Bug 1489589 - password_regex option in keystone.conf does not work on overcloud
Summary: password_regex option in keystone.conf does not work on overcloud
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ga
: 12.0 (Pike)
Assignee: Angus Thomas
QA Contact: Amit Ugol
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-07 20:11 UTC by Prasanth Anbalagan
Modified: 2017-09-15 14:52 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-15 14:52:41 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1715684 0 None None None 2017-09-07 22:10:53 UTC

Description Prasanth Anbalagan 2017-09-07 20:11:34 UTC
***********************
Description of problem:
***********************

password_expire option in keystone.conf works on the undercloud and not on the overcloud. A bug has been opened upstream - https://bugs.launchpad.net/keystone/+bug/1715684


*************************************************************
Version-Release number of selected component (if applicable):
*************************************************************

openstack-keystone.noarch            1:12.0.1-0.20170830123737.6a67918.el7ost
puppet-keystone.noarch               11.3.1-0.20170829134651.131b8d8.el7ost
python-keystone.noarch               1:12.0.1-0.20170830123737.6a67918.el7ost
python-keystoneauth1.noarch          3.1.0-0.20170811112938.81363ec.el7ost
python-keystoneclient.noarch         1:3.13.0-0.20170811140641.a8de72a.el7ost
python-keystonemiddleware.noarch     4.17.0-0.20170821160714.4a72cd6.el7ost

*****************
How reproducible:
*****************

Always 

*******************
Steps to Reproduce:
*******************
Set password_regex to the pattern below (Note that this pattern is from the note section in keystone.conf above 'password_regex' - pattern for at least 1 letter, 1 digit, and have a minimum length of 7 characters)

1) 
$ sudo grep "password_regex" /etc/keystone/keystone.conf
password_regex = ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$

2) Restart httpd
$ sudo service httpd restart

3) $ openstack user create --password-prompt panbalag
User Password:a
Repeat User Password:a
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | 12665ec14f73478fa7acc74271f119bd |
| name | panbalag |
| options | {} |
| username | panbalag |
+----------+----------------------------------+

***************
Actual results:
***************

User created successfully

*****************
Expected results:
*****************

"The password does not match the requirements: None. (HTTP 400)"

Comment 1 Prasanth Anbalagan 2017-09-15 14:52:41 UTC
Works as expected after changing the keystone.conf file in the correct location (as it is a containerized deployment)

(overcloud) [heat-admin@controller-0 ~]$ openstack user create --project members --password-prompt user3
User Password:
Repeat User Password:
The passwords entered were not the same
User Password:
Repeat User Password:
The password does not match the requirements: None. (HTTP 400) (Request-ID: req-8ee9bf87-76ef-4788-b6af-5dbba53e43a8)


Note You need to log in before you can comment on or make changes to this bug.