yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #70044
[Bug 1706719] Re: Account is locked out and cannot have password updated.
** No longer affects: tempest
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1706719
Title:
Account is locked out and cannot have password updated.
Status in OpenStack Identity (keystone):
Invalid
Bug description:
We are seeing this in tempest testing. In some tempest runs the test
to change the user password fails because the account is locked out.
Example traceback can be found at
http://logs.openstack.org/21/485221/2/gate/gate-tempest-dsvm-neutron-
full-ubuntu-xenial/4ecd651/console.html#_2017-07-20_01_14_10_769485
and is pasted here so that log expiry doesn't delete it under us:
2017-07-20 01:14:10.769485 | tempest.api.identity.v3.test_users.IdentityV3UsersTest.test_user_update_own_password[id-ad71bd23-12ad-426b-bb8b-195d2b635f27]
2017-07-20 01:14:10.769531 | -----------------------------------------------------------------------------------------------------------------------------
2017-07-20 01:14:10.769545 |
2017-07-20 01:14:10.769562 | Captured traceback:
2017-07-20 01:14:10.769580 | ~~~~~~~~~~~~~~~~~~~
2017-07-20 01:14:10.769602 | Traceback (most recent call last):
2017-07-20 01:14:10.769639 | File "tempest/api/identity/v3/test_users.py", line 89, in test_user_update_own_password
2017-07-20 01:14:10.769672 | self._update_password(original_password=old_pass, password=new_pass)
2017-07-20 01:14:10.769707 | File "tempest/api/identity/v3/test_users.py", line 42, in _update_password
2017-07-20 01:14:10.769732 | original_password=original_password)
2017-07-20 01:14:10.769769 | File "tempest/lib/services/identity/v3/users_client.py", line 60, in update_user_password
2017-07-20 01:14:10.769801 | resp, _ = self.post('users/%s/password' % user_id, update_user)
2017-07-20 01:14:10.769831 | File "tempest/lib/common/rest_client.py", line 270, in post
2017-07-20 01:14:10.769864 | return self.request('POST', url, extra_headers, headers, body, chunked)
2017-07-20 01:14:10.769895 | File "tempest/lib/common/rest_client.py", line 659, in request
2017-07-20 01:14:10.769919 | self._error_checker(resp, resp_body)
2017-07-20 01:14:10.769951 | File "tempest/lib/common/rest_client.py", line 755, in _error_checker
2017-07-20 01:14:10.769979 | raise exceptions.Unauthorized(resp_body, resp=resp)
2017-07-20 01:14:10.770005 | tempest.lib.exceptions.Unauthorized: Unauthorized
2017-07-20 01:14:10.770054 | Details: {u'code': 401, u'title': u'Unauthorized', u'message': u'The account is locked for user: b99de038ad484b1fb4d65aebefd4464d.'}
2017-07-20 01:14:10.770068 |
2017-07-20 01:14:10.770081 |
2017-07-20 01:14:10.770099 | Captured pythonlogging:
2017-07-20 01:14:10.770118 | ~~~~~~~~~~~~~~~~~~~~~~~
2017-07-20 01:14:10.770193 | 2017-07-20 00:54:16,576 23533 INFO [tempest.lib.common.rest_client] Request (IdentityV3UsersTest:test_user_update_own_password): 401 POST https://198.72.124.157/identity/v3/users/b99de038ad484b1fb4d65aebefd4464d/password 0.049s
2017-07-20 01:14:10.770284 | 2017-07-20 00:54:16,576 23533 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'X-Auth-Token': '<omitted>', 'Accept': 'application/json'}
2017-07-20 01:14:10.770331 | Body: {"user": {"password": "M8*qsS56SFEo%s4", "original_password": "T4+DR4vL577eGl_"}}
2017-07-20 01:14:10.770475 | Response - Headers: {u'content-type': 'application/json', u'date': 'Thu, 20 Jul 2017 00:54:16 GMT', u'vary': 'X-Auth-Token', u'server': 'Apache/2.4.18 (Ubuntu)', u'connection': 'close', u'x-openstack-request-id': 'req-20995818-e4f4-4aaa-bdc1-d91c145ca562', u'www-authenticate': 'Keystone uri="https://198.72.124.157/identity"', u'content-length': '129', 'status': '401', 'content-location': 'https://198.72.124.157/identity/v3/users/b99de038ad484b1fb4d65aebefd4464d/password'}
2017-07-20 01:14:10.770528 | Body: {"error": {"message": "The account is locked for user: b99de038ad484b1fb4d65aebefd4464d.", "code": 401, "title": "Unauthorized"}}
2017-07-20 01:14:10.770599 | 2017-07-20 00:54:16,614 23533 INFO [tempest.lib.common.rest_client] Request (IdentityV3UsersTest:_run_cleanups): 401 POST https://198.72.124.157/identity/v3/users/b99de038ad484b1fb4d65aebefd4464d/password 0.036s
2017-07-20 01:14:10.770669 | 2017-07-20 00:54:16,614 23533 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'X-Auth-Token': '<omitted>', 'Accept': 'application/json'}
2017-07-20 01:14:10.770709 | Body: {"user": {"password": "H1!w*#WDyqGDBod", "original_password": "M8*qsS56SFEo%s4"}}
2017-07-20 01:14:10.770857 | Response - Headers: {u'content-type': 'application/json', u'date': 'Thu, 20 Jul 2017 00:54:16 GMT', u'vary': 'X-Auth-Token', u'server': 'Apache/2.4.18 (Ubuntu)', u'connection': 'close', u'x-openstack-request-id': 'req-3427cb2f-65a2-4411-8005-9d9108d868e7', u'www-authenticate': 'Keystone uri="https://198.72.124.157/identity"', u'content-length': '129', 'status': '401', 'content-location': 'https://198.72.124.157/identity/v3/users/b99de038ad484b1fb4d65aebefd4464d/password'}
2017-07-20 01:14:10.770914 | Body: {"error": {"message": "The account is locked for user: b99de038ad484b1fb4d65aebefd4464d.", "code": 401, "title": "Unauthorized"}}
2017-07-20 01:14:10.770929 |
2017-07-20 01:14:10.770942 |
2017-07-20 01:14:10.770960 | Captured traceback-1:
2017-07-20 01:14:10.770978 | ~~~~~~~~~~~~~~~~~~~~~
2017-07-20 01:14:10.771001 | Traceback (most recent call last):
2017-07-20 01:14:10.771034 | File "tempest/api/identity/v3/test_users.py", line 64, in _restore_password
2017-07-20 01:14:10.771062 | original_password=new_pass, password=random_pass)
2017-07-20 01:14:10.771096 | File "tempest/api/identity/v3/test_users.py", line 42, in _update_password
2017-07-20 01:14:10.771120 | original_password=original_password)
2017-07-20 01:14:10.771157 | File "tempest/lib/services/identity/v3/users_client.py", line 60, in update_user_password
2017-07-20 01:14:10.771188 | resp, _ = self.post('users/%s/password' % user_id, update_user)
2017-07-20 01:14:10.771218 | File "tempest/lib/common/rest_client.py", line 270, in post
2017-07-20 01:14:10.771251 | return self.request('POST', url, extra_headers, headers, body, chunked)
2017-07-20 01:14:10.771282 | File "tempest/lib/common/rest_client.py", line 659, in request
2017-07-20 01:14:10.771306 | self._error_checker(resp, resp_body)
2017-07-20 01:14:10.771346 | File "tempest/lib/common/rest_client.py", line 755, in _error_checker
2017-07-20 01:14:10.789250 | raise exceptions.Unauthorized(resp_body, resp=resp)
2017-07-20 01:14:10.789306 | tempest.lib.exceptions.Unauthorized: Unauthorized
2017-07-20 01:14:10.789359 | Details: {u'code': 401, u'title': u'Unauthorized', u'message': u'The account is locked for user: b99de038ad484b1fb4d65aebefd4464d.'}
I'm not sure if this is a keystone issue or a tempest test bug so
going to file it against both then start tracking it with elastic-
recheck.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1706719/+subscriptions
References