Previously, password values were subject to variable substitution using a syntax of matched braces {} to delimit the variable. Any variable syntax error in the password string, or unintended variable substitution would cause the password to fail.
With this update, passwords are not subject to variable substitution and the
client accepts passwords with any mix of braces.
Hi there,
If this bug requires doc text for errata release, please set the 'Doc Type' and provide draft text according to the template in the 'Doc Text' field.
The documentation team will review, edit, and approve the text.
If this bug does not require doc text, please set the 'requires_doc_text' flag to -.
Thanks,
Alex
This is probably a nit but I don't think this current doc text is correct:
> Previously, password values in formatted strings were expanded, causing the
> client commands to fail when the password contained special characters.
Passwords are not contained in formatted strings and the term "special characters" in the context of passwords implies non-alhpanumerics. May I suggest this instead:
Previously password values were subject to variable substitution using a syntax
of matched braces {} to delimit the variable. Any variable syntax error in the password string or unintended variable substitution would cause the password to fail.
With this update, passwords are not subject to variable substitution and the client accepts passwords with any mix of braces.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2018:2671
Description of problem: openstack client do not accept { in password Version-Release number of selected component (if applicable): RHOSP 11 How reproducible: Create a user with password containing { and add them in a project. Steps to Reproduce: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [stack@instack ~]$ openstack --debug --os-auth-type password --os-password 's6{nLuU=A' token issue START with options: [u'--debug', u'--os-auth-type', u'password', u'--os-password', u's6{nLuU=A', u'token', u'issue'] options: Namespace(access_key='', access_secret='***', access_token='***', access_token_endpoint='', access_token_type='', aodh_endpoint='', auth_type=u'password', auth_url='http://10.11.48.187:5000/v2.0', authorization_code='', cacert=None, cert='', client_id='', client_secret='***', cloud='', consumer_key='', consumer_secret='***', debug=True, default_domain='default', default_domain_id='', default_domain_name='', deferred_help=False, discovery_endpoint='', domain_id='', domain_name='', endpoint='', identity_provider='', identity_provider_url='', insecure=None, inspector_api_version='1', inspector_url=None, interface='', key='', log_file=None, murano_url='', old_profile=None, openid_scope='', os_alarming_api_version='2', os_application_catalog_api_version='1', os_baremetal_api_version='1.6', os_beta_command=False, os_compute_api_version='', os_container_infra_api_version='1', os_data_processing_api_version='1.1', os_data_processing_url='', os_dns_api_version='2', os_identity_api_version='', os_image_api_version='', os_key_manager_api_version='1', os_metrics_api_version='1', os_network_api_version='', os_object_api_version='', os_orchestration_api_version='1', os_project_id=None, os_project_name=None, os_queues_api_version='2', os_tripleoclient_api_version='1', os_volume_api_version='', os_workflow_api_version='2', passcode='', password=***'s6{nLuU=A', profile=None, project_domain_id='', project_domain_name='', project_id='', project_name='proj1', protocol='', redirect_uri='', region_name='', roles='', timing=False, token='***', trust_id='', url='', user='', user_domain_id='', user_domain_name='', user_id='', username='user1', verbose_level=3, verify=None) Auth plugin password selected auth_config_hook(): {'auth_type': u'password', 'beta_command': False, 'tripleoclient_api_version': '1', u'compute_api_version': u'2', u'orchestration_api_version': '1', u'database_api_version': u'1.0', 'metrics_api_version': '1', 'data_processing_api_version': '1.1', 'inspector_api_version': '1', 'auth_url': 'http://10.11.48.187:5000/v2.0', u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', 'networks': [], u'image_api_version': u'2', 'verify': True, u'dns_api_version': '2', u'object_store_api_version': u'1', 'username': 'user1', 'container_infra_api_version': '1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': '1.6', 'queues_api_version': '2', 'auth': {'project_name': 'proj1'}, 'default_domain': 'default', 'debug': True, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', 'key': None, 'timing': False, 'password': u'***', 'application_catalog_api_version': '1', 'cacert': None, u'key_manager_api_version': '1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': u'2.0', 'workflow_api_version': '2', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'status': u'active', 'alarming_api_version': '2', u'container_api_version': u'1', u'interface': None, u'disable_vendor_agent': {}} unmatched '{' in format Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/cliff/app.py", line 250, in run self.initialize_app(remainder) File "/usr/lib/python2.7/site-packages/openstackclient/shell.py", line 133, in initialize_app super(OpenStackShell, self).initialize_app(argv) File "/usr/lib/python2.7/site-packages/osc_lib/shell.py", line 395, in initialize_app argparse=self.options, File "/usr/lib/python2.7/site-packages/osc_lib/cli/client_config.py", line 168, in get_one_cloud **kwargs File "/usr/lib/python2.7/site-packages/os_client_config/config.py", line 1113, in get_one_cloud config[key] = value.format(**config) ValueError: unmatched '{' in format Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/osc_lib/shell.py", line 135, in run ret_val = super(OpenStackShell, self).run(argv) File "/usr/lib/python2.7/site-packages/cliff/app.py", line 250, in run self.initialize_app(remainder) File "/usr/lib/python2.7/site-packages/openstackclient/shell.py", line 133, in initialize_app super(OpenStackShell, self).initialize_app(argv) File "/usr/lib/python2.7/site-packages/osc_lib/shell.py", line 395, in initialize_app argparse=self.options, File "/usr/lib/python2.7/site-packages/osc_lib/cli/client_config.py", line 168, in get_one_cloud **kwargs File "/usr/lib/python2.7/site-packages/os_client_config/config.py", line 1113, in get_one_cloud config[key] = value.format(**config) ValueError: unmatched '{' in format END return value: 1 [stack@instack ~]$ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Actual results: unmatched '{' in format Expected results: should receive the token. Additional info: And here are the client packages: user@host$ rpm -qa | grep keystone python-keystoneclient-3.10.0-1.el7ost.noarch openstack-keystone-11.0.0-5.el7ost.noarch python-keystoneauth1-2.18.0-1.el7ost.noarch puppet-keystone-10.3.0-2.el7ost.noarch python-keystone-11.0.0-5.el7ost.noarch python-keystonemiddleware-4.14.0-1.el7ost.noarch