Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1518625 - fog auth errors when openstack project is disabled in provider side
Summary: fog auth errors when openstack project is disabled in provider side
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: GA
: 5.10.0
Assignee: Marek Aufart
QA Contact: Ido Ovadia
URL:
Whiteboard:
Depends On:
Blocks: 1520617 1531120 1531121
TreeView+ depends on / blocked
 
Reported: 2017-11-29 11:02 UTC by Niladri Roy
Modified: 2018-07-26 13:55 UTC (History)
9 users (show)

Fixed In Version: 5.10.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1520617 1531120 1531121 (view as bug list)
Environment:
Last Closed: 2018-07-26 13:55:04 UTC
Category: ---
Cloudforms Team: Openstack


Attachments (Terms of Use)

Description Niladri Roy 2017-11-29 11:02:31 UTC
Description of problem:
CloudForms show misleading auth errors when a openstack project is disabled on the provider side

Version-Release number of selected component (if applicable):
5.7.3.2
RHOS8

How reproducible:
Always

Steps to Reproduce:
1. Add RHOSP8 provider to Cloudforms 
2. Disable a project (on the openstack side) of which the admin user is part of
3. Check for auth errors in cloudforms logs
4. Re-enable the project on the openstack side 
5. The auth errors don't appear after the next provider refresh


Actual results:

[----] E, [2017-11-29T05:51:30.304397 #12211:7bb13c] ERROR -- : excon.error     #<Excon::Error::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}"
  :cookies       => [
  ]
  :headers       => {
    "Connection"             => "close"
    "Content-Length"         => "114"
    "Content-Type"           => "application/json"
    "Date"                   => "Wed, 29 Nov 2017 05:21:29 GMT"
    "Server"                 => "Apache/2.4.6 (Red Hat Enterprise Linux)"
    "Vary"                   => "X-Auth-Token"
    "WWW-Authenticate"       => "Keystone uri=\"http://10.74.129.2:5000\""
    "x-openstack-request-id" => "req-48a6dafd-b2fe-4a57-9e66-f303c6e67675"
  }
  :host          => "10.74.129.2"
  :local_address => "10.74.130.176"
  :local_port    => 56558
  :path          => "/v2.0/tokens"
  :port          => 5000
  :reason_phrase => "Unauthorized"
  :remote_ip     => "10.74.129.2"
  :status        => 401
  :status_line   => "HTTP/1.1 401 Unauthorized\r\n"
>


Expected results:
Though the provider refresh is successful and the number of tenants go down (ignoring the disabled tenants), cfme shouldn't throw unauthorized exceptions and for a misleading path ( /tokens )

Additional info:

Comment 3 Marek Aufart 2017-11-29 15:23:14 UTC
Hi, does this issue have any impacts on functionality or is visible in UI?

The disabled tenant/project is skipped, but the test is done by testing the connection using the tenant/project. That is thesource log errors, but it should not be dangerous.

Thanks!

Comment 5 Marek Aufart 2017-12-04 17:41:32 UTC
Ok, no functional issue, but blows log.

https://github.com/ManageIQ/manageiq-providers-openstack/pull/172

Comment 12 Sudhir Mallamprabhakara 2018-07-26 13:55:04 UTC
reference OSP support matrix. Out of support.


Note You need to log in before you can comment on or make changes to this bug.