Description of problem:
please include the LP#1334368. It causes some failures in our icehouse tempest runs:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This will be picked up as a part of the rebase of the upstream 2014.1.2 release. That upstream release is currently planned for Aug 7 2014. Our A2 update will be based on this upstream release.
I don't think that this is worthy of an earlier one-off update since it's purely an inconsistency in the response codes between keystone-all and httpd deployments. This inconsistency is not a new behavior, and it should only be affecting the tests. I'm targeting OSP 5.0 A2.
We rebased to the upstream keystone 2014.1.2.release for 5.0.z A1. Setting to MODIFIED since this rebase has been completed.
The problem is that all HEAD calls return 404 for me... For example even the simplest call to list all domains:
# curl --head -H "x-auth-token:$TOKEN" http://localhost:35357/v3/domains
HTTP/1.1 404 Not Found
Date: Wed, 24 Sep 2014 09:46:25 GMT
When doing a regular GET on the same url there is no problem.
(In reply to Udi from comment #5)
> The problem is that all HEAD calls return 404 for me... For example even the
> simplest call to list all domains:
You can't simply issue a HEAD request for any resource, as not all resources support a HEAD request. You need to test against a resource that supports HEAD according to the Identity API spec (http://docs.openstack.org/api/openstack-identity-service/3/content/core-api.html). An example of an API call that supports head is the request to check/validate tokens described here:
You can use curl like this to make the correct HEAD request:
curl -v -H "X-Auth-Token: <admin token>"
-H "X-Subject-Token: <token to validate>" \
-H "Content-Type: application/json" \
Note that this will return a 404 is the token in "X-Subject-Token" is not found, so you will want to validate a valid token id (not the admin service token) if you want to get a 20x response. Prior to the fix, you will see a difference in the response codes for this call between GET and HEAD. With the fix, the response code should be the same for both GET and HEAD requests.
I reproduced the error again on openstack-keystone-2014.1.2.1-2.el7ost.noarch, where it's supposed to be fixed already. I also reproduced it on RDO Icehouse. It caused these 3 tests to fail in Tempest :
The failure was always something like this:
Traceback (most recent call last):
File "/root/tempest/tempest/api/identity/admin/v3/test_trusts.py", line 221, in test_trust_noimpersonate
File "/root/tempest/tempest/api/identity/admin/v3/test_trusts.py", line 169, in check_trust_roles
File "/usr/lib/python2.7/site-packages/testtools/testcase.py", line 321, in assertEqual
self.assertThat(observed, matcher, message)
File "/usr/lib/python2.7/site-packages/testtools/testcase.py", line 406, in assertThat
MismatchError: '204' != '200'
 I tried it on a 6 month old version of Tempest from the icehouse branch of https://github.com/redhat-openstack/tempest
I tried it now on the latest Tempest and there it's not failing anymore. Is this enough to consider it verified?
(In reply to Martina Kollarova from comment #8)
> I tried it now on the latest Tempest and there it's not failing anymore. Is
> this enough to consider it verified?
Yes, there were associated changes made to the Tempest tests. Details are here:
If the latest tempest is passing, then it should be enough to consider this VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.