Patrole framework will always fail when running from remote machine, if policy file are not explicitly on remote machine.

Bug #1673417 reported by Mh Raies
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Patrole
Confirmed
Medium
Mh Raies

Bug Description

Tempest has a capability to get operated from remote machine.
Being a tempest plugin, Patrole must have a feature to enable operate remotely.
In multi-node deployment, If we are running Patrole from controller node or if we are running Patrole from single node deployment then it will work perfectly.
As a part of RBAC process, Patrole uses policy file parsing.
But currently parsing feature is implemented in such a way that it will always try to make a default policy file path "/etc/<service>/policy.json".

case#1: custom policy file testing (where custom policy file was located at remote machine)-

In this case, On the remote machine, we have to put custom policy files at the location /etc/<service>/policy.json

case#2: Default policy testing -

As per current framework implementation, if we are running Patrole from remote machine (not part of OpenStack deployment), then still it will seek for policy file at the patch "/etc/<service>/policy.json" in case of default policy testing.
Becuase path is being constructed each time whether explicit 'path' is passed or not.

Mh Raies (raiesmh08)
Changed in patrole:
assignee: nobody → Mh Raies (raiesmh08)
Mh Raies (raiesmh08)
Changed in patrole:
status: New → Invalid
assignee: Mh Raies (raiesmh08) → nobody
Mh Raies (raiesmh08)
summary: - Patrole framework unable to parse policy files when running from remote
- machine.
+ Patrole framework will always fail when running from remote machine
summary: Patrole framework will always fail when running from remote machine
+ (with PRECONDITION in description)
Mh Raies (raiesmh08)
description: updated
summary: Patrole framework will always fail when running from remote machine
- (with PRECONDITION in description)
summary: - Patrole framework will always fail when running from remote machine
+ Patrole framework will always fail when running from remote machine, if
+ policy file are not explicitly on remote machine.
Mh Raies (raiesmh08)
description: updated
Changed in patrole:
status: Invalid → New
assignee: nobody → Mh Raies (raiesmh08)
Felipe Monteiro (fm577c)
Changed in patrole:
status: New → Confirmed
Felipe Monteiro (fm577c)
Changed in patrole:
importance: Undecided → Medium
Revision history for this message
Ghanshyam Mann (ghanshyammann) wrote :
To post a comment you must log in.