Bug 2063240
Summary: | swift ACLs not respected by RGW | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Francesco Pantano <fpantano> |
Component: | RGW | Assignee: | Marcus Watts <mwatts> |
Status: | CLOSED NOTABUG | QA Contact: | Madhavi Kasturi <mkasturi> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.0 | CC: | aoconnor, bkopilov, cbodley, ceph-eng-bugs, gfidente, kbader, kkeithle, ltoscano, mbenjamin, mwatts, psedlak, sostapov, spower, vereddy, yrabl |
Target Milestone: | --- | ||
Target Release: | 5.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-15 10:08:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1820257 |
Description
Francesco Pantano
2022-03-11 15:05:19 UTC
I had issues with rhos17 and tempest failing tests. Managed to run tempest successfull with radosgw . tempest.conf : (Valid based on tripleo defaults) [auth] tempest_roles = member,creator [object-storage] reseller_admin_role = ResellerAdmin operator_role = admin Default from radosgw which may be related : rgw_keystone_accepted_roles: 'member, Member, admin' rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator tempest use the operator_role as the os_operator and in radowgw they set the swiftoperator as rgw admin role ... When i tried to run operator_role = swiftoperator , i got tempest failures. operator_role = admin works ! I think that its related to the defaults from tripleo ... Hope it helped, Benny (In reply to bkopilov from comment #6) > I had issues with rhos17 and tempest failing tests. > Managed to run tempest successfull with radosgw . > > tempest.conf : (Valid based on tripleo defaults) > [auth] > tempest_roles = member,creator > > [object-storage] > reseller_admin_role = ResellerAdmin > operator_role = admin > > > Default from radosgw which may be related : > rgw_keystone_accepted_roles: 'member, Member, admin' > rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator > > tempest use the operator_role as the os_operator and in radowgw they set the > swiftoperator as rgw admin role ... > When i tried to run operator_role = swiftoperator , i got tempest failures. > operator_role = admin works ! For the record, the failing configuration mentioned in the description does not use operator_role = admin. It uses [auth] tempest_roles = swiftoperator,creator [object-storage] reseller_admin_role = ResellerAdmin operator_role = admin Also, the description lists a set of manual steps (not tempest) which used to work previously and now fails. (In reply to Luigi Toscano from comment #7) > (In reply to bkopilov from comment #6) > > I had issues with rhos17 and tempest failing tests. > > Managed to run tempest successfull with radosgw . > > > > tempest.conf : (Valid based on tripleo defaults) > > [auth] > > tempest_roles = member,creator > > > > [object-storage] > > reseller_admin_role = ResellerAdmin > > operator_role = admin > > > > > > Default from radosgw which may be related : > > rgw_keystone_accepted_roles: 'member, Member, admin' > > rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator > > > > tempest use the operator_role as the os_operator and in radowgw they set the > > swiftoperator as rgw admin role ... > > When i tried to run operator_role = swiftoperator , i got tempest failures. > > operator_role = admin works ! > > For the record, the failing configuration mentioned in the description does > not use operator_role = admin. Of course that should read as "the failing configuration *does* use operator_role = admin" > It uses > > > [auth] > tempest_roles = swiftoperator,creator > > [object-storage] > reseller_admin_role = ResellerAdmin > operator_role = admin > > > Also, the description lists a set of manual steps (not tempest) which used > to work previously and now fails. Bumping this to urgent as it is blocking the Phase 2 testing gate for the OSP 17.0 compose. (In reply to bkopilov from comment #6) > I had issues with rhos17 and tempest failing tests. > Managed to run tempest successfull with radosgw . > > tempest.conf : (Valid based on tripleo defaults) > [auth] > tempest_roles = member,creator > > [object-storage] > reseller_admin_role = ResellerAdmin > operator_role = admin "operator_role" should be set to "member" or left unset (defaults to "member") > Default from radosgw which may be related : > rgw_keystone_accepted_roles: 'member, Member, admin' > rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator this looks correct, it is how tripleo configures rgw; do I understand correctly that by using the above configs we do see the tempest test passing? (In reply to Giulio Fidente from comment #13) > (In reply to bkopilov from comment #6) > > I had issues with rhos17 and tempest failing tests. > > Managed to run tempest successfull with radosgw . > > > > tempest.conf : (Valid based on tripleo defaults) > > [auth] > > tempest_roles = member,creator > > > > [object-storage] > > reseller_admin_role = ResellerAdmin > > operator_role = admin > > "operator_role" should be set to "member" or left unset (defaults to > "member") > > > Default from radosgw which may be related : > > rgw_keystone_accepted_roles: 'member, Member, admin' > > rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator > > this looks correct, it is how tripleo configures rgw; do I understand > correctly that by using the above configs we do see the tempest test passing? Yes, in case tempest.conf configured with : [auth] tempest_roles = member,creator [object-storage] reseller_admin_role = ResellerAdmin operator_role = member # default tempest swift(object) tests passed successfully. Thanks, Benny Disabling the older code/workaround for bug #1484419 which was setting auth.tempest_roles = swiftoperator, seems resolved the issue, leaving it just on tempest/tempest-conf defaults (member) seems working with osp17+ceph+radosgw. https://review.gerrithub.io/c/rhos-infra/cloud-config/+/539662 So closing as NOTABUG since defaults seem to work as expected now, mistake was on bad override which is not needed anymore. |