Ubuntu
heat package

Merge ~al3jandrosg/ubuntu/+source/heat:fix-auth-trusts-plucky into ubuntu/+source/heat:ubuntu/plucky-devel

  1. Git
  2. lp:~al3jandrosg/ubuntu/+source/heat
  3. fix-auth-trusts-plucky
  4. Merge into ubuntu/plucky-devel
Proposed by Alejandro Santoyo Gonzalez
Status: Needs review
Proposed branch: ~al3jandrosg/ubuntu/+source/heat:fix-auth-trusts-plucky
Merge into: ubuntu/+source/heat:ubuntu/plucky-devel
Diff against target: 82 lines (+60/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch (+52/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Ubuntu Sponsors Pending
git-ubuntu import Pending
Review via email: mp+493120@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Simon Chopin (schopin) wrote (last edit ):

Please fix your git commit author metadata :)

Reply
~al3jandrosg/ubuntu/+source/heat:fix-auth-trusts-plucky updated
6d16f98... by Alejandro Santoyo Gonzalez

Fix stack update when reauthentication_auth_method=trusts

When a stack is created with a certain user,
"reauthentication_auth_method=trusts" and an update is
triggered, the update fails because after the trust
regeneration the user_creds_id values are deleted for
the stack and the nested resources. Only the parent
stack gets a new set of creds but those are not
propagated to the nested resources.

This patch grabs the user_creds_id created for the
parent stack upon trust regeneration and propagates
that to the nested stacks.

Unmerged commits

6d16f98... by Alejandro Santoyo Gonzalez

Fix stack update when reauthentication_auth_method=trusts

When a stack is created with a certain user,
"reauthentication_auth_method=trusts" and an update is
triggered, the update fails because after the trust
regeneration the user_creds_id values are deleted for
the stack and the nested resources. Only the parent
stack gets a new set of creds but those are not
propagated to the nested resources.

This patch grabs the user_creds_id created for the
parent stack upon trust regeneration and propagates
that to the nested stacks.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index e179d2d..47d5fa3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1heat (1:24.0.0-0ubuntu1.1) plucky; urgency=medium
2
3 * Fix stack update when reauth = trusts (LP: #2097539).
4 - d/p/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch
5
6 -- Alejandro Santoyo Gonzalez <alejandro.santoyo@canonical.com> Tue, 16 Sep 2025 08:51:43 +0000
7
1heat (1:24.0.0-0ubuntu1) plucky; urgency=medium8heat (1:24.0.0-0ubuntu1) plucky; urgency=medium
29
3 * d/watch: Track Epoxy series releases.10 * d/watch: Track Epoxy series releases.
diff --git a/debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch b/debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch
4new file mode 10064411new file mode 100644
index 0000000..5a3267c
--- /dev/null
+++ b/debian/patches/lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch
@@ -0,0 +1,52 @@
1From bb309bde1114a2095a2088623dcc0ba45c7ee860
2From: Alejandro Santoyo <alejandro.santoyo@canonical.com>
3Date: Wed, 26 Feb 2025 13:59:41 +0100
4Subject: Fix stack update when reauthentication_auth_method=trusts
5
6When a stack is created with a certain user,
7"reauthentication_auth_method=trusts" and an update is
8triggered, the update fails because after the trust
9regeneration the user_creds_id values are deleted for
10the stack and the nested resources. Only the parent
11stack gets a new set of creds but those are not
12propagated to the nested resources.
13
14This patch grabs the user_creds_id created for the
15parent stack upon trust regeneration and propagates
16that to the nested stacks.
17
18story: 2011342
19task: 51653
20
21Change-Id: I9a3263c6ab3d515fa468cfb7ce3cd6cfbf39aa57
22Signed-off-by: Alejandro Santoyo <alejandro.santoyo@canonical.com>
23Origin: upstream, https://opendev.org/openstack/heat/commit/bb309bde1114a2095a2088623dcc0ba45c7ee860
24Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/heat/+bug/2097539
25---
26 heat/engine/stack.py | 10 ++++++++++
27 1 file changed, 10 insertions(+)
28
29diff --git a/heat/engine/stack.py b/heat/engine/stack.py
30index f00e2b3dd..d4e93a64a 100644
31--- a/heat/engine/stack.py
32+++ b/heat/engine/stack.py
33@@ -285,6 +285,16 @@ class Stack(collections.abc.Mapping):
34 parent_rsrc.use_parent_stack(parent_info, parent_stack)
35
36 def stored_context(self):
37+ if not self.user_creds_id:
38+ # if it's a nested stack and the creds have been deleted after
39+ # the trust is regenerated, make sure we grab the newly created
40+ # user_creds_id from the parent stack value for the nested stack
41+ parent_id = self.root_stack_id()
42+ if parent_id: # check if it's a nested stack
43+ stack = stack_object.Stack.get_by_id(self.context, parent_id,
44+ show_deleted=True)
45+ self.user_creds_id = stack.user_creds_id
46+
47 if self.user_creds_id:
48 creds_obj = ucreds_object.UserCreds.get_by_id(
49 self.context, self.user_creds_id)
50--
512.34.1
52
diff --git a/debian/patches/series b/debian/patches/series
index e394474..93c50c8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
1drop-zun.patch1drop-zun.patch
2sudoers_patch.patch2sudoers_patch.patch
3install-missing-files.patch3install-missing-files.patch
4lp2097539-Fix-stack-update-when-reauthentication_auth_method-t.patch

Subscribers

People subscribed via source and target branches