Ubuntu
heat package

Merge ~al3jandrosg/ubuntu/+source/heat:fix-auth-trusts-plucky into ubuntu/+source/heat:ubuntu/plucky-devel

  1. Git
  2. lp:~al3jandrosg/ubuntu/+source/heat
  3. fix-auth-trusts-plucky
  4. Merge into ubuntu/plucky-devel
Proposed by Alejandro Santoyo Gonzalez
Status: Needs review
Proposed branch: ~al3jandrosg/ubuntu/+source/heat:fix-auth-trusts-plucky
Merge into: ubuntu/+source/heat:ubuntu/plucky-devel
Diff against target: 82 lines (+60/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch (+52/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Ubuntu Sponsors Pending
git-ubuntu import Pending
Review via email: mp+493120@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Simon Chopin (schopin) wrote (last edit ):

Please fix your git commit author metadata :)

Reply
~al3jandrosg/ubuntu/+source/heat:fix-auth-trusts-plucky updated
6d16f98... by Alejandro Santoyo Gonzalez

Fix stack update when reauthentication_auth_method=trusts

When a stack is created with a certain user,
"reauthentication_auth_method=trusts" and an update is
triggered, the update fails because after the trust
regeneration the user_creds_id values are deleted for
the stack and the nested resources. Only the parent
stack gets a new set of creds but those are not
propagated to the nested resources.

This patch grabs the user_creds_id created for the
parent stack upon trust regeneration and propagates
that to the nested stacks.

Unmerged commits

6d16f98... by Alejandro Santoyo Gonzalez

Fix stack update when reauthentication_auth_method=trusts

When a stack is created with a certain user,
"reauthentication_auth_method=trusts" and an update is
triggered, the update fails because after the trust
regeneration the user_creds_id values are deleted for
the stack and the nested resources. Only the parent
stack gets a new set of creds but those are not
propagated to the nested resources.

This patch grabs the user_creds_id created for the
parent stack upon trust regeneration and propagates
that to the nested stacks.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index e179d2d..47d5fa3 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+heat (1:24.0.0-0ubuntu1.1) plucky; urgency=medium
7+
8+ * Fix stack update when reauth = trusts (LP: #2097539).
9+ - d/p/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch
10+
11+ -- Alejandro Santoyo Gonzalez <alejandro.santoyo@canonical.com> Tue, 16 Sep 2025 08:51:43 +0000
12+
13 heat (1:24.0.0-0ubuntu1) plucky; urgency=medium
14
15 * d/watch: Track Epoxy series releases.
16diff --git a/debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch b/debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch
17new file mode 100644
18index 0000000..5a3267c
19--- /dev/null
20+++ b/debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch
21@@ -0,0 +1,52 @@
22+From bb309bde1114a2095a2088623dcc0ba45c7ee860
23+From: Alejandro Santoyo <alejandro.santoyo@canonical.com>
24+Date: Wed, 26 Feb 2025 13:59:41 +0100
25+Subject: Fix stack update when reauthentication_auth_method=trusts
26+
27+When a stack is created with a certain user,
28+"reauthentication_auth_method=trusts" and an update is
29+triggered, the update fails because after the trust
30+regeneration the user_creds_id values are deleted for
31+the stack and the nested resources. Only the parent
32+stack gets a new set of creds but those are not
33+propagated to the nested resources.
34+
35+This patch grabs the user_creds_id created for the
36+parent stack upon trust regeneration and propagates
37+that to the nested stacks.
38+
39+story: 2011342
40+task: 51653
41+
42+Change-Id: I9a3263c6ab3d515fa468cfb7ce3cd6cfbf39aa57
43+Signed-off-by: Alejandro Santoyo <alejandro.santoyo@canonical.com>
44+Origin: upstream, https://opendev.org/openstack/heat/commit/bb309bde1114a2095a2088623dcc0ba45c7ee860
45+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/heat/+bug/2097539
46+---
47+ heat/engine/stack.py | 10 ++++++++++
48+ 1 file changed, 10 insertions(+)
49+
50+diff --git a/heat/engine/stack.py b/heat/engine/stack.py
51+index f00e2b3dd..d4e93a64a 100644
52+--- a/heat/engine/stack.py
53++++ b/heat/engine/stack.py
54+@@ -285,6 +285,16 @@ class Stack(collections.abc.Mapping):
55+ parent_rsrc.use_parent_stack(parent_info, parent_stack)
56+
57+ def stored_context(self):
58++ if not self.user_creds_id:
59++ # if it's a nested stack and the creds have been deleted after
60++ # the trust is regenerated, make sure we grab the newly created
61++ # user_creds_id from the parent stack value for the nested stack
62++ parent_id = self.root_stack_id()
63++ if parent_id: # check if it's a nested stack
64++ stack = stack_object.Stack.get_by_id(self.context, parent_id,
65++ show_deleted=True)
66++ self.user_creds_id = stack.user_creds_id
67++
68+ if self.user_creds_id:
69+ creds_obj = ucreds_object.UserCreds.get_by_id(
70+ self.context, self.user_creds_id)
71+--
72+2.34.1
73+
74diff --git a/debian/patches/series b/debian/patches/series
75index e394474..93c50c8 100644
76--- a/debian/patches/series
77+++ b/debian/patches/series
78@@ -1,3 +1,4 @@
79 drop-zun.patch
80 sudoers_patch.patch
81 install-missing-files.patch
82+lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch

Subscribers

People subscribed via source and target branches