OpenStack Shared File Systems Service (Manila)

[manila-tempest-plugin] Incorrect url request for share group reset state

Bug #2002940 reported by Liron Kuchlani
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Fix Released
Medium
Goutham Pacha Ravi
OpenStack Shared File Systems Service (Manila) antelope-rc1

Bug Description

It should be "/share-groups" for POST action instead of "/groups"

See original description
Tags: rbac security
Revision history for this message
Vida Haririan (vhariria) wrote (last edit ):

Hi Liron, Thank you for reporting the failures. Please create a separate bug for the second issue and provide link to the test script if available.

tags: added: rba
tags: added: rbac
removed: rba
tags: added: share-groups
Goutham Pacha Ravi (gouthamr)
tags: added: security
removed: share-groups
Changed in manila:
assignee: nobody → Goutham Pacha Ravi (gouthamr)
Vida Haririan (vhariria)
Changed in manila:
importance: Undecided → Medium
Revision history for this message
Vida Haririan (vhariria) wrote :

See additional related discussions at https://meetings.opendev.org/meetings/manila/2023/manila.2023-01-26-15.00.log.html

Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote :

Hey Liron,

Vida and I dug into this a bit; we tried the first issue manually on a devstack machine with secure RBAC defaults enabled and we weren't seeing the issue:

````
source ../devstack/openrc alt_demo alt_demo
manila share-group-create --name test_alt
source ../devstack/openrc admin admin
manila share-group-list --all
manila --debug share-group-reset-state fa38c297-fcdd-4b2c-bf71-c002e741456e --status 'error
````

The last command works fine.

Did this issue arise in your RBAC test patch for share groups? (https://review.opendev.org/c/openstack/manila-tempest-plugin/+/867213)

We noticed that the "reset_share_group_state" method [1] that you're invoking [2] is using "/groups" to make a POST -- that must be "/share-groups"

[1] https://opendev.org/openstack/manila-tempest-plugin/src/commit/54e31e8f5b517d2f1b350c091b29aa518f2c8739/manila_tempest_tests/services/share/v2/json/shares_client.py#L1157
[2] https://review.opendev.org/c/openstack/manila-tempest-plugin/+/867213/3/manila_tempest_tests/tests/rbac/test_share_groups.py#226

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila-tempest-plugin (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/manila-tempest-plugin/+/872076

Changed in manila:
status: New → In Progress
Revision history for this message
Liron Kuchlani (lkuchlan) wrote : Re: [S-RBAC] Failed to reset a share group with 404 error

Ok thanks!

This is a sequel to this bug https://bugs.launchpad.net/manila/+bug/1998088
and here's the fix for that https://review.opendev.org/c/openstack/manila-tempest-plugin/+/865811

So the bug is in manila-tempest-plugin
But I noticed that the behavior is not uniform.
When member or reader try to reset a share within another project. The exception is 404
https://github.com/openstack/manila-tempest-plugin/blob/master/manila_tempest_tests/tests/rbac/test_shares.py#L424

However, in share group the exception is 403.

Liron Kuchlani (lkuchlan)
summary: - [S-RBAC] Failed to reset a share group with 404 error
+ [manila-tempest-plugin] Incorrect url request for share group reset
+ state
description: updated
Carlos Eduardo (silvacarlose)
Changed in manila:
milestone: none → antelope-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila-tempest-plugin (master)

Reviewed: https://review.opendev.org/c/openstack/manila-tempest-plugin/+/872076
Committed: https://opendev.org/openstack/manila-tempest-plugin/commit/41d38ba53e62001a4ea40bb7a9d8e564752d8a93
Submitter: "Zuul (22348)"
Branch: master

commit 41d38ba53e62001a4ea40bb7a9d8e564752d8a93
Author: lkuchlan <email address hidden>
Date: Sun Jan 29 12:48:13 2023 +0200

    Fix incorrect url request for share_group_reset_state

    Use "/share-groups" for POST action instead of "/groups"

    Closes-Bug: #2002940
    Change-Id: I0d22cca0607e9bdc4835137cc0bf587061af92bf

Changed in manila:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila-tempest-plugin 1.13.0

This issue was fixed in the openstack/manila-tempest-plugin 1.13.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.