1314725 – missing heat_stack_owner role after installation

Bug 1314725 - missing heat_stack_owner role after installation

Summary: missing heat_stack_owner role after installation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-tripleoclient
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Upstream M2
Target Release:	11.0 (Ocata)
Assignee:	RHOS Maint
QA Contact:	tkammer
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1314732
TreeView+	depends on / blocked

Reported:	2016-03-04 10:47 UTC by tkammer
Modified:	2017-05-17 19:27 UTC (History)
CC List:	11 users (show)
Fixed In Version:	python-tripleoclient-5.3.0-4.el7ost
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1314732 (view as bug list)
Environment:
Last Closed:	2017-05-17 19:27:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	384820	0	None	MERGED	Remove heat_stack_user from the deployer input	2020-08-25 08:08:51 UTC
Red Hat Product Errata	RHEA-2017:1245	0	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory	2017-05-17 23:01:50 UTC

Description tkammer 2016-03-04 10:47:20 UTC

Description of problem:
There is a missing role after deploying OSP8 with osp-director.
[root@undercloud ~]# openstack role list
+----------------------------------+-----------------+
| ID                               | Name            |
+----------------------------------+-----------------+
| 0beece53fc7c4d3d880b58d4b92d21cb | swiftoperator   |
| 573ee117f1d5468b8fe8a998193d03a9 | admin           |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_        |
| c8f0127d2032450581edf45e5ef766c9 | ResellerAdmin   |
| fddcf2fa6e6541c5922c414453383381 | heat_stack_user |
+----------------------------------+-----------------+

The role "heat_stack_owner" is also referenced in the tempest-deployer-input.conf file provided by the osp-director:
stack_owner_role = heat_stack_owner

This causes the following tempest tests to fail:
tempest.api.orchestration.stacks.test_templates_negative.TemplateYAMLNegativeTestJSON
tempest.api.orchestration.stacks.test_environment.StackEnvironmentTest
tempest.api.orchestration.stacks.test_stacks.StacksTestJSON
tempest.api.orchestration.stacks.test_templates.TemplateAWSTestJSON
tempest.api.orchestration.stacks.test_nova_keypair_resources.NovaKeyPairResourcesAWSTest
tempest.api.orchestration.stacks.test_limits.TestServerStackLimits
tempest.api.orchestration.stacks.test_nova_keypair_resources.NovaKeyPairResourcesYAMLTest
tempest.api.orchestration.stacks.test_swift_resources.SwiftResourcesTestJSON
tempest.api.orchestration.stacks.test_templates_negative.TemplateAWSNegativeTestJSON
tempest.api.orchestration.stacks.test_resource_types.ResourceTypesTest
tempest.api.orchestration.stacks.test_non_empty_stack.StacksTestJSON
tempest.api.orchestration.stacks.test_soft_conf.TestSoftwareConfig
tempest.api.orchestration.stacks.test_templates.TemplateYAMLTestJSON
tempest.api.orchestration.stacks.test_volumes.CinderResourcesTest

How reproducible:
100%

Steps to Reproduce:
1. deploy OSP8 using osp-director
2. run the above tests

Comment 2 Mike Burns 2016-04-07 21:14:44 UTC

This bug did not make the OSP 8.0 release.  It is being deferred to OSP 10.

Comment 3 Attila Fazekas 2016-10-10 14:02:58 UTC

https://review.openstack.org/#/c/155636/

AFAIK heat does not needs that role since long.

tempest-deployer-input.conf should not contain any heat specific role, unless the default user roles ([auth]tempest_roles) are not sufficient for a user to fully utilize heat.

Comment 4 Attila Fazekas 2016-10-11 06:35:45 UTC

The deployer-input-config actually has the 'heat_stack_user' for stack_owner_role in my case which is the opposite role!
It will not work for sure, that role is for heat for special usage, tempest should not ever get this role name, and especially should not try to create regular test users with this role. 

The heat_stack_user is deny almost everything role.

Comment 5 Jaromir Coufal 2016-10-11 13:18:46 UTC

Assigning to OpsTools to update Tempest tests.

Comment 6 Attila Fazekas 2016-10-11 13:36:03 UTC

This might help: https://review.openstack.org/#/c/384820/

Comment 7 Christian Schwede (cschwede) 2016-11-03 19:02:00 UTC

Fix has been merged upstream, and is included in the latest python-tripleoclient build.

Comment 10 Leonid Natapov 2017-02-02 15:23:02 UTC

python-tripleoclient-6.0.1-0.20170127055753.8ea289c.el7ost.noarch

Comment 11 errata-xmlrpc 2017-05-17 19:27:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245

Note You need to log in before you can comment on or make changes to this bug.