OSA creates role reseller_admin and sets Tempest config to reseller_admin_role = reseller_admin. The issue is it seems Swift expects reseller_admin_role = ResellerAdmin. Therefore, it throws a forbidden error if reseller_admin role is used.
Example Tempest fails when running with reseller_admin_role = reseller_admin: tempest.api.object_storage.test_account_quotas.AccountQuotasTest.test_admin_modify_quota.
Captured traceback:
~~~~~~~~~~~~~~~~~~~
Traceback (most recent call last):
File "tempest/api/object_storage/test_account_quotas.py", line 58, in setUp
body="")
File "tempest/lib/common/rest_client.py", line 665, in request
resp, resp_body)
File "tempest/lib/common/rest_client.py", line 758, in _error_checker
raise exceptions.Forbidden(resp_body, resp=resp)
tempest.lib.exceptions.Forbidden: Forbidden
Details: <html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>
OSA creates role reseller_admin and sets Tempest config to reseller_admin_role = reseller_admin. The issue is it seems Swift expects reseller_admin_role = ResellerAdmin. Therefore, it throws a forbidden error if reseller_admin role is used.
Example Tempest fails when running with reseller_admin_role = reseller_admin: tempest. api.object_ storage. test_account_ quotas. AccountQuotasTe st.test_ admin_modify_ quota.
{0} tempest. api.object_ storage. test_account_ quotas. AccountQuotasTe st.test_ admin_modify_ quota [0.896237s] ... FAILED
======= ======= ======= ======= == ======= ======= ======= ==
Failed 1 tests - output below:
=======
tempest. api.object_ storage. test_account_ quotas. AccountQuotasTe st.test_ admin_modify_ quota[id- 63f51f9f- 5f1d-4fc6- b5be-d454d70949 d6,smoke] ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --
-------
Captured traceback: api/object_ storage/ test_account_ quotas. py", line 58, in setUp lib/common/ rest_client. py", line 665, in request lib/common/ rest_client. py", line 758, in _error_checker Forbidden( resp_body, resp=resp) lib.exceptions. Forbidden: Forbidden h1>Forbidden< /h1><p> Access was denied to this resource. </p></html>
~~~~~~~~~~~~~~~~~~~
Traceback (most recent call last):
File "tempest/
body="")
File "tempest/
resp, resp_body)
File "tempest/
raise exceptions.
tempest.
Details: <html><
Captured pythonlogging: ~~~~~~~ ~~~~~~~ ~~ lib.common. rest_client] Request (AccountQuotasT est:setUp) : 403 POST http:// xxx.xxx. x.xxx:8080/ v1/AUTH_ 06c36adfe0b1483 4b147e6aac07793 7f 0.894s
~~~~~~~
2016-10-13 20:55:36,992 31477 INFO [tempest.
Solution I believe:
Instead of creating reseller_admin role on deployment create ResellerAdmin role.