after (say in keystone) guesses that if domain_id is not an UUID, then it must be a name (unlikely I think).

Looking briefly trough git log, I couldn't see when/by which commit(s) it was fixed.

PS: suggested fix is at https://review.openstack.org/#/c/339361/ . I just have no idea how to properly link the bug and review page.

Jose Phillips (jose-phillips)
Changed in python-muranoclient:
assignee: justinc111 (justin-cinkelj) → Jose Phillips (jose-phillips)
Serg Melikyan (smelikyan)
Changed in python-muranoclient:
status: Fix Released → Confirmed
Revision history for this message
Jose Phillips (jose-phillips) wrote :

Based on the template of openrc for Authentication V3 in horizon

https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/access_and_security/templates/access_and_security/api_access/openrc.sh.template

OS_PROJECT_DOMAIN_ID and OS_USER_DOMAIN_ID is not on this template. this is why the murano client fail to authenticate on multidomain environments.

im working in a new commit to fix this issue.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-muranoclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/412790

Changed in python-muranoclient:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-muranoclient (master)

Reviewed: https://review.openstack.org/412790
Committed: https://git.openstack.org/cgit/openstack/python-muranoclient/commit/?id=12c70b72d030c3ac2cda810088ed17861f51e0a4
Submitter: Jenkins
Branch: master

commit 12c70b72d030c3ac2cda810088ed17861f51e0a4
Author: Jose Phillips <email address hidden>
Date: Tue Dec 20 01:40:47 2016 -0500

    Fix Murano client to use V3 and MultiDomain Authentication

    This fix will going to allow the usage Murano client with V3 Authentication
    and multidomain environments.

    Based on the latest template of RC where is used os_user_domain_name
    instead of os_project_domain_id or os_user_domain_id.

    if this variables doesn't exists will going to use the old method that was
    working on older versions.

    Change-Id: I420a6d825fe228279fb21bcdd5c172c9fc6369f5
    Closes-Bug: #1600181

Changed in python-muranoclient:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-muranoclient 0.12.0

This issue was fixed in the openstack/python-muranoclient 0.12.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on python-muranoclient (master)

Change abandoned by Kirill Zaitsev (<email address hidden>) on branch: master
Review: https://review.openstack.org/339361

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.