[openstack-dev] [qa] identity v3 issue causing non-admin job to fail
andrea.frittoli at gmail.com
Thu Jul 16 22:30:34 UTC 2015
admin_domain_name is used at the moment to fill in the domain when missing
in a few cases. The get_credentials method is one of them.
Another two are setting the default domain for the users in tempest.conf
, and setting the domain for credentials loaded from a YAML file .
There is also a tenant_isolation_domain_name, which is used when
provisioning v3 isolated credentials.
Because tenant_isolation and pre-provisioned credentials are mutually
exclusive, and to avoid having too many config options, I would suggest to
rename tenant_isolation_domain_name to default_credentials_domain_name (or
something similar), and to use it in ,  and in the code you quoted.
The admin_domain_name would then become fully optional, and it should be
assumed == default_credentials_domain_name unless configured otherwise.
On Tue, Jul 14, 2015 at 8:49 PM David Kranz <dkranz at redhat.com> wrote:
> Now that the tempest periodic jobs are back (thanks infra!), I was
> looking into the real failures. It seems the main one is caused by the
> fact that the v3 check for primary creds fails if 'admin_domain_name' in
> the identity section is None, which it is when devstack configures
> tempest for non-admin.
> The problem is with this code and there is even a comment related to
> this issue. There are various ways to fix this but I'm not sure what the
> value should be for the non-admin case. Andrea, any ideas?
> def get_credentials(fill_in=True, identity_version=None, **kwargs):
> params = dict(DEFAULT_PARAMS, **kwargs)
> identity_version = identity_version or CONF.identity.auth_version
> # In case of "v3" add the domain from config if not specified
> if identity_version == 'v3':
> domain_fields = set(x for x in
> if 'domain' in x)
> if not domain_fields.intersection(kwargs.keys()):
> # TODO(andreaf) It might be better here to use a dedicated
> # option such as CONF.auth.tenant_isolation_domain_name
> params['user_domain_name'] = CONF.identity.admin_domain_name
> auth_url = CONF.identity.uri_v3
> auth_url = CONF.identity.uri
> return auth.get_credentials(auth_url,
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev