skyline apiserver

user login failure due to no role assignment to its default project

Bug #2049719 reported by Wu Wenxiang on 2024-01-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	skyline apiserver	Fix Released	Undecided	Wu Wenxiang

Bug Description

This bug start from: https://review.opendev.org/c/openstack/skyline-apiserver/+/901229

feat: Add default_project_id

1. add default_project_id into profile to return
2. if user has default_project_id, then we will login into
this project as default.

Change-Id: I147f7866163ae4d102e83f7c28bbf0077f463974

If a user has default_project however didn't have an role assignment, skyline apiserver login would fail.

root@99dev:~# openstack user show '486f3b2b45054d499152922375fd9ab5'
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | ffa320e2bbe245b0b4b0c5498803243c |
| domain_id | default |
| email | wu.wenxiang@99cloud.net |
| enabled | True |
| id | 486f3b2b45054d499152922375fd9ab5 |
| name | wuwenxiang |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+

logs:

2024-01-18 05:58:07.497 | DEBUG | keystoneauth1.session:_http_log_request:517 - REQ: curl -g -i --cacert "" -X GET https://cloud2.99cloud.com.cn:5000/v3/auth/projects -H "Accept: application/json" -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: {SHA256}7fa06b9dad162e2f5693a794f56fd96f744c00657973c7f87e5fc86dbb50da7e"
2024-01-18 05:58:07.549 | DEBUG | urllib3.connectionpool:_make_request:473 - https://cloud2.99cloud.com.cn:5000 "GET /v3/auth/projects HTTP/1.1" 200 1172
2024-01-18 05:58:07.551 | DEBUG | keystoneauth1.session:_http_log_response:548 - RESP: [200] Content-Length: 1172 Content-Type: application/json Date: Thu, 18 Jan 2024 05:58:07 GMT Server: Apache Vary: X-Auth-Token x-openstack-request-id: req-c3761be9-e984-4e37-814d-29aa22c6f74c
2024-01-18 05:58:07.552 | DEBUG | keystoneauth1.session:_http_log_response:580 - RESP BODY: {"links": {"self": "https://cloud2.99cloud.com.cn:5000/v3/auth/projects", "previous": null, "next": null}, "projects": [{"is_domain": false, "description": "", "links": {"self": "https://cloud2.99cloud.com.cn:5000/v3/projects/223c5c002e1c4935b46909d3aa6f3b2e"}, "tags": [], "domain_id": "default", "enabled": true, "options": {}, "parent_id": "default", "id": "223c5c002e1c4935b46909d3aa6f3b2e", "name": "license_end@2025-06-03"}, {"is_domain": false, "description": "CAAS\u56e2\u961f-end@2050.10.1", "links": {"self": "https://cloud2.99cloud.com.cn:5000/v3/projects/927331afac2843af8be433d4e38934da"}, "tags": [], "domain_id": "default", "enabled": true, "options": {}, "parent_id": "default", "id": "927331afac2843af8be433d4e38934da", "name": "CAAS\u7814\u53d1\u56e2\u961f"}, {"is_domain": false, "description": "AnimbusCloudX \u955c\u50cf\u6784\u5efa end@2025.3.15", "links": {"self": "https://cloud2.99cloud.com.cn:5000/v3/projects/d88cd00da6f6486c9be72461a0eeed9c"}, "tags": [], "domain_id": "default", "enabled": true, "options": {}, "parent_id": "default", "id": "d88cd00da6f6486c9be72461a0eeed9c", "name": "AnimbusCloudX \u955c\u50cf\u6784\u5efa end@2025.2.26"}]}

2024-01-18 05:58:07.552 | DEBUG | keystoneauth1.session:request:953 - GET call to identity for https://cloud2.99cloud.com.cn:5000/v3/auth/projects used request id req-c3761be9-e984-4e37-814d-29aa22c6f74c
2024-01-18 05:58:07.558 | DEBUG | keystoneauth1.identity.v3.base:get_auth_ref:184 - Making authentication request to https://cloud2.99cloud.com.cn:5000/v3/auth/tokens
2024-01-18 05:58:07.561 | DEBUG | urllib3.connectionpool:_new_conn:1014 - Starting new HTTPS connection (1): cloud2.99cloud.com.cn:5000
2024-01-18 05:58:07.643 | DEBUG | urllib3.connectionpool:_make_request:473 - https://cloud2.99cloud.com.cn:5000 "POST /v3/auth/tokens HTTP/1.1" 401 109
2024-01-18 05:58:07.646 | DEBUG | keystoneauth1.session:request:983 - Request returned failure status: 401

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-01-18: Fix proposed to skyline-apiserver (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/skyline-apiserver/+/906025

Changed in skyline-apiserver:
status:	New → In Progress

Wu Wenxiang (wu-wenxiang) on 2024-01-18

Changed in skyline-apiserver:
assignee:	nobody → Wu Wenxiang (wu-wenxiang)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-01-18: Fix merged to skyline-apiserver (master)

Reviewed: https://review.opendev.org/c/openstack/skyline-apiserver/+/906025
Committed: https://opendev.org/openstack/skyline-apiserver/commit/ce10b6691fc9fbdad4024e572a9352fb9a51671a
Submitter: "Zuul (22348)"
Branch: master

commit ce10b6691fc9fbdad4024e572a9352fb9a51671a
Author: Wenxiang Wu <wu.wenxiang@99cloud.net>
Date: Thu Jan 18 14:42:13 2024 +0800

fix: user login failure due to no role assignment to its default project

This bug start from: https://review.opendev.org/c/openstack/skyline-apiserver/+/901229

Closes-Bug: #2049719
Change-Id: Icd7dbd5128dc8f4eb83a09d3304726ebb96cb074

Changed in skyline-apiserver:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-15: Fix included in openstack/skyline-apiserver 4.0.0.0rc1

This issue was fixed in the openstack/skyline-apiserver 4.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.