Bug 2219603
| Summary: | Missing Designate sRBAC overrides in TripleO when enabling secure RBAC | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Lilach Avraham <lavraham> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Nate Johnston <njohnston> |
| Status: | MODIFIED --- | QA Contact: | Lilach Avraham <lavraham> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 17.1 (Wallaby) | CC: | bbonguar, gthiemon, lsvaty, mburns, michjohn, njohnston, pgrist, scohen |
| Target Milestone: | z1 | Keywords: | TestBlocker, Triaged |
| Target Release: | 17.1 | Flags: | ifrangs:
needinfo?
(njohnston) |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-tripleo-heat-templates-14.3.1-17.1.20230714001051.2dbbc7e.el9osttrunk | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2124618 | ||
I've run the Designate SRBAC job [1] with the configuration we've used to run the RBAC test [2]. we have 14 tests that still fail [3], and most of them get this traceback. Traceback (most recent call last): File "/home/stack/plugins/designate-tempest-plugin/designate_tempest_plugin/tests/api/v2/test_recordset.py", line 509, in test_admin_list_all_recordsets_for_a_project item['id'] for item in self.admin_client.list_recordset( File "/home/stack/plugins/designate-tempest-plugin/designate_tempest_plugin/services/dns/json/base.py", line 39, in wrapper return f(*args, **kwargs) File "/home/stack/plugins/designate-tempest-plugin/designate_tempest_plugin/services/dns/v2/json/recordset_client.py", line 150, in list_recordset return self._list_request( File "/home/stack/plugins/designate-tempest-plugin/designate_tempest_plugin/services/dns/json/base.py", line 187, in _list_request resp, body = self.get(uri, headers=headers) File "/home/stack/.virtualenvs/.tempest/lib64/python3.9/site-packages/tempest/lib/common/rest_client.py", line 322, in get return self.request('GET', url, extra_headers, headers, File "/home/stack/.virtualenvs/.tempest/lib64/python3.9/site-packages/tempest/lib/common/rest_client.py", line 742, in request self._error_checker(resp, resp_body) File "/home/stack/.virtualenvs/.tempest/lib64/python3.9/site-packages/tempest/lib/common/rest_client.py", line 847, in _error_checker raise exceptions.Forbidden(resp_body, resp=resp) tempest.lib.exceptions.Forbidden: Forbidden Details: {'code': 403, 'type': 'forbidden', 'request_id': 'req-a5977a6a-2324-410b-beb4-23c86269fa26'} [1]- https://rhos-ci-staging-jenkins.lab.eng.tlv2.redhat.com/view/DFG/view/network/view/openstack-designate/job/DFG-network-openstack-designate-17.1_director-rhel-virthost-3cont_2comp-ipv4-geneve-srbac/32/ [2]- http://rhos-ci-logs.lab.eng.tlv2.redhat.com/logs/staging/DFG-network-openstack-designate-17.1_director-rhel-virthost-3cont_2comp-ipv4-geneve-srbac/32/undercloud-0/home/stack/tempest-dir/etc/tempest.conf.gz [3]- http://rhos-ci-logs.lab.eng.tlv2.redhat.com/logs/staging/DFG-network-openstack-designate-17.1_director-rhel-virthost-3cont_2comp-ipv4-geneve-srbac/32/test_results/tempest-results-designate.1.html