The scenario is the same described in lp:1305210.
Main points: user admin, tenant/project demo. The Data Sources and the Job Binaries have been configured to use the admin user.
Sahara configuration files contains:
--------------------
os_admin_tenant_name = service
os_admin_username = sahara
--------------------
admin user is not in the service project.
When the proposed fix for the other bug is applied (currently under review), the following backtrace can be observed:
2014-04-11 17:42:41.474 DEBUG keystoneclient.session [-] REQ: curl -i -X POST http://10.34.1.187:5000/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d '{"auth": {"tenantName": "service", "passwordCredentials": {"username": "admin", "password": "empty"}}}' from (pid=18138) request /opt/stack/python-keystoneclient/keystoneclient/session.py:245
2014-04-11 17:42:41.476 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): 10.34.1.187
2014-04-11 17:42:41.559 DEBUG urllib3.connectionpool [-] "POST /v2.0/tokens HTTP/1.1" 401 161 from (pid=18138) _make_request /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:330
2014-04-11 17:42:41.560 DEBUG keystoneclient.session [-] RESP: [401] CaseInsensitiveDict({'date': 'Fri, 11 Apr 2014 15:42:41 GMT', 'vary': 'X-Auth-Token', 'content-length': '161', 'content-type': 'application/json', 'www-authenticate': 'Keystone uri="http://10.34.1.187:5000/"'})
RESP BODY: {"error": {"message": "User abab3eb5c92b449d972c2b582c05add6 is unauthorized for tenant d9c50311b94c47b8bed593e422e2b1a3", "code": 401, "title": "Unauthorized"}}
from (pid=18138) _send_request /opt/stack/python-keystoneclient/keystoneclient/session.py:285
2014-04-11 17:42:41.560 DEBUG keystoneclient.session [-] Request returned failure status: 401 from (pid=18138) request /opt/stack/python-keystoneclient/keystoneclient/session.py:261
2014-04-11 17:42:41.560 DEBUG keystoneclient.v2_0.client [-] Authorization Failed. from (pid=18138) get_raw_token_from_identity_service /opt/stack/python-keystoneclient/keystoneclient/v2_0/client.py:172
2014-04-11 17:42:41.561 ERROR swiftclient [-] Unauthorised. Check username, password and tenant name/id
2014-04-11 17:42:41.561 TRACE swiftclient Traceback (most recent call last):
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/python-swiftclient/swiftclient/client.py", line 1192, in _retry
2014-04-11 17:42:41.561 TRACE swiftclient self.url, self.token = self.get_auth()
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/python-swiftclient/swiftclient/client.py", line 1166, in get_auth
2014-04-11 17:42:41.561 TRACE swiftclient insecure=self.insecure)
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/python-swiftclient/swiftclient/client.py", line 364, in get_auth
2014-04-11 17:42:41.561 TRACE swiftclient insecure=insecure)
2014-04-11 17:42:41.561 TRACE swiftclient File "/opt/stack/python-swiftclient/swiftclient/client.py", line 298, in get_keystoneclient_2_0
2014-04-11 17:42:41.561 TRACE swiftclient raise ClientException('Unauthorised. Check username, password'
2014-04-11 17:42:41.561 TRACE swiftclient ClientException: Unauthorised. Check username, password and tenant name/id
2014-04-11 17:42:41.561 TRACE swiftclient
2014-04-11 17:42:41.684 ERROR sahara.context [-] Thread 'Starting Job Execution 15d34698-582c-40a8-9798-5a6bb323e566' fails with exception: 'Unauthorised. Check username, password and tenant name/id'
2014-04-11 17:42:41.684 TRACE sahara.context Traceback (most recent call last):
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/sahara/sahara/context.py", line 124, in _wrapper
2014-04-11 17:42:41.684 TRACE sahara.context func(*args, **kwargs)
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/sahara/sahara/service/edp/job_manager.py", line 144, in run_job
2014-04-11 17:42:41.684 TRACE sahara.context upload_job_files(oozie_server, wf_dir, job, hdfs_user)
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/sahara/sahara/service/edp/job_manager.py", line 186, in upload_job_files
2014-04-11 17:42:41.684 TRACE sahara.context raw_data = dispatch.get_raw_binary(main)
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/sahara/sahara/service/edp/binary_retrievers/dispatch.py", line 30, in get_raw_binary
2014-04-11 17:42:41.684 TRACE sahara.context res = i_swift.get_raw_data(context.ctx(), job_binary)
2014-04-11 17:42:41.684 TRACE sahara.context File "/opt/stack/sahara/sahara/service/edp/binary_retrievers/internal_swift.py", line 100, in get_raw_data
2014-04-11 17:42:41.684 TRACE sahara.context raise ex.SwiftClientException(e.message)
2014-04-11 17:42:41.684 TRACE sahara.context SwiftClientException: Unauthorised. Check username, password and tenant name/id
2014-04-11 17:42:41.684 TRACE sahara.context
The tenant name could/should be specified as another parameter for job binaries and data sources.
I think we should provide two ways to access binaries:
* the old way, but also allow user to specify tenant_name in request
* the new way, which is to use token of the current user