Bug 2167374
| Summary: | Secure RBAC Octavia tempest tests fail | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Omer Schwartz <oschwart> |
| Component: | python-octavia-tests-tempest | Assignee: | Gregory Thiemonge <gthiemon> |
| Status: | CLOSED ERRATA | QA Contact: | Omer Schwartz <oschwart> |
| Severity: | high | Docs Contact: | Greg Rakauskas <gregraka> |
| Priority: | high | ||
| Version: | 17.1 (Wallaby) | CC: | gthiemon, tweining |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | 17.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | python-octavia-tests-tempest-1.9.0-1.20230328101001.a3a95b1.el9ost | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-16 01:13:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2124617 | ||
D/s unified job ran these tempest tests and the Octavia tempest tests passed. I am moving this BZ status to verified https://rhos-ci-jenkins.lab.eng.tlv2.redhat.com/view/Unified/job/DFG-all-unified-17.1_d-rhel-vhost-3cont_2comp-ipv4-vxlan-lvm-srbac/7/testReport/ Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:4577 |
Description of problem: The following secure RBAC Octavia tempest tests fail: tests.api.v2.test_flavor_profile.FlavorProfileAPITest.test_flavor_profile_create tests.api.v2.test_flavor_profile.FlavorProfileAPITest.test_flavor_profile_delete tests.api.v2.test_flavor_profile.FlavorProfileAPITest.test_flavor_profile_list tests.api.v2.test_flavor_profile.FlavorProfileAPITest.test_flavor_profile_show tests.api.v2.test_flavor_profile.FlavorProfileAPITest.test_flavor_profile_update With the following error message: Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/octavia_tempest_plugin/tests/api/v2/test_flavor_profile.py", line 77, in test_flavor_profile_create self.lb_admin_flavor_profile_client.create_flavor_profile( File "/usr/lib/python3.9/site-packages/octavia_tempest_plugin/common/decorators.py", line 42, in wrapper return f(*func_args, **func_kwargs) File "/usr/lib/python3.9/site-packages/octavia_tempest_plugin/services/load_balancer/v2/flavor_profile_client.py", line 68, in create_flavor_profile return self._create_object(**kwargs) File "/usr/lib/python3.9/site-packages/octavia_tempest_plugin/services/load_balancer/v2/base_client.py", line 101, in _create_object response, body = self.post(request_uri, jsonutils.dumps(obj_dict)) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 299, in post return self.request('POST', url, extra_headers, headers, body, chunked) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 720, in request self._error_checker(resp, resp_body) File "/usr/lib/python3.9/site-packages/tempest/lib/common/rest_client.py", line 821, in _error_checker raise exceptions.Forbidden(resp_body, resp=resp) tempest.lib.exceptions.Forbidden: Forbidden Details: {'faultcode': 'Client', 'faultstring': 'Policy does not allow this request to be performed.', 'debuginfo': None} Captured pythonlogging: ~~~~~~~~~~~~~~~~~~~~~~~ 2023-02-06 12:22:23,014 295874 INFO [tempest.lib.common.rest_client] Request (FlavorProfileAPITest:test_flavor_profile_create): 403 POST http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles 0.180s 2023-02-06 12:22:23,015 295874 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: {"flavorprofile": {"name": "tempest-lb_admin_flavorprofile1-create-993542616", "provider_name": "octavia", "flavor_data": "{\"loadbalancer_topology\": \"SINGLE\"}"}} Response - Headers: {'date': 'Mon, 06 Feb 2023 12:22:22 GMT', 'server': 'Apache', 'content-length': '112', 'x-openstack-request-id': 'req-467bbdfa-1b59-440a-a06d-07529d8d17b8', 'content-type': 'application/json', 'connection': 'close', 'status': '403', 'content-location': 'http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles'} Body: b'{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}' 2023-02-06 12:22:23,110 295874 INFO [tempest.lib.common.rest_client] Request (FlavorProfileAPITest:test_flavor_profile_create): 403 POST http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles 0.094s 2023-02-06 12:22:23,110 295874 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: {"flavorprofile": {"name": "tempest-lb_admin_flavorprofile1-create-993542616", "provider_name": "octavia", "flavor_data": "{\"loadbalancer_topology\": \"SINGLE\"}"}} Response - Headers: {'date': 'Mon, 06 Feb 2023 12:22:23 GMT', 'server': 'Apache', 'content-length': '112', 'x-openstack-request-id': 'req-57ed12b9-bbb4-43f7-a381-688df8ee15c7', 'content-type': 'application/json', 'connection': 'close', 'status': '403', 'content-location': 'http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles'} Body: b'{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}' 2023-02-06 12:22:23,125 295874 INFO [tempest.lib.common.rest_client] Request (FlavorProfileAPITest:test_flavor_profile_create): 403 POST http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles 0.014s 2023-02-06 12:22:23,126 295874 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: {"flavorprofile": {"name": "tempest-lb_admin_flavorprofile1-create-993542616", "provider_name": "octavia", "flavor_data": "{\"loadbalancer_topology\": \"SINGLE\"}"}} Response - Headers: {'date': 'Mon, 06 Feb 2023 12:22:23 GMT', 'server': 'Apache', 'content-length': '112', 'x-openstack-request-id': 'req-f927a305-bee5-4a31-9704-e57bed40e976', 'content-type': 'application/json', 'connection': 'close', 'status': '403', 'content-location': 'http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles'} Body: b'{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}' 2023-02-06 12:22:23,186 295874 INFO [tempest.lib.common.rest_client] Request (FlavorProfileAPITest:test_flavor_profile_create): 403 POST http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles 0.060s 2023-02-06 12:22:23,187 295874 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: {"flavorprofile": {"name": "tempest-lb_admin_flavorprofile1-create-993542616", "provider_name": "octavia", "flavor_data": "{\"loadbalancer_topology\": \"SINGLE\"}"}} Response - Headers: {'date': 'Mon, 06 Feb 2023 12:22:23 GMT', 'server': 'Apache', 'content-length': '112', 'x-openstack-request-id': 'req-2851f3c9-234b-4f18-9299-5196920d75f9', 'content-type': 'application/json', 'connection': 'close', 'status': '403', 'content-location': 'http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles'} Body: b'{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}' 2023-02-06 12:22:23,299 295874 INFO [tempest.lib.common.rest_client] Request (FlavorProfileAPITest:test_flavor_profile_create): 403 POST http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles 0.111s 2023-02-06 12:22:23,299 295874 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: {"flavorprofile": {"name": "tempest-lb_admin_flavorprofile1-create-993542616", "provider_name": "octavia", "flavor_data": "{\"loadbalancer_topology\": \"SINGLE\"}"}} Response - Headers: {'date': 'Mon, 06 Feb 2023 12:22:23 GMT', 'server': 'Apache', 'content-length': '112', 'x-openstack-request-id': 'req-7e50debd-00eb-4403-b5ed-84e58b2e3f58', 'content-type': 'application/json', 'connection': 'close', 'status': '403', 'content-location': 'http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles'} Body: b'{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}' 2023-02-06 12:22:23,372 295874 INFO [tempest.lib.common.rest_client] Request (FlavorProfileAPITest:test_flavor_profile_create): 403 POST http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles 0.072s 2023-02-06 12:22:23,373 295874 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: {"flavorprofile": {"name": "tempest-lb_admin_flavorprofile1-create-993542616", "provider_name": "octavia", "flavor_data": "{\"loadbalancer_topology\": \"SINGLE\"}"}} Response - Headers: {'date': 'Mon, 06 Feb 2023 12:22:23 GMT', 'server': 'Apache', 'content-length': '112', 'x-openstack-request-id': 'req-2a03d5dd-7be4-4620-b9b5-d11cab1ebfcc', 'content-type': 'application/json', 'connection': 'close', 'status': '403', 'content-location': 'http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles'} Body: b'{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}' 2023-02-06 12:22:23,483 295874 INFO [tempest.lib.common.rest_client] Request (FlavorProfileAPITest:test_flavor_profile_create): 403 POST http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles 0.109s 2023-02-06 12:22:23,483 295874 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'} Body: {"flavorprofile": {"name": "tempest-lb_admin_flavorprofile1-create-993542616", "provider_name": "octavia", "flavor_data": "{\"loadbalancer_topology\": \"SINGLE\"}"}} Response - Headers: {'date': 'Mon, 06 Feb 2023 12:22:23 GMT', 'server': 'Apache', 'content-length': '112', 'x-openstack-request-id': 'req-1a43dbf1-394e-4004-a462-09670a48a3fa', 'content-type': 'application/json', 'connection': 'close', 'status': '403', 'content-location': 'http://10.0.0.140:9876/v2.0/lbaas/flavorprofiles'} Body: b'{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}' After applying the following config options on tempest.conf: [load_balancer] enable_security_groups = True enforce_new_defaults = True #admin_role = admin RBAC_test_type = keystone_default_roles #member_role = member region = regionOne enabled_provider_drivers = amphora:The Octavia Amphora driver.,octavia:Deprecated alias of the Octavia Amphora driver.,ovn:Octavia OVN driver. There are more Octavia tempest tests that fail, but I am assuming that after we fix the tests I mentioned above, the other tests will be fixed too. Version-Release number of selected component (if applicable): RHOS-17.1-RHEL-9-20230131.n.2 How reproducible: 100% Steps to Reproduce: 1. Run the tests mentioned above, either on jenkins, or locally Actual results: The tempest tests fail Expected results: The tempest tests should pass