| 2017-03-16 10:45:36 |
Mh Raies |
bug |
|
|
added bug |
| 2017-03-16 10:45:42 |
Mh Raies |
patrole: assignee |
|
Mh Raies (raiesmh08) |
|
| 2017-03-17 19:47:09 |
Mh Raies |
patrole: status |
New |
Invalid |
|
| 2017-03-17 19:47:16 |
Mh Raies |
patrole: assignee |
Mh Raies (raiesmh08) |
|
|
| 2017-03-20 09:08:35 |
Mh Raies |
summary |
Patrole framework unable to parse policy files when running from remote machine. |
Patrole framework will always fail when running from remote machine |
|
| 2017-03-20 09:09:17 |
Mh Raies |
summary |
Patrole framework will always fail when running from remote machine |
Patrole framework will always fail when running from remote machine (with PRECONDITION in description) |
|
| 2017-03-20 09:15:52 |
Mh Raies |
description |
Tempest has a capability to get operated from remote machine.
Being a tempest plugin, Patrole must have a feature to enable operate remotely.
As a part of RBAC process, Patrole uses policy file parsing.
But currently parsing feature is implemented in such a way that it can only take policy files from current host machine.
Thus we are compelled to run RBAC tests from OpenStack controller.
When we want to run these tests remotely (from a machine existing at remote location and is not a part of cloud), then we have to manually put custom policy files.
Which is not good. |
Tempest has a capability to get operated from remote machine.
Being a tempest plugin, Patrole must have a feature to enable operate remotely.
As a part of RBAC process, Patrole uses policy file parsing.
But currently parsing feature is implemented in such a way that it will always try to make a default policy file path "/etc/<service>/policy.json".
In multi-node deployment, If we are running Patrole from controller node or if we are running Patrole from single node deployment then it will work perfectly.
But if we are running Patrole from remote machine (not part of OpenStack deployment), then still it will seek for policy file at the patch "/etc/<service>/policy.json" becuase path is being constructed each time whether explicit 'path' is passed or not.
In remote machine, we will not have policy.json file always. So this will cause policy file not found exception each time. |
|
| 2017-03-20 09:17:33 |
Mh Raies |
summary |
Patrole framework will always fail when running from remote machine (with PRECONDITION in description) |
Patrole framework will always fail when running from remote machine |
|
| 2017-03-20 09:18:06 |
Mh Raies |
summary |
Patrole framework will always fail when running from remote machine |
Patrole framework will always fail when running from remote machine, if policy file are not explicitly on remote machine. |
|
| 2017-03-20 09:31:52 |
Mh Raies |
description |
Tempest has a capability to get operated from remote machine.
Being a tempest plugin, Patrole must have a feature to enable operate remotely.
As a part of RBAC process, Patrole uses policy file parsing.
But currently parsing feature is implemented in such a way that it will always try to make a default policy file path "/etc/<service>/policy.json".
In multi-node deployment, If we are running Patrole from controller node or if we are running Patrole from single node deployment then it will work perfectly.
But if we are running Patrole from remote machine (not part of OpenStack deployment), then still it will seek for policy file at the patch "/etc/<service>/policy.json" becuase path is being constructed each time whether explicit 'path' is passed or not.
In remote machine, we will not have policy.json file always. So this will cause policy file not found exception each time. |
Tempest has a capability to get operated from remote machine.
Being a tempest plugin, Patrole must have a feature to enable operate remotely.
In multi-node deployment, If we are running Patrole from controller node or if we are running Patrole from single node deployment then it will work perfectly.
As a part of RBAC process, Patrole uses policy file parsing.
But currently parsing feature is implemented in such a way that it will always try to make a default policy file path "/etc/<service>/policy.json".
case#1: custom policy file testing (where custom policy file was located at remote machine)-
In this case, On the remote machine, we have to put custom policy files at the location /etc/<service>/policy.json
case#2: Default policy testing -
As per current framework implementation, if we are running Patrole from remote machine (not part of OpenStack deployment), then still it will seek for policy file at the patch "/etc/<service>/policy.json" in case of default policy testing.
Becuase path is being constructed each time whether explicit 'path' is passed or not. |
|
| 2017-03-20 09:32:04 |
Mh Raies |
patrole: status |
Invalid |
New |
|
| 2017-03-20 09:32:08 |
Mh Raies |
patrole: assignee |
|
Mh Raies (raiesmh08) |
|
| 2017-03-22 18:46:08 |
Felipe Monteiro |
patrole: status |
New |
Confirmed |
|
| 2017-03-23 19:59:14 |
Felipe Monteiro |
patrole: importance |
Undecided |
Medium |
|
