Description of problem: please include the LP#1334368. It causes some failures in our icehouse tempest runs: tempest.api.identity.admin.v3.test_trusts.TrustsV3TestJSON.test_trust_expire[ tempest.api.identity.admin.v3.test_trusts.TrustsV3TestJSON.test_trust_impersonate tempest.api.identity.admin.v3.test_trusts.TrustsV3TestJSON.test_trust_noimpersonate Version-Release number of selected component (if applicable): puddle 2014-07-18.1 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This will be picked up as a part of the rebase of the upstream 2014.1.2 release. That upstream release is currently planned for Aug 7 2014. Our A2 update will be based on this upstream release. I don't think that this is worthy of an earlier one-off update since it's purely an inconsistency in the response codes between keystone-all and httpd deployments. This inconsistency is not a new behavior, and it should only be affecting the tests. I'm targeting OSP 5.0 A2.
We rebased to the upstream keystone 2014.1.2.release for 5.0.z A1. Setting to MODIFIED since this rebase has been completed.
The problem is that all HEAD calls return 404 for me... For example even the simplest call to list all domains: # curl --head -H "x-auth-token:$TOKEN" http://localhost:35357/v3/domains HTTP/1.1 404 Not Found Vary: X-Auth-Token Content-Type: application/json Content-Length: 93 Date: Wed, 24 Sep 2014 09:46:25 GMT When doing a regular GET on the same url there is no problem.
(In reply to Udi from comment #5) > The problem is that all HEAD calls return 404 for me... For example even the > simplest call to list all domains: You can't simply issue a HEAD request for any resource, as not all resources support a HEAD request. You need to test against a resource that supports HEAD according to the Identity API spec (http://docs.openstack.org/api/openstack-identity-service/3/content/core-api.html). An example of an API call that supports head is the request to check/validate tokens described here: http://docs.openstack.org/api/openstack-identity-service/3/content/check-token-head-authtokens.html You can use curl like this to make the correct HEAD request: curl -v -H "X-Auth-Token: <admin token>" -H "X-Subject-Token: <token to validate>" \ -H "Content-Type: application/json" \ --head http://localhost:5000/v3/auth/tokens/ Note that this will return a 404 is the token in "X-Subject-Token" is not found, so you will want to validate a valid token id (not the admin service token) if you want to get a 20x response. Prior to the fix, you will see a difference in the response codes for this call between GET and HEAD. With the fix, the response code should be the same for both GET and HEAD requests.
Failed QE: I reproduced the error again on openstack-keystone-2014.1.2.1-2.el7ost.noarch, where it's supposed to be fixed already. I also reproduced it on RDO Icehouse. It caused these 3 tests to fail in Tempest [1]: tempest.api.identity.admin.v3.test_trusts.TrustsV3TestJSON.test_trust_expire[gate,smoke] tempest.api.identity.admin.v3.test_trusts.TrustsV3TestJSON.test_trust_impersonate[gate,smoke] tempest.api.identity.admin.v3.test_trusts.TrustsV3TestJSON.test_trust_noimpersonate[gate,smoke] The failure was always something like this: Traceback (most recent call last): File "/root/tempest/tempest/api/identity/admin/v3/test_trusts.py", line 221, in test_trust_noimpersonate self.check_trust_roles() File "/root/tempest/tempest/api/identity/admin/v3/test_trusts.py", line 169, in check_trust_roles self.assertEqual('204', resp['status']) File "/usr/lib/python2.7/site-packages/testtools/testcase.py", line 321, in assertEqual self.assertThat(observed, matcher, message) File "/usr/lib/python2.7/site-packages/testtools/testcase.py", line 406, in assertThat raise mismatch_error MismatchError: '204' != '200' [1] I tried it on a 6 month old version of Tempest from the icehouse branch of https://github.com/redhat-openstack/tempest
I tried it now on the latest Tempest and there it's not failing anymore. Is this enough to consider it verified?
(In reply to Martina Kollarova from comment #8) > I tried it now on the latest Tempest and there it's not failing anymore. Is > this enough to consider it verified? Yes, there were associated changes made to the Tempest tests. Details are here: https://bugs.launchpad.net/keystone/+bug/1334368 https://git.openstack.org/cgit/openstack/tempest/commit/?id=59a9d7a8d4f9620cdcf783b9ef94a99acbe20873 https://git.openstack.org/cgit/openstack/tempest/commit/?id=883311d64fd749315ee3639bff6c730e86026ac5 If the latest tempest is passing, then it should be enough to consider this VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1347.html