Bug 1518625 - fog auth errors when openstack project is disabled in provider side
Summary: fog auth errors when openstack project is disabled in provider side
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: GA
: 5.10.0
Assignee: Marek Aufart
QA Contact: Ido Ovadia
URL:
Whiteboard:
Depends On:
Blocks: 1520617 1531120 1531121
TreeView+ depends on / blocked
 
Reported: 2017-11-29 11:02 UTC by Niladri Roy
Modified: 2021-06-10 13:44 UTC (History)
9 users (show)

Fixed In Version: 5.10.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1520617 1531120 1531121 (view as bug list)
Environment:
Last Closed: 2018-07-26 13:55:04 UTC
Category: ---
Cloudforms Team: Openstack
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Niladri Roy 2017-11-29 11:02:31 UTC 
Description of problem:
CloudForms show misleading auth errors when a openstack project is disabled on the provider side

Version-Release number of selected component (if applicable):
5.7.3.2
RHOS8

How reproducible:
Always

Steps to Reproduce:
1. Add RHOSP8 provider to Cloudforms 
2. Disable a project (on the openstack side) of which the admin user is part of
3. Check for auth errors in cloudforms logs
4. Re-enable the project on the openstack side 
5. The auth errors don't appear after the next provider refresh


Actual results:

[----] E, [2017-11-29T05:51:30.304397 #12211:7bb13c] ERROR -- : excon.error     #<Excon::Error::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}"
  :cookies       => [
  ]
  :headers       => {
    "Connection"             => "close"
    "Content-Length"         => "114"
    "Content-Type"           => "application/json"
    "Date"                   => "Wed, 29 Nov 2017 05:21:29 GMT"
    "Server"                 => "Apache/2.4.6 (Red Hat Enterprise Linux)"
    "Vary"                   => "X-Auth-Token"
    "WWW-Authenticate"       => "Keystone uri=\"http://10.74.129.2:5000\""
    "x-openstack-request-id" => "req-48a6dafd-b2fe-4a57-9e66-f303c6e67675"
  }
  :host          => "10.74.129.2"
  :local_address => "10.74.130.176"
  :local_port    => 56558
  :path          => "/v2.0/tokens"
  :port          => 5000
  :reason_phrase => "Unauthorized"
  :remote_ip     => "10.74.129.2"
  :status        => 401
  :status_line   => "HTTP/1.1 401 Unauthorized\r\n"
>


Expected results:
Though the provider refresh is successful and the number of tenants go down (ignoring the disabled tenants), cfme shouldn't throw unauthorized exceptions and for a misleading path ( /tokens )

Additional info:
Comment 3 Marek Aufart 2017-11-29 15:23:14 UTC 
Hi, does this issue have any impacts on functionality or is visible in UI?

The disabled tenant/project is skipped, but the test is done by testing the connection using the tenant/project. That is thesource log errors, but it should not be dangerous.

Thanks!
Comment 5 Marek Aufart 2017-12-04 17:41:32 UTC 
Ok, no functional issue, but blows log.

https://github.com/ManageIQ/manageiq-providers-openstack/pull/172
Comment 12 Sudhir Mallamprabhakara 2018-07-26 13:55:04 UTC 
reference OSP support matrix. Out of support.
Note You need to log in before you can comment on or make changes to this bug.