When running tempest on a focal-yoga cloud with the following patches for the keystone and octavia charms:
https://review.opendev.org/c/openstack/charm-keystone/+/848145
https://review.opendev.org/c/openstack/charm-octavia/+/848297
https://review.opendev.org/c/openstack/charm-octavia/+/848298
Those patches address issues with the policy and ovn driver needed to get to the point where tempest tries to create a load balancer, this loadbalancer tries to be created using a user that has the load-balancer_member role which according to the documentation should be to perform write operations when it's also a member of said project.
load-balancer:write
load-balancer_admin
load-balancer_member and <project member>
role:admin
Although the policy check fails, this is the log line:
[Thu Jun 30 02:06:03.018460 2022] [wsgi:error] [pid 155021:tid 140012009371392] [remote 127.0.0.1:57466] 2022-06-30 02:06:03.017 155021 DEBUG octavia.common.policy [req-b78268bf-7927-4f78-9403-56932caca248 - 474c2ed5049e40178e484aa0e102552e - f1d24e18654c45709a362de0c3b782c2 f1d24e18654c45709a362de0c3b782c2] Policy check for os_load-balancer_api:loadbalancer:post failed with credentials {'is_admin': False, 'user_id': None, 'user_domain_id': 'f1d24e18654c45709a362de0c3b782c2', 'system_scope': None, 'domain_id': None, 'project_id': '474c2ed5049e40178e484aa0e102552e', 'project_domain_id': 'f1d24e18654c45709a362de0c3b782c2', 'roles': ['load-balancer_member'], 'is_admin_project': False, 'service_user_id': None, 'service_user_domain_id': None, 'service_project_id': None, 'service_project_domain_id': None, 'service_roles': []} authorize /usr/lib/python3/dist-packages/octavia/common/policy.py:126\x1b[00m
[Thu Jun 30 02:06:03.019869 2022] [wsgi:error] [pid 155021:tid 140012009371392] [remote 127.0.0.1:57466] 2022-06-30 02:06:03.019 155021 DEBUG wsme.api [req-b78268bf-7927-4f78-9403-56932caca248 - 474c2ed5049e40178e484aa0e102552e - f1d24e18654c45709a362de0c3b782c2 f1d24e18654c45709a362de0c3b782c2] Client-side error: Policy does not allow this request to be performed. format_exception /usr/lib/python3/dist-packages/wsme/api.py:222\x1b[00m
Command to run this specific test:
tempest run --workspace zaza-bc1ca0e8242a --config /home/ubuntu/.tempest/zaza-bc1ca0e8242a/etc/tempest.conf --serial --regex octavia_tempest_plugin.tests.scenario.v2.test_traffic_ops.TrafficOperationsScenarioTest
setUpClass (octavia_tempest_plugin.tests.scenario.v2.test_traffic_ops.TrafficOperationsScenarioTest)
----------------------------------------------------------------------------------------------------
Captured traceback:
~~~~~~~~~~~~~~~~~~~
Traceback (most recent call last):
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/tempest/test.py", line 168, in setUpClass
raise value.with_traceback(trace)
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/tempest/test.py", line 161, in setUpClass
cls.resource_setup()
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/octavia_tempest_plugin/tests/scenario/v2/test_traffic_ops.py", line 64, in resource_se
tup
lb = cls.mem_lb_client.create_loadbalancer(**lb_kwargs)
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/octavia_tempest_plugin/common/decorators.py", line 42, in wrapper
return f(*func_args, **func_kwargs)
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/octavia_tempest_plugin/services/load_balancer/v2/loadbalancer_client.py", line 95, in
create_loadbalancer
return self._create_object(**kwargs)
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/octavia_tempest_plugin/services/load_balancer/v2/base_client.py", line 101, in _create
_object
response, body = self.post(request_uri, jsonutils.dumps(obj_dict))
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/tempest/lib/common/rest_client.py", line 299, in post return self.request('POST', url, extra_headers, headers, body, chunked)
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/tempest/lib/common/rest_client.py", line 703, in request
self._error_checker(resp, resp_body)
File "/home/ubuntu/git/charmed-openstack-tester/.tox/func-target/lib/python3.8/site-packages/tempest/lib/common/rest_client.py", line 804, in _error_checker
raise exceptions.Forbidden(resp_body, resp=resp)
tempest.lib.exceptions.Forbidden: Forbidden
Details: {'faultcode': 'Client', 'faultstring': 'Policy does not allow this request to be performed.', 'debuginfo': None}
I am having same issue on ubuntu 22.04 lts. openstack yoga. fresh install
i have installed octavia and trying the command
openstack loadbalancer create --name lb1 --vip-subnet-id 49847c07- 032d-48b4- a032-842ec5da59 3b --debug
I tried to create system token and use curl directly
openstack --os-username=admin --os-user- domain- name=default --os-system-scope all token issue
then curl with
curl -g -i -X POST http:// 192.168. 122.124: 9876/v2. 0/lbaas/ loadbalancers -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: openstacksdk/0.61.0 keystoneauth1/4.4.0 python- requests/ 2.25.1 CPython/3.10.6" -H "X-Auth-Token: gAAAAABjm11emuG cqFOuPd6SLoXnkD Th7ZRxpTH- b7TL3Ndh6ywwsf6 6WtNHams8ixxurU jPRV85ulbvHo20U 6OZfUwC7WIN- Hs-rz8H6i7Fq_ Q6eJn8X5fKJ9kOR tKIKI6LS7Bi1ph2 sEOlAJxl5mZ0Pil xBUbhS8sq5v14Wv vkW3h1ktOeqUI" -d '{"loadbalancer": {"name": "lb1", "vip_subnet_id": "49847c07- 032d-48b4- a032-842ec5da59 3b", "admin_state_up": true}}' request- id: req-84618a33- 172c-488e- a5e1-d51b501b0b ce
HTTP/1.0 403 Forbidden
Date: Thu, 15 Dec 2022 18:04:41 GMT
Server: WSGIServer/0.2 CPython/3.10.6
Content-Length: 112
Content-Type: application/json
x-openstack-
{"faultcode": "Client", "faultstring": "Policy does not allow this request to be performed.", "debuginfo": null}