Change Details

Just now @Volans tried to add himself to the bastion project in codfw1dev and ran into two issues: 1) When adding himself to the project, he got a very weird error message: ``` BadRequestException: 400: Client Error for url: https://openstack.codfw1dev.wikimediacloud.org:25357/v3/users?name=volans, Invalid input for field/attribute 0. Value: {'id': 'volans', 'name': 'Volans', 'email': 'rcoccioli@wikimedia.org', 'options': {}, 'password_expires_at': None, 'domain_id': 'default', 'links': {'self': 'https://openstack.codfw1dev.wikimediacloud.org:25357/v3/users/volans'}}. 'enabled' is a required property ``` That error seems to actually happen when ldap is queried, not when it's written to. One hint: this error appears when I operate on 'labtestandrew' but not when I operate on 'labtestandrewmortal' -- this makes me think that upstream added some new schema validation in the latest release. 2) There's nothing in the wikitech docs about adding an ssh key for codfw1dev ldap, or even a note that you NEED to. A reasonable user would expect their existing eqiad1 key to just work which it definitely does not.

Just now @Volans tried to add himself to the bastion project in codfw1dev and ran into a very weird error message: ``` BadRequestException: 400: Client Error for url: https://openstack.codfw1dev.wikimediacloud.org:25357/v3/users?name=volans, Invalid input for field/attribute 0. Value: {'id': 'volans', 'name': 'Volans', 'email': 'rcoccioli@wikimedia.org', 'options': {}, 'password_expires_at': None, 'domain_id': 'default', 'links': {'self': 'https://openstack.codfw1dev.wikimediacloud.org:25357/v3/users/volans'}}. 'enabled' is a required property ``` That error seems to actually happen when ldap is queried, not when it's written to. One hint: this error appears when I operate on 'labtestandrew' but not when I operate on 'labtestandrewmortal' -- this makes me think that upstream added some new schema validation in the latest release.

Just now @Volans tried to add himself to the bastion project in codfw1dev and ran into two issues: 1) When adding himself to the project, he got a very weird error message: ``` BadRequestException: 400: Client Error for url: https://openstack.codfw1dev.wikimediacloud.org:25357/v3/users?name=volans, Invalid input for field/attribute 0. Value: {'id': 'volans', 'name': 'Volans', 'email': 'rcoccioli@wikimedia.org', 'options': {}, 'password_expires_at': None, 'domain_id': 'default', 'links': {'self': 'https://openstack.codfw1dev.wikimediacloud.org:25357/v3/users/volans'}}. 'enabled' is a required property ``` That error seems to actually happen when ldap is queried, not when it's written to. One hint: this error appears when I operate on 'labtestandrew' but not when I operate on 'labtestandrewmortal' -- this makes me think that upstream added some new schema validation in the latest release. 2) There's nothing in the wikitech docs about adding an ssh key for codfw1dev ldap, or even a note that you NEED to. A reasonable user would expect their existing eqiad1 key to just work which it definitely does not.