| 2024-05-08 10:09:50 |
Natalia Litvinova |
description |
Hi team,
While running Tempest and checking OIDC integration, I'm running to the following problem with Openstack API:
'code': 401, 'message': 'The request you have made requires authentication.', 'title': 'Unauthorized'
Tempest tests that fail with this problem are:
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_authorize_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_access_tokens
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_roles_for_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_revoke_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_show_role_for_access_token
When checking the keystone debug logs, I found:
(py.warnings): 2024-04-25 11:14:20,011 WARNING /usr/lib/python3/dist-packages/oslo_policy/policy.py:1119: UserWarning: Policy "identity:get_consumer": "role:reader and system_scope:all" failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
Running the commands with openstack cli is successfull:
openstack token issue
openstack token revoke
Vesrions:
Openstack Yoga
Juju 3.4.2
Keystone charm yoga/stable rev 686 |
Hi team,
While running Tempest and checking OIDC integration, I'm running to the following problem with Openstack API:
'code': 401, 'message': 'The request you have made requires authentication.', 'title': 'Unauthorized'
Here is a traceback from tempest:
Traceback (most recent call last):
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 154, in test_create_access_token
access_token = self._create_access_token(consumer)
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 60, in _create_access_token
request_token = self._create_request_token(consumer)
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 41, in _create_request_token
request_token = self.oauth_token_client.create_request_token(
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/services/identity/v3/oauth_token_client.py", line 130, in create_request_token
resp, body = self.post(endpoint,
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 300, in post
return self.request('POST', url, extra_headers, headers, body, chunked)
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 742, in request
self._error_checker(resp, resp_body)
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 842, in _error_checker
raise exceptions.Unauthorized(resp_body, resp=resp)
tempest.lib.exceptions.Unauthorized: Unauthorized
Details: {'code': 401, 'message': 'The request you have made requires authentication.', 'title': 'Unauthorized'}
Tempest tests that fail with this problem are:
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_authorize_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_access_tokens
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_roles_for_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_revoke_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_show_role_for_access_token
When checking the keystone debug logs, I found:
(py.warnings): 2024-04-25 11:14:20,011 WARNING /usr/lib/python3/dist-packages/oslo_policy/policy.py:1119: UserWarning: Policy "identity:get_consumer": "role:reader and system_scope:all" failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
Running the commands with openstack cli is successfull:
openstack token issue
openstack token revoke
Vesrions:
Openstack Yoga
Juju 3.4.2
Keystone charm yoga/stable rev 686 |
|
| 2024-05-08 11:53:32 |
Natalia Litvinova |
description |
Hi team,
While running Tempest and checking OIDC integration, I'm running to the following problem with Openstack API:
'code': 401, 'message': 'The request you have made requires authentication.', 'title': 'Unauthorized'
Here is a traceback from tempest:
Traceback (most recent call last):
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 154, in test_create_access_token
access_token = self._create_access_token(consumer)
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 60, in _create_access_token
request_token = self._create_request_token(consumer)
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 41, in _create_request_token
request_token = self.oauth_token_client.create_request_token(
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/services/identity/v3/oauth_token_client.py", line 130, in create_request_token
resp, body = self.post(endpoint,
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 300, in post
return self.request('POST', url, extra_headers, headers, body, chunked)
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 742, in request
self._error_checker(resp, resp_body)
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 842, in _error_checker
raise exceptions.Unauthorized(resp_body, resp=resp)
tempest.lib.exceptions.Unauthorized: Unauthorized
Details: {'code': 401, 'message': 'The request you have made requires authentication.', 'title': 'Unauthorized'}
Tempest tests that fail with this problem are:
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_authorize_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_access_tokens
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_roles_for_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_revoke_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_show_role_for_access_token
When checking the keystone debug logs, I found:
(py.warnings): 2024-04-25 11:14:20,011 WARNING /usr/lib/python3/dist-packages/oslo_policy/policy.py:1119: UserWarning: Policy "identity:get_consumer": "role:reader and system_scope:all" failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
Running the commands with openstack cli is successfull:
openstack token issue
openstack token revoke
Vesrions:
Openstack Yoga
Juju 3.4.2
Keystone charm yoga/stable rev 686 |
Hi team,
While running Tempest, I'm running to the following problem with Openstack API when using service-port config set to 443:
'code': 401, 'message': 'The request you have made requires authentication.', 'title': 'Unauthorized'
Here is a traceback:
Traceback (most recent call last):
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 154, in test_create_access_token
access_token = self._create_access_token(consumer)
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 60, in _create_access_token
request_token = self._create_request_token(consumer)
File "/snap/fcbtest/50/lib/python3.10/site-packages/keystone_tempest_plugin/tests/api/identity/v3/test_oauth1_tokens.py", line 41, in _create_request_token
request_token = self.oauth_token_client.create_request_token(
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/services/identity/v3/oauth_token_client.py", line 130, in create_request_token
resp, body = self.post(endpoint,
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 300, in post
return self.request('POST', url, extra_headers, headers, body, chunked)
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 742, in request
self._error_checker(resp, resp_body)
File "/home/ubuntu/snap/fcbtest/50/.rally/verification/verifier-7d8b303d-87c8-4f78-ac43-a509b47019b1/repo/tempest/lib/common/rest_client.py", line 842, in _error_checker
raise exceptions.Unauthorized(resp_body, resp=resp)
tempest.lib.exceptions.Unauthorized: Unauthorized
Details: {'code': 401, 'message': 'The request you have made requires authentication.', 'title': 'Unauthorized'}
Tempest tests that fail with this problem are:
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_authorize_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_create_request_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_access_tokens
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_list_roles_for_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_revoke_access_token
keystone_tempest_plugin.tests.api.identity.v3.test_oauth1_tokens.OAUTH1TokensTest.test_show_role_for_access_token
When checking the keystone debug logs, I found:
(py.warnings): 2024-04-25 11:14:20,011 WARNING /usr/lib/python3/dist-packages/oslo_policy/policy.py:1119: UserWarning: Policy "identity:get_consumer": "role:reader and system_scope:all" failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
Running the commands with openstack cli is successfull:
openstack token issue
openstack token revoke
Reconfiguring the charm to use the default port 5000 fixes the Tempest problem.
Vesrions:
Openstack Yoga
Juju 3.4.2
Keystone charm yoga/stable rev 686 |
|
