yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1866817] Re: Invalid input for field 'roles/0/id': 'role_admin' does not match '^[a-zA-Z0-9-]+$'

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Colleen Murphy <colleen@xxxxxxxxxxx>
Date: Tue, 07 Apr 2020 01:34:38 -0000
Reply-to: Bug 1866817 <1866817@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

> seems to work fine on train region but fails on rocky region

The user in your rocky region does not have the image_viewer,
role_viewer, or role_admin roles assigned. Assign those roles to the
user on the project and it will work.

> I would like to harden my ec2 keystone policy, like restricting number
of credentials to be created, credentials validation, credentials TTL,
etc. Is this right forum to raise a new ticket or can i mail an expert
directly ?

See the documentation on using application credentials for how to set a
TTL/expiration:

https://docs.openstack.org/keystone/latest/user/application_credentials.html

and the configuration options for application credentials for how to set
a limit on them:

https://docs.openstack.org/keystone/latest/configuration/config-
options.html#application-credential

If you still have questions, you can email openstack-
discuss@xxxxxxxxxxxxxxxxxxx and include [keystone] in the subject line,
or reach out on the freenode IRC network in the #openstack-keystone
channel.

** Changed in: keystone
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1866817

Title:
  Invalid input for field 'roles/0/id': 'role_admin' does not match
  '^[a-zA-Z0-9-]+$'

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  Hi,

  Please suggest how to fix the below error:

  i get this error when i execute for roles image_viewer, role_admin,
  role_viewer only, works fine with other roles.

  openstack application credential create --role image_viewer --secret
  test iv Invalid input for field 'roles/0/id': 'image_viewer' does not
  match '^[a-zA-Z0-9-]+$'

  Failed validating 'pattern' in
  schema['properties']['roles']['items']['properties']['id']:
  {'maxLength': 64, 'minLength': 1, 'pattern': '^[a-zA-Z0-9-]+$',
  'type': 'string'}

  On instance['roles'][0]['id']: 'image_viewer' (HTTP 400) (Request-ID:
  req-92bd08a5-d151-41ca-b564-e8e981dd0539) openstack application
  credential create --role role_admin --secret test iv 0 ↵ Invalid input
  for field 'roles/0/id': 'role_admin' does not match '^[a-zA-Z0-9-]+$'

  Failed validating 'pattern' in
  schema['properties']['roles']['items']['properties']['id']:
  {'maxLength': 64, 'minLength': 1, 'pattern': '^[a-zA-Z0-9-]+$',
  'type': 'string'}

  On instance['roles'][0]['id']: 'role_admin' (HTTP 400) (Request-ID:
  req-d2388261-bd0d-4b02-9342-5d9ec32ceb6f)

  The request ID shows the same data, this is an old bug in nova:
  https://bugs.launchpad.net/nova/+bug/1491325

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1866817/+subscriptions

References

[Bug 1866817] [NEW] Invalid input for field 'roles/0/id': 'role_admin' does not match '^[a-zA-Z0-9-]+$'
From: Rajiv Mucheli, 2020-03-10