Hello Corey,

I was trying to verify the SRU that it's in disco-proposed without success.
IIUC, the commands "openstack user list" and "openstack group list" should fail
when the package installed is 2:15.0.0-0ubuntu1.1 , here is the output of my
terminal, could you help me understand if I'm doing something wrong?


$  juju add-model lp1782922 && sleep 5 && tox -e func-smoke
Added 'lp1782922' model on stsstack/stsstack with credential 'laptop' for user 'laptop'
func-smoke installed: DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support,amulet==1.21.0,aodhclient==1.3.0,appdirs==1.4.3,Babel==2.7.0,backports.os==0.1.1,blessings==1.6,bundletester==0.12.2,certifi==2019.9.11,cffi==1.13.1,chardet==3.0.4,charm-tools==2.7.2,charmhelpers==0.20.4,Cheetah3==3.2.4,cliff==2.16.0,cmd2==0.8.9,colander==1.7.0,configparser==4.0.2,contextlib2==0.6.0.post1,coverage==4.5.4,cryptography==2.8,debtcollector==1.22.0,decorator==4.4.0,dict2colander==0.2,distro==1.4.0,distro-info==0.0.0,dogpile.cache==0.8.0,entrypoints==0.3,enum34==1.1.6,extras==1.0.0,fasteners==0.15,fixtures==3.0.0,flake8==2.4.1,funcsigs==1.0.2,functools32==3.2.3.post2,future==0.18.1,futures==3.3.0,futurist==1.9.0,gnocchiclient==3.1.1,httplib2==0.14.0,idna==2.8,importlib-metadata==0.23,ipaddress==1.0.23,iso8601==0.1.12,Jinja2==2.10.3,jmespath==0.9.4,jsonpatch==1.24,jsonpointer==2.0,jsonschema==2.5.1,juju-deployer==0.11.0,juju-wait==2.5.0,jujubundlelib==0.5.6,jujuclient==0.54.0,keyring==18.0.1,keystoneauth1==3.18.0,launchpadlib==1.10.7,lazr.authentication==0.1.3,lazr.restfulclient==0.14.2,lazr.uri==1.0.3,libcharmstore==0.0.9,linecache2==1.0.0,macaroonbakery==1.2.3,MarkupSafe==1.1.1,mccabe==0.3.1,mock==3.0.5,monotonic==1.5,more-itertools==5.0.0,msgpack==0.6.2,munch==2.3.2,netaddr==0.7.19,netifaces==0.10.9,nose==1.3.7,oauth==1.0.1,oauthlib==3.1.0,openstacksdk==0.36.0,os-client-config==1.33.0,os-service-types==1.7.0,osc-lib==1.14.1,oslo.concurrency==3.30.0,oslo.config==6.11.1,oslo.context==2.23.0,oslo.i18n==3.24.0,oslo.log==3.44.1,oslo.serialization==2.29.2,oslo.utils==3.41.2,osprofiler==2.8.2,otherstuf==1.1.0,parse==1.12.1,path.py==11.5.2,pathlib2==2.3.5,pathspec==0.3.4,pbr==5.4.3,pep8==1.7.1,pika==0.13.1,pkg-resources==0.0.0,prettytable==0.7.2,protobuf==3.10.0,pycparser==2.19,pyflakes==0.8.1,pyinotify==0.9.6,pymacaroons==0.13.0,PyNaCl==1.3.0,pyOpenSSL==19.0.0,pyparsing==2.4.2,pyperclip==1.7.0,pyRFC3339==1.1,python-barbicanclient==4.9.0,python-ceilometerclient==2.9.0,python-cinderclient==4.3.0,python-dateutil==2.8.0,python-designateclient==3.0.0,python-glanceclient==2.17.0,python-heatclient==1.18.0,python-keystoneclient==3.22.0,python-manilaclient==1.29.0,python-mimeparse==1.6.0,python-neutronclient==6.14.0,python-novaclient==16.0.0,python-openstackclient==4.0.0,python-subunit==1.3.0,python-swiftclient==3.8.1,pytz==2019.3,pyudev==0.21.0,PyYAML==3.13,requests==2.22.0,requestsexceptions==1.4.0,rfc3986==1.3.2,ruamel.ordereddict==0.4.14,ruamel.yaml==0.15.100,scandir==1.10.0,SecretStorage==2.3.1,simplejson==3.16.0,six==1.12.0,stestr==2.5.1,stevedore==1.31.0,stuf==0.9.16,subprocess32==3.5.4,Tempita==0.5.2,testresources==2.0.1,testtools==2.3.0,theblues==0.5.2,traceback2==1.4.0,translationstring==1.3,unicodecsv==0.14.1,unittest2==1.1.0,urllib3==1.25.6,vergit==1.0.2,virtualenv==16.7.7,voluptuous==0.11.7,wadllib==1.3.3,warlock==1.3.3,wcwidth==0.1.7,WebOb==1.8.5,websocket-client==0.40.0,wrapt==1.11.2,wsgi-intercept==1.9.0,zipp==0.6.0,zope.interface==4.6.0
func-smoke run-test-pre: PYTHONHASHSEED='0'
func-smoke runtests: commands[0] | bundletester -vl DEBUG -r json -o func-results.json dev-basic-disco-stein --no-destroy
DEBUG:bundletester.utils:Updating JUJU_MODEL: "" -> "stsstack-stsstack:laptop/lp1782922"
DEBUG:root:Bootstrap environment: stsstack-stsstack:laptop/lp1782922
DEBUG:deployer.env:Connecting to stsstack-stsstack:laptop/lp1782922...
DEBUG:jujuclient.connector:Connecting to wss://10.5.0.5:17070/model/e7ab1a55-5cb4-4787-827f-72c414ce7443/api
DEBUG:deployer.env:Connected.
DEBUG:deployer.env: Terminating machines forcefully
INFO:deployer.env:  Waiting for machine termination
DEBUG:jujuclient.connector:Connecting to wss://10.5.0.5:17070/model/e7ab1a55-5cb4-4787-827f-72c414ce7443/api
DEBUG:root:Waiting for applications to be removed...
DEBUG:runner:call ['/home/freyes/Projects/charms/openstack/builds/keystone-ldap/.tox/func-smoke/bin/charm-proof'] (cwd: /tmp/bundletester-0AQeci/keystone-ldap)
DEBUG:runner:I: `display-name` not provided, add for custom naming in the UI
DEBUG:runner:I: config.yaml: option ssl_key has no default value
DEBUG:runner:I: config.yaml: option ssl_cert has no default value
DEBUG:runner:I: config.yaml: option ldap-user has no default value
DEBUG:runner:I: config.yaml: option ldap-server has no default value
DEBUG:runner:I: config.yaml: option ssl_ca has no default value
DEBUG:runner:I: config.yaml: option ldap-password has no default value
DEBUG:runner:I: config.yaml: option domain-name has no default value
DEBUG:runner:I: config.yaml: option ldap-suffix has no default value
DEBUG:runner:I: config.yaml: option ldap-config-flags has no default value
DEBUG:runner:I: config.yaml: option tls-ca-ldap has no default value
DEBUG:runner:Exit Code: 0
DEBUG:deployer.env: Terminating machines forcefully
INFO:deployer.env:  Waiting for machine termination
DEBUG:jujuclient.connector:Connecting to wss://10.5.0.5:17070/model/e7ab1a55-5cb4-4787-827f-72c414ce7443/api
DEBUG:root:Waiting for applications to be removed...
DEBUG:runner:call ['/tmp/bundletester-0AQeci/keystone-ldap/tests/dev-basic-disco-stein'] (cwd: /tmp/bundletester-0AQeci/keystone-ldap)
DEBUG:runner:2019-10-23 20:46:33,392 __init__ INFO: OpenStackAmuletDeployment:  init
DEBUG:runner:2019-10-23 20:46:33,392 _add_services INFO: OpenStackAmuletDeployment:  adding services
DEBUG:runner:2019-10-23 20:46:33,392 _determine_branch_locations INFO: OpenStackAmuletDeployment:  determine branch locations
DEBUG:runner:2019-10-23 20:46:37 Starting deployment of stsstack-stsstack:laptop/lp1782922
DEBUG:runner:2019-10-23 20:46:40 Deploying applications...
DEBUG:runner:2019-10-23 20:46:40  Deploying application keystone using cs:~openstack-charmers-next/keystone-466
DEBUG:runner:2019-10-23 20:46:48  Deploying application keystone-ldap using /tmp/charmNpMIBv/disco/keystone-ldap
DEBUG:runner:2019-10-23 20:47:37  Deploying application ldap-server using /tmp/charmJYDRRa/disco/charm-ldap-test-fixture
DEBUG:runner:2019-10-23 20:47:45  Deploying application percona-cluster using cs:~openstack-charmers-next/percona-cluster-355
DEBUG:runner:2019-10-23 20:47:59 Config specifies num units for subordinate: keystone-ldap
DEBUG:runner:2019-10-23 20:57:47 Adding relations...
DEBUG:runner:2019-10-23 20:57:48  Adding relation keystone:shared-db <-> percona-cluster:shared-db
DEBUG:runner:2019-10-23 20:57:48  Adding relation keystone:domain-backend <-> keystone-ldap:domain-backend
DEBUG:runner:2019-10-23 21:02:15 Deployment complete in 938.02 seconds
DEBUG:runner:2019-10-23 21:03:19,577 _configure_services INFO: OpenStackAmuletDeployment:  configure services
DEBUG:runner:2019-10-23 21:03:25,258 __init__ INFO: Waiting on extended status checks...
DEBUG:runner:2019-10-23 21:03:25,259 _auto_wait_for_status INFO: Waiting for extended status on units for 5400s...
DEBUG:runner:2019-10-23 21:03:25,259 _auto_wait_for_status DEBUG: Default extended status wait match:  contains READY (case-insensitive)
DEBUG:runner:2019-10-23 21:03:25,260 _auto_wait_for_status DEBUG: Excluding services from extended status match: ['mysql', 'mongodb']
DEBUG:runner:2019-10-23 21:03:25,260 _auto_wait_for_status DEBUG: Waiting up to 5400s for extended status on services: ['keystone-ldap', 'keystone', 'ldap-server', 'percona-cluster']
DEBUG:runner:2019-10-23 21:05:44,955 _auto_wait_for_status INFO: OK
DEBUG:runner:2019-10-23 21:06:02,092 get_default_keystone_session DEBUG: Authenticating keystone admin...
DEBUG:runner:Exit Code: 0
DEBUG:bundletester.utils:Updating JUJU_MODEL: "stsstack-stsstack:laptop/lp1782922" -> ""
____________________________________________________________________ summary ____________________________________________________________________
  func-smoke: commands succeeded
  congratulations :)
$  juju ssh keystone/0 sudo su -
root@juju-ce7443-lp1782922-0:~# vim /etc/keystone/domains/keystone.userdomain.conf 
root@juju-ce7443-lp1782922-0:~# systemctl restart apache2
root@juju-ce7443-lp1782922-0:~# logout
Connection to 10.5.0.11 closed.
$  juju ssh keystone/0 sudo grep group_ /etc/keystone/domains/keystone.userdomain.conf
group_allow_create = False
group_allow_update = False
group_allow_delete = False
group_id_attribute = gidNumber
group_name_attribute = gidNumber
group_member_attribute = memberUid
group_members_are_ids = True
group_objectclass = posixGroup
#group_id_attribute = businessCategory
#group_name_attribute = businessCategory
#group_member_attribute = member
#group_members_are_ids = False
#group_objectclass = groupOfNames
group_tree_dn = ou=groups,dc=test,dc=com
Connection to 10.5.0.11 closed.
$  # scenario 1
$  juju ssh keystone/0 apt policy keystone
keystone:
  Installed: 2:15.0.0-0ubuntu1.1
  Candidate: 2:15.0.0-0ubuntu1.1
  Version table:
 *** 2:15.0.0-0ubuntu1.1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu disco-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:15.0.0-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu disco/main amd64 Packages
Connection to 10.5.0.11 closed.
$  source ~/Projects/charms/stsstack-bundles/openstack/novarc
$  openstack user list --domain userdomain
+------------------------------------------------------------------+---------+
| ID                                                               | Name    |
+------------------------------------------------------------------+---------+
| fca724553c7756d1e9685b44da25da773a0565fdf9465fa96444331f54686a01 | janedoe |
| 4586f674fa6708aad5ed4018b04ddfc518b159413af4ccefaec1cd06e3aeb0a1 | johndoe |
+------------------------------------------------------------------+---------+
$  openstack group list --domain userdomain
+------------------------------------------------------------------+------+
| ID                                                               | Name |
+------------------------------------------------------------------+------+
| 3755aa0c2ac48b44bcf712e87a1c8f981c8aad6beb095474559971c5b14f928f | 500  |
+------------------------------------------------------------------+------+
$  openstack user list --group 500 --domain userdomain
+------------------------------------------------------------------+---------+
| ID                                                               | Name    |
+------------------------------------------------------------------+---------+
| 4586f674fa6708aad5ed4018b04ddfc518b159413af4ccefaec1cd06e3aeb0a1 | johndoe |
| fca724553c7756d1e9685b44da25da773a0565fdf9465fa96444331f54686a01 | janedoe |
+------------------------------------------------------------------+---------+

$ #### scenario 2
$  juju ssh keystone/0 sudo su -
root@juju-ce7443-lp1782922-0:~# vim /etc/keystone/domains/keystone.userdomain.conf 
root@juju-ce7443-lp1782922-0:~# systemctl restart apache2
root@juju-ce7443-lp1782922-0:~# logout
Connection to 10.5.0.11 closed.
$  juju ssh keystone/0 sudo grep group_ /etc/keystone/domains/keystone.userdomain.conf
group_allow_create = False
group_allow_update = False
group_allow_delete = False
#group_id_attribute = gidNumber
#group_name_attribute = gidNumber
#group_member_attribute = memberUid
#group_members_are_ids = True
#group_objectclass = posixGroup
group_id_attribute = businessCategory
group_name_attribute = businessCategory
group_member_attribute = member
group_members_are_ids = False
group_objectclass = groupOfNames
group_tree_dn = ou=groups,dc=test,dc=com
Connection to 10.5.0.11 closed.
$  openstack user list --domain userdomain
+------------------------------------------------------------------+---------+
| ID                                                               | Name    |
+------------------------------------------------------------------+---------+
| fca724553c7756d1e9685b44da25da773a0565fdf9465fa96444331f54686a01 | janedoe |
| 4586f674fa6708aad5ed4018b04ddfc518b159413af4ccefaec1cd06e3aeb0a1 | johndoe |
+------------------------------------------------------------------+---------+
$  openstack group list --domain userdomain
+------------------------------------------------------------------+-------+
| ID                                                               | Name  |
+------------------------------------------------------------------+-------+
| a149dbfdc392a207da41189749fa57b265d5f0dde697aa1a1d72963db226c5f6 | cloud |
+------------------------------------------------------------------+-------+
$  openstack user list --group cloud --domain userdomain
+------------------------------------------------------------------+---------+
| ID                                                               | Name    |
+------------------------------------------------------------------+---------+
| 4586f674fa6708aad5ed4018b04ddfc518b159413af4ccefaec1cd06e3aeb0a1 | johndoe |
| fca724553c7756d1e9685b44da25da773a0565fdf9465fa96444331f54686a01 | janedoe |
+------------------------------------------------------------------+---------+