[Bug 1827120] Re: application credentials created via Horizon with the admin project scope have project_id == None
Giuseppe Petralia
1827120 at bugs.launchpad.net
Wed Aug 31 07:45:13 UTC 2022
The same is happening on focal/ussuri
If an user has a role in the domain (admin or member) either a direct
role or inherited from the group, creates an application credentials,
this is created without the project id and when the user tries to use
them, it gets the following error:
$ . app-cred-no-project-id-openrc.sh
$ openstack server list
The service catalog is empty.
If an user with no role in the domain but only roles in the projects, create an application credentials, this is created with the project id and it works correctly.
** Also affects: keystone (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1827120
Title:
application credentials created via Horizon with the admin project
scope have project_id == None
Status in horizon package in Ubuntu:
Confirmed
Status in keystone package in Ubuntu:
New
Bug description:
Environment: tested with Stein from UCA (deployed via 19.04 charms).
1) login to horizon into the "admin" project;
keystone.conf:
[resource]
admin_project_domain_name = admin_domain
admin_project_name = admin
2) go to the "Application Credentials" tab;
3) create a credential with a unique name without specifying other
parameters besides Admin and/or Member roles (auto-filled secret, no
expiration);
note: project_id is retrieved from the token, it is not a field in the
form
4) observe that project_id is set to None
5) encounter the following error during authentication using the
application credential
TypeError: one of the hex, bytes, bytes_le, fields, or int arguments
must be given
see the text file attached with a pdb log.
6) do the same via CLI and observe that project_id is specified and it
is possible to log in
CLI workflow (project_id is present):
openstack application credential create --role Member --role Admin testcred
+--------------+----------------------------------------------------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------------------------------------------------+
| description | None |
| expires_at | None |
| id | bb845e9e18634e7c8cfc36d80179ab05 |
| name | testcred |
| project_id | ebfc7e0457f048aa960d633141115cd1 |
| roles | Member Admin |
| secret | zCka3asrEouKqCnJlfRdk-Qg3gDM0WSbjTqxlYaBO_ygyQCpZY8NPnSQhm6o802O-r22eHWv79-iHJ5sJQ_kUw |
| system | None |
| unrestricted | False |
| user_id | 95067aae3e634a29830f91a53dd0d80a |
+--------------+----------------------------------------------------------------------------------------+
Note the difference:
openstack application credential list
+----------------------------------+----------------+----------------------------------+-------------+------------+
| ID | Name | Project ID | Description | Expires At |
+----------------------------------+----------------+----------------------------------+-------------+------------+
| 344ddd90249645608b625131f82d056b | clicred | ebfc7e0457f048aa960d633141115cd1 | None | None |
| d681d11d4744421f81dd32ca0459d54d | dashboard_cred | None | None | None |
+----------------------------------+----------------+----------------------------------+-------------+------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1827120/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list