[sdk] Fixing role assignment for groups on a domain different than default
Pedro Alvarez
pedro.alvarez at softiron.com
Mon Mar 28 14:47:19 UTC 2022
Hi all,
Some time ago I discovered that I wasn't able to add groups as members
of a project (when not in the default domain) using
"openstack.cloud.role_assignment".
I spent some time debugging and figured what was the issue, and that a
solution was already in place for "users", and not "groups".
I also noticed that the master branch had all this part of the codebase
rewritten, and probably the bug doesn't exist in there, but I believe
that version of the sdk won't work with Xena. Additionally just noticed
that the stable/yoga branch also has the issue.
So, I'm sending a patch to fix this issue, hoping the next tag/release
of openstacksdk could have the fix.
You can find them here:
https://review.opendev.org/q/topic:pedro%252Ffix-group-assignment-on-domain
My guess is that the only relevant one would be the one for
'stable/yoga' and I can drop the other. Also I'm assuming that Zuul is
taking its time to run CI, and I'll need to update some unit tests
before it can be merged.
Just wanted to know your thoughts before I finish with the tests.
Thanks,
Pedro.
PS: An example of the current issue:
The full traceback is:
File
"/tmp/ansible_openstack.cloud.role_assignment_payload_hcrpn6hu/ansible_openstack.cloud.role_assignment_payload.zip/ansible_collections/openstack/cloud/plugins/module_utils/openstack.py",
line 407, in __call__
results = self.run()
File
"/tmp/ansible_openstack.cloud.role_assignment_payload_hcrpn6hu/ansible_openstack.cloud.role_assignment_payload.zip/ansible_collections/openstack/cloud/plugins/modules/role_assignment.py",
line 178, in run
File
"/home/ollivander/.local/lib/python3.9/site-packages/openstack/cloud/_identity.py",
line 1379, in grant_role
raise exc.OpenStackCloudException(
failed: [localhost] (item={'name': 'sa', 'groups': ['openstack-sa',
'openstack-pe', 'openstack-technology']}) => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"ansible_loop_var": "item",
"changed": false,
"extra_data": {
"data": null,
"details": "None",
"response": "None"
},
"invocation": {
"module_args": {
"api_timeout": null,
"auth": null,
"auth_type": null,
"availability_zone": null,
"ca_cert": null,
"client_cert": null,
"client_key": null,
"domain": "LDAP",
"group": "openstack-pe",
"interface": "public",
"project": "sa",
"region_name": null,
"role": "member",
"state": "present",
"timeout": 180,
"user": null,
"validate_certs": null,
"wait": true
}
},
"item": {
"groups": [
"openstack-sa",
"openstack-pe",
"openstack-technology"
],
"name": "sa"
},
"msg": "Must specify either a user or a group"
}
More information about the openstack-discuss
mailing list