OpenStack Dashboard Charm

Bug #1951644
Comment #0

Comment 0 for bug 1951644

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-11-19: test_003_test_override_is_observed policy failure

This can be seen here in Patchset 3 for bionic-train-gr:
https://review.opendev.org/c/openstack/charm-openstack-dashboard/+/811942

2021-11-19 19:39:53 [INFO] test_003_test_override_is_observed (zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests)
2021-11-19 19:39:53 [INFO] Test that the override is observed by the underlying service.
2021-11-19 19:39:53 [INFO] ...
2021-11-19 19:40:01 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:03 [INFO] Doing policyd override for openstack-dashboard
2021-11-19 19:40:06 [INFO] First verify that operation works prior to override
2021-11-19 19:40:06 [INFO] Dashboard is at 10.5.3.62
2021-11-19 19:40:08 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:09 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:40:11 [INFO] admin password is iePaizie3Phee5Bi
2021-11-19 19:40:11 [INFO] Horizon URL is: https://10.5.55.1/horizon
2021-11-19 19:40:31 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:32 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:40:34 [INFO] {'identity': [{'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': '5d514259e1424ff39d3c48a32dc33073'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:35357/v3', 'region': 'Re
gionOne', 'interface': 'admin', 'id': '7594578b3104470db895fc3d2750d8be'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': 'b4b4e442ed5f45d58bf7c96066109a37'}]}
2021-11-19 19:40:43 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:56 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:57 [INFO] POST data: "{'domain': 'admin_domain', 'username': 'admin', 'password': 'iePaizie3Phee5Bi', 'csrfmiddlewaretoken': '4I4w0goM3TkukyySozSvKWnaUb0YhCHYF9CusqfSazUM0FVKeHx7H3iWdWXOXctJ', 'next': '/horizon/identity/', 'region': 'https://10.5.0.210:50
00/v3'}"
2021-11-19 19:41:12 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:41:13 [INFO] Logged into okay
2021-11-19 19:41:13 [INFO] URL is http://10.5.3.62/horizon/identity/domains
2021-11-19 19:41:18 [INFO] Doing policyd override with: {'identity/rule.yaml': "identity:get_domain: '!'\nidentity:list_domains: '!'\nidentity:list_domains_for_user: '!'\nidentity:update_domain: '!'\n"}
2021-11-19 19:41:19 [INFO] Setting config to {'use-policyd-override': 'True'}
2021-11-19 19:41:19 [INFO] Waiting for at least one unit with agent status "executing"
2021-11-19 19:42:07 [INFO] Now verify that operation doesn't work with override
2021-11-19 19:42:07 [INFO] Dashboard is at 10.5.3.62
2021-11-19 19:42:09 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:10 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:42:12 [INFO] admin password is iePaizie3Phee5Bi
2021-11-19 19:42:12 [INFO] Horizon URL is: https://10.5.55.1/horizon
2021-11-19 19:42:32 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:34 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:42:36 [INFO] {'identity': [{'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': '5d514259e1424ff39d3c48a32dc33073'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:35357/v3', 'region': 'Re
gionOne', 'interface': 'admin', 'id': '7594578b3104470db895fc3d2750d8be'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': 'b4b4e442ed5f45d58bf7c96066109a37'}]}
2021-11-19 19:42:45 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:57 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:59 [INFO] POST data: "{'domain': 'admin_domain', 'username': 'admin', 'password': 'iePaizie3Phee5Bi', 'csrfmiddlewaretoken': 'zwAop90haEzd69EipwNjpVne63h0w9QRHdrxXOwa9ENiAtXctOlXAo565ge2n4IU', 'next': '/horizon/identity/', 'region': 'https://10.5.0.210:50
00/v3'}"
2021-11-19 19:43:13 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:43:14 [INFO] Logged into okay
2021-11-19 19:43:14 [INFO] URL is http://10.5.3.62/horizon/identity/domains
2021-11-19 19:43:21 [INFO] Service action passed and should have failed.
2021-11-19 19:43:21 [INFO] ERROR
2021-11-19 19:43:21 [INFO] ======================================================================
2021-11-19 19:43:21 [INFO] ERROR: test_003_test_override_is_observed (zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests)
2021-11-19 19:43:21 [INFO] Test that the override is observed by the underlying service.
2021-11-19 19:43:21 [INFO] ----------------------------------------------------------------------
2021-11-19 19:43:21 [INFO] Traceback (most recent call last):
2021-11-19 19:43:21 [INFO] File "/home/ubuntu/charms/focal/openstack-dashboard/.tox/func-target/lib/python3.8/site-packages/zaza/openstack/charm_tests/policyd/tests.py", line 448, in test_003_test_override_is_observed
2021-11-19 19:43:21 [INFO] raise zaza_exceptions.PolicydError(
2021-11-19 19:43:21 [INFO] zaza.openstack.utilities.exceptions.PolicydError: Service action passed and should have failed.
2021-11-19 19:43:21 [INFO] ----------------------------------------------------------------------
2021-11-19 19:43:21 [INFO] Ran 3 tests in 372.219s 2021-11-19 19:43:21 [INFO] FAILED
2021-11-19 19:43:21 [INFO] (errors=1)

I don't know if the rule.yaml is being rendered correctly as seen below:

ubuntu@juju-be7b83-zaza-b74897d248b9-3:~$ sudo cat /etc/openstack-dashboard/policy.d/keystone_policy.d/rule.yaml
{'identity:get_domain': '!', 'identity:list_domains': '!', 'identity:list_domains_for_user': '!',
'identity:update_domain': '!'}

Should this instead be formatted like this?

ubuntu@juju-be7b83-zaza-b74897d248b9-3:~$ sudo cat /etc/openstack-dashboard/policy.d/keystone_policy.d/rule.yaml
'identity:get_domain': '!'
'identity:list_domains': '!'
'identity:list_domains_for_user': '!'
'identity:update_domain': '!'

This can be seen here in Patchset 3 for bionic-train-gr:
https://review.opendev.org/c/openstack/charm-openstack-dashboard/+/811942

2021-11-19 19:39:53 [INFO] test_003_test_override_is_observed (zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests)
2021-11-19 19:39:53 [INFO] Test that the override is observed by the underlying service.
2021-11-19 19:39:53 [INFO]  ...
2021-11-19 19:40:01 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:03 [INFO] Doing policyd override for openstack-dashboard
2021-11-19 19:40:06 [INFO] First verify that operation works prior to override
2021-11-19 19:40:06 [INFO] Dashboard is at 10.5.3.62
2021-11-19 19:40:08 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:09 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:40:11 [INFO] admin password is iePaizie3Phee5Bi
2021-11-19 19:40:11 [INFO] Horizon URL is: https://10.5.55.1/horizon
2021-11-19 19:40:31 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:32 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:40:34 [INFO] {'identity': [{'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': '5d514259e1424ff39d3c48a32dc33073'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:35357/v3', 'region': 'Re
gionOne', 'interface': 'admin', 'id': '7594578b3104470db895fc3d2750d8be'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': 'b4b4e442ed5f45d58bf7c96066109a37'}]}
2021-11-19 19:40:43 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:56 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:40:57 [INFO] POST data: "{'domain': 'admin_domain', 'username': 'admin', 'password': 'iePaizie3Phee5Bi', 'csrfmiddlewaretoken': '4I4w0goM3TkukyySozSvKWnaUb0YhCHYF9CusqfSazUM0FVKeHx7H3iWdWXOXctJ', 'next': '/horizon/identity/', 'region': 'https://10.5.0.210:50
00/v3'}"
2021-11-19 19:41:12 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:41:13 [INFO] Logged into okay
2021-11-19 19:41:13 [INFO] URL is http://10.5.3.62/horizon/identity/domains
2021-11-19 19:41:18 [INFO] Doing policyd override with: {'identity/rule.yaml': "identity:get_domain: '!'\nidentity:list_domains: '!'\nidentity:list_domains_for_user: '!'\nidentity:update_domain: '!'\n"}
2021-11-19 19:41:19 [INFO] Setting config to {'use-policyd-override': 'True'}
2021-11-19 19:41:19 [INFO] Waiting for at least one unit with agent status "executing"
2021-11-19 19:42:07 [INFO] Now verify that operation doesn't work with override
2021-11-19 19:42:07 [INFO] Dashboard is at 10.5.3.62
2021-11-19 19:42:09 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:10 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:42:12 [INFO] admin password is iePaizie3Phee5Bi
2021-11-19 19:42:12 [INFO] Horizon URL is: https://10.5.55.1/horizon
2021-11-19 19:42:32 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:34 [INFO] Using keystone API V3 (or later) for overcloud auth
2021-11-19 19:42:36 [INFO] {'identity': [{'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': '5d514259e1424ff39d3c48a32dc33073'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:35357/v3', 'region': 'Re
gionOne', 'interface': 'admin', 'id': '7594578b3104470db895fc3d2750d8be'}, {'region_id': 'RegionOne', 'url': 'https://10.5.0.210:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': 'b4b4e442ed5f45d58bf7c96066109a37'}]}
2021-11-19 19:42:45 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:57 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:42:59 [INFO] POST data: "{'domain': 'admin_domain', 'username': 'admin', 'password': 'iePaizie3Phee5Bi', 'csrfmiddlewaretoken': 'zwAop90haEzd69EipwNjpVne63h0w9QRHdrxXOwa9ENiAtXctOlXAo565ge2n4IU', 'next': '/horizon/identity/', 'region': 'https://10.5.0.210:50
00/v3'}"
2021-11-19 19:43:13 [INFO] looking at application: {'name': 'keystone', 'type': {'pkg': 'keystone', 'origin_setting': 'openstack-origin'}}
2021-11-19 19:43:14 [INFO] Logged into okay
2021-11-19 19:43:14 [INFO] URL is http://10.5.3.62/horizon/identity/domains
2021-11-19 19:43:21 [INFO] Service action passed and should have failed.
2021-11-19 19:43:21 [INFO] ERROR
2021-11-19 19:43:21 [INFO] ======================================================================
2021-11-19 19:43:21 [INFO] ERROR: test_003_test_override_is_observed (zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests)
2021-11-19 19:43:21 [INFO] Test that the override is observed by the underlying service.
2021-11-19 19:43:21 [INFO] ----------------------------------------------------------------------
2021-11-19 19:43:21 [INFO] Traceback (most recent call last):
2021-11-19 19:43:21 [INFO]   File "/home/ubuntu/charms/focal/openstack-dashboard/.tox/func-target/lib/python3.8/site-packages/zaza/openstack/charm_tests/policyd/tests.py", line 448, in test_003_test_override_is_observed
2021-11-19 19:43:21 [INFO]     raise zaza_exceptions.PolicydError(
2021-11-19 19:43:21 [INFO] zaza.openstack.utilities.exceptions.PolicydError: Service action passed and should have failed.
2021-11-19 19:43:21 [INFO] ----------------------------------------------------------------------
2021-11-19 19:43:21 [INFO] Ran 3 tests in 372.219s                                                                                                                                                                                                                              2021-11-19 19:43:21 [INFO] FAILED
2021-11-19 19:43:21 [INFO]  (errors=1)

I don't know if the rule.yaml is being rendered correctly as seen below:

ubuntu@coreycb-bastion:~/charms/focal/openstack-dashboard$ juju run --application openstack-dashboard cat /etc/openstack-dashboard/policy.d/keystone_policy.d/rule.yaml                                            
- Stdout: |
    {'identity:get_domain': '!', 'identity:list_domains': '!', 'identity:list_domains_for_usern': '!',
      'identity:update_domain': '!'}
  UnitId: openstack-dashboard/0
- Stdout: |
    {'identity:get_domain': '!', 'identity:list_domains': '!', 'identity:list_domains_for_user': '!',
      'identity:update_domain': '!'}
  UnitId: openstack-dashboard/1
- Stdout: |
    {'identity:get_domain': '!', 'identity:list_domains': '!', 'identity:list_domains_for_user': '!',
      'identity:update_domain': '!'}
  UnitId: openstack-dashboard/2
  
  
ubuntu@juju-be7b83-zaza-b74897d248b9-3:~$ sudo cat /etc/openstack-dashboard/policy.d/keystone_policy.d/rule.yaml
{'identity:get_domain': '!', 'identity:list_domains': '!', 'identity:list_domains_for_user': '!',
  'identity:update_domain': '!'}
  
Should this instead be formatted like this?

ubuntu@juju-be7b83-zaza-b74897d248b9-3:~$ sudo cat /etc/openstack-dashboard/policy.d/keystone_policy.d/rule.yaml  
'identity:get_domain': '!'
'identity:list_domains': '!'
'identity:list_domains_for_user': '!'
'identity:update_domain': '!'