Activity log for bug #1673417

Date Who What changed Old value New value Message
2017-03-16 10:45:36 Mh Raies bug added bug
2017-03-16 10:45:42 Mh Raies patrole: assignee Mh Raies (raiesmh08)
2017-03-17 19:47:09 Mh Raies patrole: status New Invalid
2017-03-17 19:47:16 Mh Raies patrole: assignee Mh Raies (raiesmh08)
2017-03-20 09:08:35 Mh Raies summary Patrole framework unable to parse policy files when running from remote machine. Patrole framework will always fail when running from remote machine
2017-03-20 09:09:17 Mh Raies summary Patrole framework will always fail when running from remote machine Patrole framework will always fail when running from remote machine (with PRECONDITION in description)
2017-03-20 09:15:52 Mh Raies description Tempest has a capability to get operated from remote machine. Being a tempest plugin, Patrole must have a feature to enable operate remotely. As a part of RBAC process, Patrole uses policy file parsing. But currently parsing feature is implemented in such a way that it can only take policy files from current host machine. Thus we are compelled to run RBAC tests from OpenStack controller. When we want to run these tests remotely (from a machine existing at remote location and is not a part of cloud), then we have to manually put custom policy files. Which is not good. Tempest has a capability to get operated from remote machine. Being a tempest plugin, Patrole must have a feature to enable operate remotely. As a part of RBAC process, Patrole uses policy file parsing. But currently parsing feature is implemented in such a way that it will always try to make a default policy file path "/etc/<service>/policy.json". In multi-node deployment, If we are running Patrole from controller node or if we are running Patrole from single node deployment then it will work perfectly. But if we are running Patrole from remote machine (not part of OpenStack deployment), then still it will seek for policy file at the patch "/etc/<service>/policy.json" becuase path is being constructed each time whether explicit 'path' is passed or not. In remote machine, we will not have policy.json file always. So this will cause policy file not found exception each time.
2017-03-20 09:17:33 Mh Raies summary Patrole framework will always fail when running from remote machine (with PRECONDITION in description) Patrole framework will always fail when running from remote machine
2017-03-20 09:18:06 Mh Raies summary Patrole framework will always fail when running from remote machine Patrole framework will always fail when running from remote machine, if policy file are not explicitly on remote machine.
2017-03-20 09:31:52 Mh Raies description Tempest has a capability to get operated from remote machine. Being a tempest plugin, Patrole must have a feature to enable operate remotely. As a part of RBAC process, Patrole uses policy file parsing. But currently parsing feature is implemented in such a way that it will always try to make a default policy file path "/etc/<service>/policy.json". In multi-node deployment, If we are running Patrole from controller node or if we are running Patrole from single node deployment then it will work perfectly. But if we are running Patrole from remote machine (not part of OpenStack deployment), then still it will seek for policy file at the patch "/etc/<service>/policy.json" becuase path is being constructed each time whether explicit 'path' is passed or not. In remote machine, we will not have policy.json file always. So this will cause policy file not found exception each time. Tempest has a capability to get operated from remote machine. Being a tempest plugin, Patrole must have a feature to enable operate remotely. In multi-node deployment, If we are running Patrole from controller node or if we are running Patrole from single node deployment then it will work perfectly. As a part of RBAC process, Patrole uses policy file parsing. But currently parsing feature is implemented in such a way that it will always try to make a default policy file path "/etc/<service>/policy.json". case#1: custom policy file testing (where custom policy file was located at remote machine)- In this case, On the remote machine, we have to put custom policy files at the location /etc/<service>/policy.json case#2: Default policy testing - As per current framework implementation, if we are running Patrole from remote machine (not part of OpenStack deployment), then still it will seek for policy file at the patch "/etc/<service>/policy.json" in case of default policy testing. Becuase path is being constructed each time whether explicit 'path' is passed or not.
2017-03-20 09:32:04 Mh Raies patrole: status Invalid New
2017-03-20 09:32:08 Mh Raies patrole: assignee Mh Raies (raiesmh08)
2017-03-22 18:46:08 Felipe Monteiro patrole: status New Confirmed
2017-03-23 19:59:14 Felipe Monteiro patrole: importance Undecided Medium