neutron

[Secure RBAC] List flavors don't work for regular user with new RBAC policies

Bug #2004017 reported by Slawek Kaplonski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Slawek Kaplonski

Bug Description

Failed test: neutron_tempest_plugin.api.admin.test_routers_flavors.RoutersFlavorTestCase.test_create_router_with_flavor

Error
ft1.2: neutron_tempest_plugin.api.admin.test_routers_flavors.RoutersFlavorTestCase.test_create_router_with_flavor[id-a4d01977-e968-4983-b4d9-824ea6c33f4b]testtools.testresult.real._StringException: pythonlogging:'': {{{
2023-01-23 12:07:19,599 104079 INFO [tempest.lib.common.rest_client] Request (RoutersFlavorTestCase:test_create_router_with_flavor): 201 POST https://158.69.71.247/identity/v3/auth/tokens 0.065s
2023-01-23 12:07:19,599 104079 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json'}
        Body: <omitted>
    Response - Headers: {'date': 'Mon, 23 Jan 2023 12:07:19 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'content-type': 'application/json', 'content-length': '2255', 'x-subject-token': '<omitted>', 'vary': 'X-Auth-Token', 'x-openstack-request-id': 'req-0eeb7db6-4774-465f-ba3a-874fbd743a3e', 'connection': 'close', 'status': '201', 'content-location': 'https://158.69.71.247/identity/v3/auth/tokens'}
        Body: b'{"token": {"methods": ["password"], "user": {"domain": {"id": "default", "name": "Default"}, "id": "8c1fcf2bbbd64d668ed2856db45d6d31", "name": "tempest-RoutersFlavorTestCase-689327987-project", "password_expires_at": null}, "audit_ids": ["jSWeT8y0Scicf7il1agbFw"], "expires_at": "2023-01-23T13:07:19.000000Z", "issued_at": "2023-01-23T12:07:19.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "5a57de7fecff47aab69c1d53f9cb92b3", "name": "tempest-RoutersFlavorTestCase-689327987"}, "is_domain": false, "roles": [{"id": "642b106b8cbc4e78b33dd54d1f0a0df2", "name": "member"}, {"id": "69023bc6d21f4f7d9d39cdcf5c2d2bc5", "name": "reader"}], "catalog": [{"endpoints": [{"id": "0c1655e417b4471b90d5fcad99caf326", "interface": "public", "region_id": "RegionOne", "url": "https://158.69.71.247/image", "region": "RegionOne"}], "id": "0a890c4897824afe9d4351bbea5793df", "type": "image", "name": "glance"}, {"endpoints": [{"id": "eaaf2e3cd98f4f11912cdb5e75698d39", "interface": "public", "region_id": "RegionOne", "url": "https://158.69.71.247/compute/v2/5a57de7fecff47aab69c1d53f9cb92b3", "region": "RegionOne"}], "id": "0fdfe88e33ac4902ac868728ea5643d0", "type": "compute_legacy", "name": "nova_legacy"}, {"endpoints": [{"id": "2950f51104924d5eaf28356c0e0e5cc3", "interface": "public", "region_id": "RegionOne", "url": "https://158.69.71.247/placement", "region": "RegionOne"}], "id": "1c8f0c6c6b654597a8b862cc15bb562b", "type": "placement", "name": "placement"}, {"endpoints": [{"id": "5a86319c71bc4d08938cc6a0ffbfb377", "interface": "public", "region_id": "RegionOne", "url": "https://158.69.71.247/compute/v2.1", "region": "RegionOne"}], "id": "412cc91cc1754d9ca42b3d1c5e2cce35", "type": "compute", "name": "nova"}, {"endpoints": [{"id": "fb64f338736f4c719fac20abc17d4914", "interface": "public", "region_id": "RegionOne", "url": "https://158.69.71.247/identity", "region": "RegionOne"}], "id": "9cbf08cf063847059c17f7fcc75fb3c1", "type": "identity", "name": "keystone"}, {"endpoints": [{"id": "1877b7ea39b2497492d33168d157c80a", "interface": "public", "region_id": "RegionOne", "url": "https://158.69.71.247:9696/networking", "region": "RegionOne"}], "id": "a6c56c12e2c94eeb9360936386a2ca42", "type": "network", "name": "neutron"}]}}'
2023-01-23 12:07:19,688 104079 INFO [tempest.lib.common.rest_client] Request (RoutersFlavorTestCase:test_create_router_with_flavor): 200 GET https://158.69.71.247:9696/networking/v2.0/flavors?id=40886213-caf6-44e3-92fd-9fa797591a5d 0.088s
2023-01-23 12:07:19,689 104079 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: None
    Response - Headers: {'date': 'Mon, 23 Jan 2023 12:07:19 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'content-type': 'application/json', 'content-length': '15', 'x-openstack-request-id': 'req-f594688c-2457-4c29-99da-14ba4fda25f1', 'connection': 'close', 'status': '200', 'content-location': 'https://158.69.71.247:9696/networking/v2.0/flavors?id=40886213-caf6-44e3-92fd-9fa797591a5d'}
        Body: b'{"flavors": []}'
}}}

Traceback (most recent call last):
  File "/opt/stack/tempest/.tox/tempest/lib/python3.8/site-packages/neutron_tempest_plugin/api/admin/test_routers_flavors.py", line 82, in test_create_router_with_flavor
    flavor = flavors['flavors'][0]
IndexError: list index out of range

Slawek Kaplonski (slaweq)
Changed in neutron:
assignee: nobody → Slawek Kaplonski (slaweq)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/872400

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/872400
Committed: https://opendev.org/openstack/neutron/commit/1c27d8b5b41f7bc63d2f3fa61f94be7e98e2101d
Submitter: "Zuul (22348)"
Branch: master

commit 1c27d8b5b41f7bc63d2f3fa61f94be7e98e2101d
Author: Slawek Kaplonski <email address hidden>
Date: Wed Feb 1 12:22:50 2023 +0100

    [Secure RBAC] Fix policy to get flavors

    Flavors are resources which don't have owner and should be able to
    be listed/showed by any user with READER role. This patch fixes policy
    for "get_flavor" action to match this requirement.

    Additionall it removes "project_id" field from the target object in
    the flavor policy unit tests.

    Closes-Bug: #2004017
    Change-Id: I254e88f7c32343034f4799b63b1088c3f966d7a6

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/875606

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/875606
Committed: https://opendev.org/openstack/neutron/commit/899c966945389ca3cd9d87fa9058d8c974c443a8
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 899c966945389ca3cd9d87fa9058d8c974c443a8
Author: Slawek Kaplonski <email address hidden>
Date: Wed Feb 1 12:22:50 2023 +0100

    [Secure RBAC] Fix policy to get flavors

    Flavors are resources which don't have owner and should be able to
    be listed/showed by any user with READER role. This patch fixes policy
    for "get_flavor" action to match this requirement.

    Additionall it removes "project_id" field from the target object in
    the flavor policy unit tests.

    Closes-Bug: #2004017
    Change-Id: I254e88f7c32343034f4799b63b1088c3f966d7a6
    (cherry picked from commit 1c27d8b5b41f7bc63d2f3fa61f94be7e98e2101d)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 22.0.0.0rc1

This issue was fixed in the openstack/neutron 22.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 21.1.0

This issue was fixed in the openstack/neutron 21.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.