[openstack-dev] [Fuel] [OSTF] OSTF stops working after password is changed
David Easter
deaster at mirantis.com
Fri Jul 11 22:54:12 UTC 2014
I think showing this only upon failure is good if the user is also given
the option to sore the credentials in the browser. That way, you only have
to re-enter the credentials once if you want convenience, or do it every
time if you want improved security.
One downside would be that if you don¹t cache the credentials, you¹ll have
to ³fail² the auth every time to be given the chance to re-enter the
credentials. It may not be obvious that clicking ³run tests² will then let
you enter new credentials. I was thinking that having a button you can
press to enter the credentials would make it more obvious, but wouldn¹t
reduce the number of clicksŠ I.e. either run tests and fail or click ³Enter
credentials² and enter new ones. The ³Enter credential² option would
obviously be a little fasterŠ
- David J. Easter
Director of Product Management, Mirantis, Inc.
From: Mike Scherbakov <mscherbakov at mirantis.com>
Reply-To: "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev at lists.openstack.org>
Date: Friday, July 11, 2014 at 2:36 PM
To: "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev at lists.openstack.org>
Subject: Re: [openstack-dev] [Fuel] [OSTF] OSTF stops working after
password is changed
I'm wondering if we can show all these windows ONLY if there is authz
failure with existing credentials from Nailgun.
So the flow would be: user clicks on "Run tests" button, healthcheck tries
to access OpenStack and fails. It shows up text fields to enter
tenant/user/pass with the message similar to "Default administrative
credentials to OpenStack were changed since the deployment time. Please
provide current credentials so HealthCheck can access OpenStack and run
verification tests."
I think it should be more obvious this way...
Anyone, it must be a choice for a user, if he wants to store creds in a
browser.
On Fri, Jul 11, 2014 at 8:50 PM, Vitaly Kramskikh <vkramskikh at mirantis.com>
wrote:
> Hi,
>
> In the current implementation we store provided credentials in browser local
> storage. What's your opinion on that? Maybe we shouldn't store new credentials
> at all even in browser? So users have to enter them manually every time they
> want to run OSTF.
>
>
> 2014-06-25 13:47 GMT+04:00 Dmitriy Shulyak <dshulyak at mirantis.com>:
>
>> It is possible to change everything so username, password and tenant fields
>>
>> Also this way we will be able to run tests not only as admin user
>>
>>
>> On Wed, Jun 25, 2014 at 12:29 PM, Vitaly Kramskikh <vkramskikh at mirantis.com>
>> wrote:
>>> Dmitry,
>>>
>>> Fields or field? Do we need to provide password only or other credentials
>>> are needed?
>>>
>>>
>>> 2014-06-25 13:02 GMT+04:00 Dmitriy Shulyak <dshulyak at mirantis.com>:
>>>
>>>> Looks like we will stick to #2 option, as most reliable one.
>>>>
>>>> - we have no way to know that openrc is changed, even if some scripts
>>>> relies on it - ostf should not fail with auth error
>>>> - we can create ostf user in post-deployment stage, but i heard that some
>>>> ceilometer tests relied on admin user, also
>>>> operator may not want to create additional user, for some reasons
>>>>
>>>> So, everybody is ok with additional fields on HealthCheck tab?
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Jun 20, 2014 at 8:17 PM, Andrew Woodward <xarses at gmail.com> wrote:
>>>>> The openrc file has to be up to date for some of the HA scripts to
>>>>> work, we could just source that.
>>>>>
>>>>> On Fri, Jun 20, 2014 at 12:12 AM, Sergii Golovatiuk
>>>>> <sgolovatiuk at mirantis.com> wrote:
>>>>>> > +1 for #2.
>>>>>> >
>>>>>> > ~Sergii
>>>>>> >
>>>>>> >
>>>>>> > On Fri, Jun 20, 2014 at 1:21 AM, Andrey Danin <adanin at mirantis.com>
>>>>>> wrote:
>>>>>>> >>
>>>>>>> >> +1 to Mike. Let the user provide actual credentials and use them in
>>>>>>> place.
>>>>>>> >>
>>>>>>> >>
>>>>>>> >> On Fri, Jun 20, 2014 at 2:01 AM, Mike Scherbakov
>>>>>>> >> <mscherbakov at mirantis.com> wrote:
>>>>>>>> >>>
>>>>>>>> >>> I'm in favor of #2. I think users might not want to have their
>>>>>>>> password
>>>>>>>> >>> stored in Fuel Master node.
>>>>>>>> >>> And if so, then it actually means we should not save it when user
>>>>>>>> >>> provides it on HealthCheck tab.
>>>>>>>> >>>
>>>>>>>> >>>
>>>>>>>> >>> On Thu, Jun 19, 2014 at 8:05 PM, Vitaly Kramskikh
>>>>>>>> >>> <vkramskikh at mirantis.com> wrote:
>>>>>>>>> >>>>
>>>>>>>>> >>>> Hi folks,
>>>>>>>>> >>>>
>>>>>>>>> >>>> We have a bug which prevents OSTF from working if user changes a
>>>>>>>>> >>>> password which was using for the initial installation. I skimmed
>>>>>>>>> through the
>>>>>>>>> >>>> comments and it seems there are 2 viable options:
>>>>>>>>> >>>>
>>>>>>>>> >>>> Create a separate user just for OSTF during OpenStack
>>>>>>>>> installation
>>>>>>>>> >>>> Provide a field for a password in UI so user could provide actual
>>>>>>>>> >>>> password in case it was changed
>>>>>>>>> >>>>
>>>>>>>>> >>>> What do you guys think? Which options is better?
>>>>>>>>> >>>>
>>>>>>>>> >>>> --
>>>>>>>>> >>>> Vitaly Kramskikh,
>>>>>>>>> >>>> Software Engineer,
>>>>>>>>> >>>> Mirantis, Inc.
>>>>>>>>> >>>>
>>>>>>>>> >>>> _______________________________________________
>>>>>>>>> >>>> OpenStack-dev mailing list
>>>>>>>>> >>>> OpenStack-dev at lists.openstack.org
>>>>>>>>> >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>>>> >>>>
>>>>>>>> >>>
>>>>>>>> >>>
>>>>>>>> >>>
>>>>>>>> >>> --
>>>>>>>> >>> Mike Scherbakov
>>>>>>>> >>> #mihgen
>>>>>>>> >>>
>>>>>>>> >>>
>>>>>>>> >>> _______________________________________________
>>>>>>>> >>> OpenStack-dev mailing list
>>>>>>>> >>> OpenStack-dev at lists.openstack.org
>>>>>>>> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>>> >>>
>>>>>>> >>
>>>>>>> >>
>>>>>>> >>
>>>>>>> >> --
>>>>>>> >> Andrey Danin
>>>>>>> >> adanin at mirantis.com
>>>>>>> >> skype: gcon.monolake
>>>>>>> >>
>>>>>>> >> _______________________________________________
>>>>>>> >> OpenStack-dev mailing list
>>>>>>> >> OpenStack-dev at lists.openstack.org
>>>>>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>> >>
>>>>>> >
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > OpenStack-dev mailing list
>>>>>> > OpenStack-dev at lists.openstack.org
>>>>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Andrew
>>>>> Mirantis
>>>>> Ceph community
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>
>>>
>>>
>>> --
>>> Vitaly Kramskikh,
>>> Software Engineer,
>>> Mirantis, Inc.
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
>
> --
> Vitaly Kramskikh,
> Software Engineer,
> Mirantis, Inc.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Mike Scherbakov
#mihgen
_______________________________________________ OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140711/45ac8ffd/attachment.html>
More information about the OpenStack-dev
mailing list