Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-12615

BZ#2294892 json error when setting ignore_user_inactivity

XMLWordPrintable

      Description of problem:

      On an already deployed environment (16.2) customer added the following parameters:

      parameter_defaults:
      KeystoneChangePasswordUponFirstUse: True
      KeystoneDisableUserAccountDaysInactive: 30
      KeystoneLockoutDuration: 1800
      KeystoneLockoutFailureAttempts: 5
      KeystoneMinimumPasswordAge: 3
      KeystonePasswordExpiresDays: 90
      KeystoneUniqueLastPasswordCount: 5

      This resulted in no user able to login to their account.

      We believe that this is expected and setting ignore_user_inactivity will solve the issue, but we get a json error:

      curl -s -X PATCH -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '
      > {
      > "user": {
      > "options":

      { > "ignore_user_inactivity": true > }

      > }
      > }' "$KEYSTONE_API_URL"/v3/users/66739642a5e047689d5b2aaf4da4b097

      {"error":{"code":400,"message":"Invalid input for field 'options': Additional properties are not allowed ('ignore_user_inactivity' was unexpected)\n\nFailed validating 'additionalProperties' in schema['properties']['options']:\n {'additionalProperties': False,\n 'properties': {'ignore_change_password_upon_first_use':

      {'enum': [True,\n False,\n None],\n 'type': ['boolean',\n 'null']}

      ,\n 'ignore_lockout_failure_attempts':

      {'enum': [True,\n False,\n None],\n 'type': ['boolean',\n 'null']}

      ,\n 'ignore_password_expiry':

      {'enum': [True, False, None],\n 'type': ['boolean', 'null']}

      ,\n 'lock_password':

      {'enum': [True, False, None],\n 'type': ['boolean', 'null']}

      ,\n 'multi_factor_auth_enabled':

      {'enum': [True,\n False,\n None],\n 'type': ['boolean',\n 'null']}

      ,\n 'multi_factor_auth_rules': {'items': {'items':

      {'type': 'string'}

      ,\n 'minItems': 1,\n 'type': 'array',\n 'uniqueItems': True},\n 'type': ['array', 'null'],\n 'uniqueItems': True}},\n 'type': 'object'}\n\nOn instance['options']:\n

      {'ignore_user_inactivity': True}

      ","title":"Bad Request"}}

      We need help enabling ignore_user_inactivity, the format is the same as the provided
      in the documentation, but it fails with the previous error.

      Version-Release number of selected component (if applicable):
      16.2

      How reproducible:
      always

      Steps to Reproduce:
      1.
      2.
      3.

      Actual results:

      Expected results:

      Additional info:

          There are no Sub-Tasks for this issue.

              dwilde@redhat.com Dave Wilde
              jira-bugzilla-migration RH Bugzilla Integration
              Jeremy Agee Jeremy Agee
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: