Hardcoded tenant name to access swift objects for job execution
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Sahara |
Fix Released
|
High
|
Dmitry Mescheryakov | ||
Icehouse |
Fix Released
|
High
|
Dmitry Mescheryakov |
Bug Description
The scenario is the same described in lp:1305210.
Main points: user admin, tenant/project demo. The Data Sources and the Job Binaries have been configured to use the admin user.
Sahara configuration files contains:
-------
os_admin_
os_admin_username = sahara
-------
admin user is not in the service project.
When the proposed fix for the other bug is applied (currently under review), the following backtrace can be observed:
2014-04-11 17:42:41.474 DEBUG keystoneclient.
2014-04-11 17:42:41.476 INFO urllib3.
2014-04-11 17:42:41.559 DEBUG urllib3.
2014-04-11 17:42:41.560 DEBUG keystoneclient.
RESP BODY: {"error": {"message": "User abab3eb5c92b449
from (pid=18138) _send_request /opt/stack/
2014-04-11 17:42:41.560 DEBUG keystoneclient.
2014-04-11 17:42:41.560 DEBUG keystoneclient.
2014-04-11 17:42:41.561 ERROR swiftclient [-] Unauthorised. Check username, password and tenant name/id
2014-04-11 17:42:41.561 TRACE swiftclient Traceback (most recent call last):
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/
2014-04-11 17:42:41.561 TRACE swiftclient self.url, self.token = self.get_auth()
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/
2014-04-11 17:42:41.561 TRACE swiftclient insecure=
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/
2014-04-11 17:42:41.561 TRACE swiftclient insecure=insecure)
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/
2014-04-11 17:42:41.561 TRACE swiftclient raise ClientException
2014-04-11 17:42:41.561 TRACE swiftclient ClientException: Unauthorised. Check username, password and tenant name/id
2014-04-11 17:42:41.561 TRACE swiftclient
2014-04-11 17:42:41.684 ERROR sahara.context [-] Thread 'Starting Job Execution 15d34698-
2014-04-11 17:42:41.684 TRACE sahara.context Traceback (most recent call last):
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/
2014-04-11 17:42:41.684 TRACE sahara.context func(*args, **kwargs)
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/
2014-04-11 17:42:41.684 TRACE sahara.context upload_
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/
2014-04-11 17:42:41.684 TRACE sahara.context raw_data = dispatch.
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/
2014-04-11 17:42:41.684 TRACE sahara.context res = i_swift.
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/
2014-04-11 17:42:41.684 TRACE sahara.context raise ex.SwiftClientE
2014-04-11 17:42:41.684 TRACE sahara.context SwiftClientExce
2014-04-11 17:42:41.684 TRACE sahara.context
The tenant name could/should be specified as another parameter for job binaries and data sources.
Changed in sahara: | |
status: | New → Confirmed |
Changed in sahara: | |
milestone: | none → juno-1 |
Changed in sahara: | |
importance: | Undecided → High |
assignee: | nobody → Dmitry Mescheryakov (dmitrymex) |
Changed in sahara: | |
status: | Confirmed → In Progress |
Changed in sahara: | |
status: | In Progress → Fix Committed |
Changed in sahara: | |
status: | Fix Committed → Fix Released |
Changed in sahara: | |
milestone: | juno-1 → 2014.2 |
I think we should provide two ways to access binaries:
* the old way, but also allow user to specify tenant_name in request
* the new way, which is to use token of the current user