[SRU] Issue with Project administration at Cloud Admin level

I did some analysis according the data in https://paste.openstack.org/show/bnaAKV0YXlVn088MvsFB/

1, 'users = api.keystone.user_list(self.request)' gets the user admin(3436fc62a232444597496d57e5f4b5fc)

2, 'project_users_roles = api.keystone.get_project_users_roles(self.request, project=project_id)' gets

defaultdict(<class 'list'>, {'e900b8934d11458b8eb9db21671c1b11': ['a6ab948d1f7947a98e2363f14af10fbb']})

# openstack role add --user k8s-admin --user-domain k8s --project k8s --project-domain k8s k8s-admin-role
$ openstack role assignment list --project k8s
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| a6ab948d1f7947a98e2363f14af10fbb | e900b8934d11458b8eb9db21671c1b11 | | 07123041ee0544e0ab32e50dde780afd | | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
$ openstack role list |grep k8s
| a6ab948d1f7947a98e2363f14af10fbb | k8s-admin-role |

3, the user e900b8934d11458b8eb9db21671c1b11 (k8s-admin) is in the domain k8s

$ openstack user list --domain k8s
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| e900b8934d11458b8eb9db21671c1b11 | k8s-admin |
+----------------------------------+-----------+

not in the default domain

$ openstack user list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 3436fc62a232444597496d57e5f4b5fc | admin |
| 7413f0a568fb41409e93c3179c9f8a50 | demo |
| 2dcabd8e53e0424a8974c7948268868d | alt_demo |
+----------------------------------+----------+

$ env |grep OS_
OS_PASSWORD=openstack
OS_IDENTITY_API_VERSION=3
OS_USER_DOMAIN_NAME=admin_domain
OS_REGION_NAME=RegionOne
OS_AUTH_URL=https://10.5.1.174:5000/v3
OS_PROJECT_DOMAIN_NAME=admin_domain
OS_AUTH_PROTOCOL=https
OS_USERNAME=admin
OS_AUTH_TYPE=password
OS_PROJECT_NAME=admin

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/horizon/+/910321

Groups tab of project also has the same problem - https://imgur.com/M8c4iTd
After applying for the patch - https://i.imgur.com/JHuNQ1J

Here are my steps to create test group.

openstack group create k8s-group1 --domain k8s
openstack group add user --group-domain k8s --user-domain k8s k8s-group1 k8s-admin
openstack role add --group k8s-group1 --group-domain k8s --project k8s k8s-admin-role

Reviewed: https://review.opendev.org/c/openstack/horizon/+/910321
Committed: https://opendev.org/openstack/horizon/commit/ed768ab5071307ee15f95636ea548050cb894f9e
Submitter: "Zuul (22348)"
Branch: master

commit ed768ab5071307ee15f95636ea548050cb894f9e
Author: Zhang Hua <email address hidden>
Date: Tue Feb 27 15:26:28 2024 +0800

    Fix Users/Groups tab list when a domain context is set

    The list of users assigned to a project becomes invisible when a domain context
    is set in Horizon. If a domain context is set, the user list call should
    provide a list of users within the specified domain context, rather than users
    within the user's own domain.

    Groups tab of project also has the same problem.

    Change-Id: Ia778317acc41fe589765e6cd04c7fe8cad2360ab
    Closes-Bug: #2054799

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/horizon/+/916093

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/horizon/+/916094

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/horizon/+/916095

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/horizon/+/916096

Fix proposed to branch: unmaintained/yoga
Review: https://review.opendev.org/c/openstack/horizon/+/916097

Reviewed: https://review.opendev.org/c/openstack/horizon/+/916093
Committed: https://opendev.org/openstack/horizon/commit/4936fec3a7a2cc5494d4c2c2d6c202f10366c6f2
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit 4936fec3a7a2cc5494d4c2c2d6c202f10366c6f2
Author: Zhang Hua <email address hidden>
Date: Tue Feb 27 15:26:28 2024 +0800

    Fix Users/Groups tab list when a domain context is set

    The list of users assigned to a project becomes invisible when a domain context
    is set in Horizon. If a domain context is set, the user list call should
    provide a list of users within the specified domain context, rather than users
    within the user's own domain.

    Groups tab of project also has the same problem.

    Change-Id: Ia778317acc41fe589765e6cd04c7fe8cad2360ab
    Closes-Bug: #2054799
    (cherry picked from commit ed768ab5071307ee15f95636ea548050cb894f9e)

Reviewed: https://review.opendev.org/c/openstack/horizon/+/916094
Committed: https://opendev.org/openstack/horizon/commit/593ef9b56191676d0a85b55bd152c0c757fad2de
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 593ef9b56191676d0a85b55bd152c0c757fad2de
Author: Zhang Hua <email address hidden>
Date: Tue Feb 27 15:26:28 2024 +0800

    Fix Users/Groups tab list when a domain context is set

    The list of users assigned to a project becomes invisible when a domain context
    is set in Horizon. If a domain context is set, the user list call should
    provide a list of users within the specified domain context, rather than users
    within the user's own domain.

    Groups tab of project also has the same problem.

    Change-Id: Ia778317acc41fe589765e6cd04c7fe8cad2360ab
    Closes-Bug: #2054799
    (cherry picked from commit ed768ab5071307ee15f95636ea548050cb894f9e)

Change abandoned by "Zhang Hua <email address hidden>" on branch: unmaintained/yoga
Review: https://review.opendev.org/c/openstack/horizon/+/916097
Reason: we are hitting a bandit bug that was fixed in newer branches

Change abandoned by "Elod Illes <email address hidden>" on branch: stable/zed
Review: https://review.opendev.org/c/openstack/horizon/+/916096
Reason: stable/zed branch of openstack/horizon is about to be deleted. To be able to do that, all open patches need to be abandoned. Please cherry pick the patch to unmaintained/zed if you want to further work on this patch.

The attachment "jammy.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Reviewed: https://review.opendev.org/c/openstack/horizon/+/916095
Committed: https://opendev.org/openstack/horizon/commit/4437228638b899e3963856e0e1158b364c3a97b1
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 4437228638b899e3963856e0e1158b364c3a97b1
Author: Zhang Hua <email address hidden>
Date: Tue Feb 27 15:26:28 2024 +0800

    Fix Users/Groups tab list when a domain context is set

    The list of users assigned to a project becomes invisible when a domain context
    is set in Horizon. If a domain context is set, the user list call should
    provide a list of users within the specified domain context, rather than users
    within the user's own domain.

    Groups tab of project also has the same problem.

    Change-Id: Ia778317acc41fe589765e6cd04c7fe8cad2360ab
    Depends-On: I58c2d33a07bcc04d70cc6867cb44dc7248db9651
    Closes-Bug: #2054799
    (cherry picked from commit ed768ab5071307ee15f95636ea548050cb894f9e)
    Signed-off-by: Zhang Hua <email address hidden>

Commit ed768ab50713 (proposed for Ubuntu SRUs & Cloud Archive) isn't in Oracular yet, IIUIC; adding bug task.

master

 $ git log --oneline -1 ed768ab
 ed768ab50713 Fix Users/Groups tab list when a domain context is set

stable/2024.1

 $ git log --oneline origin/stable/2024.1 | grep -m1 'Fix Users/Groups tab list when a domain context is set'
 3fce54017985 Merge "Fix Users/Groups tab list when a domain context is set" into stable/2024.1

 $ git describe --contains 3fce54017985
 fatal: cannot describe '3fce54017985ce6bc87c751880b913f456679626'

 $ git describe 3fce54017985
 24.0.0-5-g3fce54017985

stable/2023.2

 $ git log --oneline origin/stable/2023.2 | grep -m1 'Fix Users/Groups tab list when a domain context is set'
 593ef9b56191 Fix Users/Groups tab list when a domain context is set

 $ git describe --contains 593ef9b56191
 fatal: cannot describe '593ef9b56191676d0a85b55bd152c0c757fad2de'

 $ git describe 593ef9b56191
 23.3.0-11-g593ef9b56191

ubuntu

 $ rmadison -a source horizon
 ...
  horizon | 4:23.3.0-0ubuntu1.1 | mantic-updates | source
  horizon | 4:24.0.0-0ubuntu1 | noble | source
  horizon | 4:24.0.0-0ubuntu1 | oracular | source

Attaching the error image linked in the bug description for archival purposes:

"""
Expectation: Get a table with the users assigned to this project.
Result: Get an error - https://i.imgur.com/TminwUy.png [attached]
"""

Debdiff for Oracular (comment #19) for bug 1728031 and bug 2054799.

Build-tested on ppa:mfo/horizon-lp1728031-lp2054799-lp2055409 [1].
Now looking for sponsorship to the development release (core-dev).

[1] https://launchpad.net/~mfo/+archive/ubuntu/horizon-lp1728031-lp2054799-lp2055409

Fix Committed in oracular-proposed (horizon 4:24.0.0-0ubuntu2) [1].

Waiting on proposed-migration to oracular (mostly autopkgtests) [2].

If all goes well with oracular/development release, I will proceed
with review/sponsorship to the stable releses (I can handle those).

[1] https://launchpad.net/ubuntu/+source/horizon/4:24.0.0-0ubuntu2
[2] https://ubuntu-archive-team.ubuntu.com/proposed-migration/oracular/update_excuses.html#horizon

This bug was fixed in the package horizon - 4:24.0.0-0ubuntu2

---------------
horizon (4:24.0.0-0ubuntu2) oracular; urgency=medium

  [ Rodrigo Barbieri ]
  * d/p/lp1728031.patch: Fix admin unable to reset user's password.
    (LP: #1728031)

  [ Zhang Hua ]
  * d/p/lp2054799.patch: Fix Users/Groups tab list when a domain
    context is set. (LP: #2054799)

 -- Mauricio Faria de Oliveira <email address hidden> Tue, 04 Jun 2024 16:52:08 -0300

Uploaded to Noble.

Hello Hua, or anyone else affected,

Accepted horizon into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/4:24.0.0-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Uploaded to Mantic.
Build-tested on PPA [1] with -proposed enabled.

[1] https://launchpad.net/~mfo/+archive/ubuntu/horizon-lp1728031-lp2054799-lp2055409/

Uploaded to Jammy.
Build-tested on PPA [1] with -proposed enabled.

[1] https://launchpad.net/~mfo/+archive/ubuntu/horizon-lp1728031-lp2054799-lp2055409/

All autopkgtests for the newly accepted horizon (4:24.0.0-0ubuntu1.1) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

freezer-web-ui/unknown (armhf)
neutron-vpnaas-dashboard/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#horizon

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Hello Hua, or anyone else affected,

Accepted horizon into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/4:23.3.0-0ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Hua, or anyone else affected,

Accepted horizon into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/horizon/4:22.1.1-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted horizon (4:23.3.0-0ubuntu1.2) for mantic have finished running.
The following regressions have been reported in tests triggered by the package:

freezer-web-ui/unknown (arm64)
heat-dashboard/unknown (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/mantic/update_excuses.html#horizon

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted horizon (4:22.1.1-0ubuntu1.1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

heat-dashboard/unknown (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#horizon

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Charmed OpenStack ends at jammy, sunbeam to be supported on noble forwards, and there's also currently not a sunbeam build for noble yet. So currently I am unable to use charm to build a noble test env for verifcation. I have to build a jammy-caracal test env instead of noble-caracal. Considering that the openstack version caracal(2024.1) is the base version of ubuntu version noble and this patch is only related to python, I think it should be feasible to verify 4:24.0.0-0ubuntu1.1 in jammy instead of noble.

Here are my test results for jammy-caracal, it works.

BEFORE - https://imgur.com/XjJKz77
AFTER using 4:24.0.0-0ubuntu1.1 - https://i.imgur.com/9HxuMhU.png

Sorry, I actually tested jammy-proposed above

jammy-propsed 4:22.1.1-0ubuntu1.1
mantic-proposed 4:23.3.0-0ubuntu1.2
noble-proposed 4:24.0.0-0ubuntu1.1

root@juju-35c232-noble-9:/home/ubuntu# dpkg -l |grep openstack-dashboard
ii openstack-dashboard 4:22.1.1-0ubuntu1.1 all Django web interface for OpenStack
ii openstack-dashboard-common 4:22.1.1-0ubuntu1.1 all Django web interface for OpenStack - common files
ii openstack-dashboard-ubuntu-theme 4:22.1.1-0ubuntu1.1 all Transitional dummy package for Ubuntu theme for Horizon