[Bug 1832265] Re: py3: inconsistent encoding of token fields
** Changed in: keystone Milestone: None => train-rc1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832265 Title: py3: inconsistent encoding of token fields To manage notifications about this bug go to: https://bugs.launchpad.net/charm-keystone-ldap/+bug/1832265/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773967] Re: Application credentials can't be used with group-only role assignments
** Changed in: keystone Assignee: Colleen Murphy (krinkle) => Jose Castro Leon (jose-castro-leon) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773967 Title: Application credentials can't be used with group-only role assignments To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1773967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1828126] Re: [<= Queens] With token-provider='uuid', roles of dynamically obtained federated groups are not taken into account during token-based authentication (for project-scoped token creation
Marking this as low priority for keystone, we'd accept a patch if it conforms to the stable branch guidelines but I suspect fixing it may be too big of a change for such an old release. Are there issues with migrating to fernet? ** Changed in: keystone Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828126 Title: [<= Queens] With token-provider='uuid', roles of dynamically obtained federated groups are not taken into account during token-based authentication (for project-scoped token creation) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1828126/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1819453] Re: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object
Is there any update with regard to my comment https://bugs.launchpad.net/keystone/+bug/1819453/comments/15 ? What steps should I take to reproduce this, or can it be closed? ** Changed in: keystone Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1819453 Title: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1819453/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825214] Re: Install and configure in keystone
*** This bug is a duplicate of bug 1825111 *** https://bugs.launchpad.net/bugs/1825111 ** This bug has been marked a duplicate of bug 1825111 package dependencies error with keystone rel. stein -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825214 Title: Install and configure in keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1825214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1828126] Re: [<= Queens] With token-provider='uuid', roles of dynamically obtained federated groups are not taken into account during token-based authentication (for project-scoped token creation
Queens is still maintained upstream[1] so we would still be happy to accept patches for it as long as we can confirm the behavior. [1] https://releases.openstack.org/index.html#release-series -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828126 Title: [<= Queens] With token-provider='uuid', roles of dynamically obtained federated groups are not taken into account during token-based authentication (for project-scoped token creation) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1828126/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825214] Re: Install and configure in keystone
I suspect this is not expected behavior of the package and so I'm tagging the distribution, if that turns out not to be the case we can fix the documentation. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825214 Title: Install and configure in keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1825214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825111] Re: package dependencies error with keystone rel. stein
I suspect this is a packaging issue and not an issue with the keystone documentation or source code, so tagging the Ubuntu team. ** Also affects: keystone (Ubuntu) Importance: Undecided Status: New ** Changed in: keystone Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825111 Title: package dependencies error with keystone rel. stein To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1825111/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825214] Re: Install and configure in keystone
** Also affects: keystone (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825214 Title: Install and configure in keystone To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1825214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1820333] Re: [SRU] ldap search should not encode attributes
** Changed in: keystone Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820333 Title: [SRU] ldap search should not encode attributes To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1820333/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1819453] Re: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object
I can't reproduce this either on Stein or Queens with devstack. Haven't tried with Ocata yet. This is what I tried: Create new user in LDAP backend: $ ldapadd -x -w nomoresecret -D cn=Manager,dc=openstack,dc=org \ > -H ldap://localhost -c -f peter.ldif.in adding new entry "cn=peter,ou=Users,dc=openstack,dc=org" $ openstack --os-cloud=devstack-admin user list --domain Users +--+---+ | ID | Name | +--+---+ | eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo | | fbbc3741707c62db5eed4242978f09089d341df01f827b8a795731a188f166cd | peter | +--+---+ Auth with the user so that an entry gets created in the user and nonlocal_user database: $ openstack --os-cloud=ldap token issue ... Delete the user from the LDAP backend: $ ldapdelete -x -w nomoresecret -D cn=Manager,dc=openstack,dc=org \ > -H ldap://localhost cn=peter,ou=Users,dc=openstack,dc=org At this point from the API perspective the user is effectively gone: $ openstack --os-cloud=devstack-admin user list --domain Users +--+--+ | ID | Name | +--+--+ | eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo | +--+--+ Manually removed the user from the mysql database: mysql> delete from user where id = 'fbbc3741707c62db5eed4242978f09089d341df01f827b8a795731a188f166cd'; Query OK, 1 row affected (0.01 sec) mysql> select * from nonlocal_user; Empty set (0.00 sec) User list still seems okay: $ openstack --os-cloud=devstack-admin user list --domain Users +--+--+ | ID | Name | +--+--+ | eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo | +--+--+ $ sudo systemctl restart memcached $ openstack --os-cloud=devstack-admin user list --domain Users +--+--+ | ID | Name | +--+--+ | eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo | +--+--+ Two other comments: First, in my opinion, manually editing the database table is not supportable. Keystone's behavior after doing that is naturally undefined. Second, regarding this comment: > Ultimately, I believe we have to cleanup the id_mappings table, however, I > believe the invalid assumption at the line below is still worth discussion: https://github.com/openstack/keystone/blob/stable/ocata/keystone/identity/mapping_backends/sql.py#L81 I don't think that code comment is invalid. The ID mapping is deterministically generated from the user ID from LDAP and the domain ID. If it's there, it means that if there was such a user with such an ID and domain, it would have that public ID. It doesn't mean the user is guaranteed to still exist in LDAP or the nonlocal_user table. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1819453 Title: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1819453/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1798184] Re: [SRU] PY3: python3-ldap does not allow bytes for DN/RDN/field names
** Also affects: keystone/stein Importance: Medium Assignee: Corey Bryant (corey.bryant) Status: Fix Released ** Also affects: keystone/rocky Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1798184 Title: [SRU] PY3: python3-ldap does not allow bytes for DN/RDN/field names To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1798184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1820333] Re: [SRU] ldap search should not encode attributes
** Changed in: keystone Milestone: None => stein-rc1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820333 Title: [SRU] ldap search should not encode attributes To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1820333/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1819453] Re: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object
Is this confirmed for Stein or only for Queens? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1819453 Title: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1819453/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793347] Re: keystone upgrade fails q->r oslo.log requirement to low
Morgan, that's not true, we've switched to managing our own requirements: http://lists.openstack.org/pipermail/openstack- dev/2018-March/128352.html Looking at stable/rocky we still refer to 3.36.0 so we do need to fix that ourselves http://git.openstack.org/cgit/openstack/keystone/tree/requirements.txt?h=stable/rocky#n31 ** Changed in: keystone Status: Invalid => Triaged ** Changed in: keystone Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793347 Title: keystone upgrade fails q->r oslo.log requirement to low To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1793347/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1487645] Re: glance image-show does not output correctly
Moving this to the python-glanceclient project instead of the Ubuntu package since this appears to be a cross-distro problem. ** Package changed: python-glanceclient (Ubuntu) => python-glanceclient -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1487645 Title: glance image-show does not output correctly To manage notifications about this bug go to: https://bugs.launchpad.net/python-glanceclient/+bug/1487645/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1487645] [NEW] glance image-show does not output correctly
Public bug reported: 1) Description of the problem When running `glance image-show` on an existing image, the glance client does not output the details of the image. glance client version: 0.19.0 operating system: ubuntu 14.04 The glance client is installed from the UCA liberty-staging repo. This bug does not appear when python-glanceclient is installed from the CentOS 7 delorean repo or when installed directly from pip. 2) Impact A user can't view details of their image via the command line. The behavior trickles down to python-openstackclient. Our use case is in puppet: the glance_image provider in the glance puppet module cannot fetch details of an uploaded image, and so tries to upload the image again with --copy-from and fails. 3) Expected behavior (Installed from UCA Kilo) # glance --version 0.15.0 # glance image-show 3aa89a60-a18f-4c5e-bda1-a60eed5f6997 +--+--+ | Property | Value| +--+--+ | checksum | d972013792949d0d3ba628fbe8685bce | | container_format | bare | | created_at | 2015-08-21T21:22:57.00 | | deleted | False| | disk_format | qcow2| | id | 3aa89a60-a18f-4c5e-bda1-a60eed5f6997 | | is_public| True | | min_disk | 0| | min_ram | 0| | name | test_image | | owner| fe3360a176d54a049883f9914552798d | | protected| False| | size | 13147648 | | status | active | | updated_at | 2015-08-21T21:23:00.00 | +--+--+ 4) Actual behavior (Installed from UCA Liberty-staging) # glance --version 0.19.0 # glance image-show 728d718c-22cd-4c59-a25d-58ec163d7c69 id 5) Steps to reproduce - install the liberty-staging repo - apt-get install python-glanceclient - run glance image-show against an openstack cloud with glance exposed Additional information: # lsb_release -rd Description:Ubuntu 14.04.2 LTS Release:14.04 # apt-cache policy python-glanceclient python-glanceclient: Installed: 1:0.19.0-1ubuntu1~cloud0 Candidate: 1:0.19.0-1ubuntu1~cloud0 Version table: *** 1:0.19.0-1ubuntu1~cloud0 0 500 http://ppa.launchpad.net/ubuntu-cloud-archive/liberty-staging/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status 1:0.12.0-0ubuntu1 0 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages ** Affects: python-glanceclient (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1487645 Title: glance image-show does not output correctly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-glanceclient/+bug/1487645/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1460228] [NEW] neutron-lbaas-agent package does not provide neutron_lbaas.conf file
Public bug reported: Description of the problem: The neutron release notes for OpenStack Kilo (https://wiki.openstack.org/wiki/ReleaseNotes/Kilo) indicate that individual neutron plugin packages are supposed to provide their own /etc/neutron/neutron_*.conf files, and each will specify their own service_provider options. The neutron-vpn-agent package provides /etc/neutron/neutron_vpnaas.conf, as expected. The neutron-lbaas-agent package does not provide /etc/neutron/neutron_lbaas.conf or anything similar. Impact: Attempting to use the lbaas plugin by specifying lbaas as one of the DEFAULT/service_plugins values results in neutron-server being unable to start correctly, with the following error in the log: ERROR neutron.services.service_base [-] No providers specified for 'LOADBALANCER' service, exiting The workaround is to add /etc/neutron/neutron_lbaas.conf with the content [service_providers] service_provider=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default An alternative workaround is to add this section to /etc/neutron/neutron.conf, but then this also requires moving the analogous parameter from /etc/neutron/neutron_vpnaas.conf into /etc/neutron/neutron.conf, or neutron fails with a different error about the VPN service. Expected behavior: /etc/neutron/neutron_lbaas.conf exists, contains default content: [service_providers] service_provider=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default Actual behavior: /etc/neutron/neutron_lbaas.conf does not exist, and neutron-server won't start if lbaas is specified as a service_plugin. Steps to reproduce: 1) Install neutron-server 2) Install neutron-lbaas-agent 3) Add 'lbaas' as one of the values for the parameter DEFAULT/service_plugins in /etc/neutron/neutron.conf 4) Restart neutron-server System information: # lsb_release -rd Description:Ubuntu 14.04.2 LTS Release:14.04 # apt-cache policy neutron-lbaas-agent neutron-lbaas-agent: Installed: 1:2015.1.0-0ubuntu1~cloud0 ** Affects: neutron-lbaas (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1460228 Title: neutron-lbaas-agent package does not provide neutron_lbaas.conf file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/neutron-lbaas/+bug/1460228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs