OSA creates reseller_admin role but role should be ResellerAdmin

Bug #1633221 reported by Joshua White
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Undecided
Andy McCrae

Bug Description

OSA creates role reseller_admin. The issue is it seems Swift expects reseller_admin_role to be ResellerAdmin not reseller_admin.

Example Tempest fails when running with reseller_admin_role = reseller_admin: tempest.api.object_storage.test_account_quotas.AccountQuotasTest.test_admin_modify_quota.

{0} tempest.api.object_storage.test_account_quotas.AccountQuotasTest.test_admin_modify_quota [0.896237s] ... FAILED

==============================
Failed 1 tests - output below:
==============================

tempest.api.object_storage.test_account_quotas.AccountQuotasTest.test_admin_modify_quota[id-63f51f9f-5f1d-4fc6-b5be-d454d70949d6,smoke]
---------------------------------------------------------------------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "tempest/api/object_storage/test_account_quotas.py", line 58, in setUp
        body="")
      File "tempest/lib/common/rest_client.py", line 665, in request
        resp, resp_body)
      File "tempest/lib/common/rest_client.py", line 758, in _error_checker
        raise exceptions.Forbidden(resp_body, resp=resp)
    tempest.lib.exceptions.Forbidden: Forbidden
    Details: <html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>

Captured pythonlogging:
~~~~~~~~~~~~~~~~~~~~~~~
    2016-10-13 20:55:36,992 31477 INFO [tempest.lib.common.rest_client] Request (AccountQuotasTest:setUp): 403 POST http://xxx.xxx.x.xxx:8080/v1/AUTH_06c36adfe0b14834b147e6aac077937f 0.894s

Solution I believe:

Instead of creating reseller_admin role on deployment create ResellerAdmin role.

summary: - Tempest conf reseller_admin_role defaults to reseller_admin
+ OSA creates reseller_admin role but role should be ResellerAdmin
description: updated
Praveen N (praveenn)
Changed in openstack-ansible:
assignee: nobody → Praveen N (praveenn)
tags: added: newton-rc-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_swift (master)

Fix proposed to branch: master
Review: https://review.openstack.org/386652

Changed in openstack-ansible:
assignee: Praveen N (praveenn) → Andy McCrae (andrew-mccrae)
status: New → In Progress
Revision history for this message
Andy McCrae (andrew-mccrae) wrote :

Hi Joshua,

We weren't actually creating the role at all (unless you used Ceilometer, in which case it was created as "ResellerAdmin" correctly.)

That's a minor thing, but I agree perhaps we should create the role since we're setting it in the configuration, it is then up to the operator to add the ResellerAdmin role to users as required.

The Review I've posted will set the role up automatically now, but won't add it to any users (unless you are using ceilometer).

I hope that resolves your issues, but you should be able to create the role and assign it to users manually in the meantime!

Revision history for this message
Joshua White (joshua-l-white) wrote :

Hi Andy,

Thanks! Yes that is all that is needed. If the role is created everything should work on good on my end.

Changed in openstack-ansible:
assignee: Andy McCrae (andrew-mccrae) → Joshua White (joshua-l-white)
Changed in openstack-ansible:
assignee: Joshua White (joshua-l-white) → Andy McCrae (andrew-mccrae)
Revision history for this message
Joshua White (joshua-l-white) wrote :

Hi Andy,

I forgot to mention, I would need this change to be reflected from Mitaka as well, to Master.

Revision history for this message
Andy McCrae (andrew-mccrae) wrote :

Hi Joshua, No problem - once it merges we can backport it to Mitaka

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_swift (master)

Reviewed: https://review.openstack.org/386652
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_swift/commit/?id=8e14baa7fb27d43d5845818660517938644db0b6
Submitter: Jenkins
Branch: master

commit 8e14baa7fb27d43d5845818660517938644db0b6
Author: Andy McCrae <email address hidden>
Date: Fri Oct 14 15:52:32 2016 +0100

    Always setup ResellerAdmin role in keystone

    The ResellerAdmin role should be setup in keystone regardless of whether
    we are using Ceilometer or not. This will allow operators to add the
    ResellerAdmin role to users - which should then be allowed to operate on
    any account.

    Change-Id: I3c5ede01266b126705b42b086107a9232a85bf94
    Closes-Bug: #1633221

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_swift (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/387019

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_swift (stable/newton)

Reviewed: https://review.openstack.org/387019
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_swift/commit/?id=0e7a7a36c5729d965d25d1267692bb2342fbdad6
Submitter: Jenkins
Branch: stable/newton

commit 0e7a7a36c5729d965d25d1267692bb2342fbdad6
Author: Andy McCrae <email address hidden>
Date: Fri Oct 14 15:52:32 2016 +0100

    Always setup ResellerAdmin role in keystone

    The ResellerAdmin role should be setup in keystone regardless of whether
    we are using Ceilometer or not. This will allow operators to add the
    ResellerAdmin role to users - which should then be allowed to operate on
    any account.

    Change-Id: I3c5ede01266b126705b42b086107a9232a85bf94
    Closes-Bug: #1633221
    (cherry picked from commit 8e14baa7fb27d43d5845818660517938644db0b6)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_swift (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/387504

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_swift (stable/mitaka)

Reviewed: https://review.openstack.org/387504
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_swift/commit/?id=5fbb25e7c5c139fbe9462f27b6a0afc20a4fffef
Submitter: Jenkins
Branch: stable/mitaka

commit 5fbb25e7c5c139fbe9462f27b6a0afc20a4fffef
Author: Andy McCrae <email address hidden>
Date: Mon Oct 17 15:45:31 2016 +0100

    Always setup ResellerAdmin role in keystone

    The ResellerAdmin role should be setup in keystone regardless of whether
    we are using Ceilometer or not. This will allow operators to add the
    ResellerAdmin role to users - which should then be allowed to operate on
    any account.

    Change-Id: I3c5ede01266b126705b42b086107a9232a85bf94
    Closes-Bug: #1633221
    (cherry picked from commit 8e14baa7fb27d43d5845818660517938644db0b6)

tags: added: in-stable-mitaka
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_swift 14.0.0.0rc4

This issue was fixed in the openstack/openstack-ansible-os_swift 14.0.0.0rc4 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_swift 13.3.6

This issue was fixed in the openstack/openstack-ansible-os_swift 13.3.6 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_swift 15.0.0.0b1

This issue was fixed in the openstack/openstack-ansible-os_swift 15.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.