Ask Your Question
0

[MOS Juno] Heat stack delete Fails with 'Forbidden: You are not authorized to perform the requested action: identity:delete_user (HTTP 403)'

asked 2015-06-11 08:50:52 -0600

Jet gravatar image

updated 2015-06-15 10:14:30 -0600

We using MOS (Mirantis OpenStack) Juno and have followed http://hardysteven.blogspot.co.uk/201... and setup heat to use trusts i.e.

deferred_auth_method=trusts
trusts_delegated_roles=heat_stack_owner

and followed http://hardysteven.blogspot.com/2014/... to setup a seperate domain for the creation of heat users.

However there are a few stacks that we are not able to delete. When we try to delete it we see the below in the logs

<134>Jun 11 09:35:58 node-2 heat-engine 2015-06-11 09:35:58.631 15121 INFO heat.engine.service [req-ecabf662-4b54-4caf-8bdd-f9bce7b68b7d None] Deleting stack testuser-v000
<134>Jun 11 09:35:58 node-2 heat-engine 2015-06-11 09:35:58.656 15121 INFO heat.engine.stack [-] Stack DELETE IN_PROGRESS (testuser-v000): Stack DELETE started
<134>Jun 11 09:35:58 node-2 heat-engine 2015-06-11 09:35:58.685 15121 INFO heat.engine.environment [-] Registering OS::Heat::ScaledResource -> AWS::EC2::Instance
<134>Jun 11 09:35:58 node-2 heat-engine 2015-06-11 09:35:58.809 15121 INFO heat.engine.stack [-] Stack DELETE IN_PROGRESS (testuser-v000*): Stack DELETE started
<134>Jun 11 09:35:59 node-2 heat-engine 2015-06-11 09:35:59.842 15121 INFO heat.engine.resource [-] deleting AWSScalingPolicy "WebServerScaleUpPolicy" [b1ea27e941ac4885b928681d68e6540a] Stack "testuser-v000*" [cc790a48-9374-4cdc-a79e-8f4fc52a9113]
<134>Jun 11 09:35:59 node-2 heat-engine 2015-06-11 09:35:59.878 15121 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): 192.168.200.2
<134>Jun 11 09:36:00 node-2 heat-engine 2015-06-11 09:36:00.042 15121 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): 192.168.200.2
<132>Jun 11 09:36:00 node-2 heat-engine 2015-06-11 09:36:00.070 15121 WARNING heat.engine.stack_user [-] Reverting to legacy user delete path
<134>Jun 11 09:36:00 node-2 heat-engine 2015-06-11 09:36:00.075 15121 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): 192.168.200.2
<134>Jun 11 09:36:00 node-2 heat-engine 2015-06-11 09:36:00.102 15121 INFO heat.engine.resource [-] DELETE: AWSScalingPolicy "WebServerScaleUpPolicy" [b1ea27e941ac4885b928681d68e6540a] Stack "testuser-v000*" [cc790a48-9374-4cdc-a79e-8f4fc52a9113]
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource Traceback (most recent call last):
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource   File "/usr/lib/python2.6/site-packages/heat/engine/resource.py", line 435, in _action_recorder
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource     yield
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource   File "/usr/lib/python2.6/site-packages/heat/engine/resource.py", line 839, in delete
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource     yield self.action_handler_task(action, *action_args)
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource   File "/usr/lib/python2.6/site-packages/heat/engine/scheduler.py", line 286, in wrapper
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource     step = next(subtask)
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource   File "/usr/lib/python2.6/site-packages/heat/engine/resource.py", line 476, in action_handler_task
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource     handler_data = handler(*args)
2015-06-11 09:36:00.102 15121 TRACE heat.engine.resource   File "/usr/lib/python2.6/site-packages ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-07-05 18:34:45 -0600

Steve Baker gravatar image

This has been fixed in master, but needs to be backport to Kilo then Juno.

https://bugs.launchpad.net/heat/+bug/...

edit flag offensive delete link more

Comments

The work around in the bug report to be an admin in the project allowed me to deleted the stacks. Thanks!

Jet gravatar imageJet ( 2015-07-07 15:37:24 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-06-11 08:50:52 -0600

Seen: 625 times

Last updated: Jul 05 '15