Bug 1623435 - KeyError: 'name' is seen when enabling LDAP auth via openshift_master_identity_providers
Summary: KeyError: 'name' is seen when enabling LDAP auth via openshift_master_identit...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.11.0
Assignee: Vadim Rutkovsky
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-29 11:05 UTC by Johnny Liu
Modified: 2018-10-11 07:26 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-11 07:25:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2652 0 None None None 2018-10-11 07:26:13 UTC

Description Johnny Liu 2018-08-29 11:05:16 UTC 
Description of problem:
Seem like this is related to ceac075224da886598e3b483aaa9e03978a63af5 commit.

Version-Release number of the following components:
openshift-ansible-3.11.0-0.25.0.git.0.7497e69.el7.noarch

How reproducible:
Always

Steps to Reproduce:
1. openshift_master_identity_providers=[{'name': 'LDAP_auth', 'login': 'true', 'challenge': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['uid'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'insecure': 'true', 'url': 'ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid'}]
2. trigger install
3.

Actual results:
Installation quit with the following error, but the error do not prompt user any useful info.
TASK [openshift_control_plane : set_fact] **************************************
Wednesday 29 August 2018  18:51:02 +0800 (0:00:00.468)       0:06:47.868 ****** 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'name'
fatal: [host-8-254-64.host.centralci.eng.rdu2.redhat.com]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}

Expected results:
Some useful info should be prompted to user.

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 2 Vadim Rutkovsky 2018-08-31 13:52:50 UTC 
PR to fix this in master - https://github.com/openshift/openshift-ansible/pull/9849
Comment 3 Vadim Rutkovsky 2018-08-31 14:47:26 UTC 
3.10 PR - https://github.com/openshift/openshift-ansible/pull/9858
Comment 4 Johnny Liu 2018-09-04 09:21:43 UTC 
This also happened with kerveros auth on openshift-ansible-3.11.0-0.25.0.git.0.7497e69.el7.noarch.

openshift_master_identity_providers=[{'name': 'kerberos_auth', 'login': 'true', 'challenge': 'true', 'mappingMethod': 'claim', 'kind': 'RequestHeaderIdentityProvider', 'headers': ['X-Remote-User'], 'challengeURL': 'https://dhcp-89-143.sjc.redhat.com/challenging-proxy/oauth/authorize?${query}', 'loginURL': 'https://dhcp-89-143.sjc.redhat.com/login-proxy/oauth/authorize?${query}', 'clientCA': '/etc/origin/master/ca.crt'}]
Comment 6 Johnny Liu 2018-09-06 10:17:49 UTC 
Verified this bug with openshift-ansible-3.11.0-0.28.0.git.0.730d4be.el7.noarch, and PASS.

openshift_master_identity_providers=[{'name': 'LDAP_auth', 'login': 'true', 'challenge': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['uid'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'true', 'url': 'ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid'}]


TASK [openshift_control_plane : set_fact] **************************************
Thursday 06 September 2018  17:31:34 +0800 (0:00:05.150)       0:32:14.301 **** 
ok: [dhcp-89-147.sjc.redhat.com] => {"ansible_facts": {"translated_identity_providers": "- challenge: true\n  login: true\n  mappingMethod: claim\n  name: LDAP_auth\n  provider:\n    apiVersion: v1\n    attributes:\n      email:\n      - mail\n      id:\n      - dn\n      name:\n      - uid\n      preferredUsername:\n      - uid\n    bindDN: ''\n    bindPassword: ''\n    ca: ''\n    insecure: true\n    kind: LDAPPasswordIdentityProvider\n    url: ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid\n"}, "changed": false}
ok: [dhcp-89-137.sjc.redhat.com] => {"ansible_facts": {"translated_identity_providers": "- challenge: true\n  login: true\n  mappingMethod: claim\n  name: LDAP_auth\n  provider:\n    apiVersion: v1\n    attributes:\n      email:\n      - mail\n      id:\n      - dn\n      name:\n      - uid\n      preferredUsername:\n      - uid\n    bindDN: ''\n    bindPassword: ''\n    ca: ''\n    insecure: true\n    kind: LDAPPasswordIdentityProvider\n    url: ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid\n"}, "changed": false}
ok: [dhcp-89-158.sjc.redhat.com] => {"ansible_facts": {"translated_identity_providers": "- challenge: true\n  login: true\n  mappingMethod: claim\n  name: LDAP_auth\n  provider:\n    apiVersion: v1\n    attributes:\n      email:\n      - mail\n      id:\n      - dn\n      name:\n      - uid\n      preferredUsername:\n      - uid\n    bindDN: ''\n    bindPassword: ''\n    ca: ''\n    insecure: true\n    kind: LDAPPasswordIdentityProvider\n    url: ldap://10.66.147.104:389/ou=People,dc=my-domain,dc=com?uid\n"}, "changed": false}
Comment 8 errata-xmlrpc 2018-10-11 07:25:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652
Note You need to log in before you can comment on or make changes to this bug.