OpenStack Snap

all commands requiring access to microcluster should check permissions

Bug #2024179 reported by Guillaume Boutry on 2023-06-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Snap	Triaged	Medium	Unassigned

Bug Description

Some commands fail when accessing microcluster, we should check early if user has sufficient permissions.

[11:31:35] DEBUG Starting step Write Model status common.py:214
           DEBUG Using selector: EpollSelector selector_events.py:54
           DEBUG /var/snap/openstack/common/state/control.socket service.py:109
           DEBUG [get] http+unix://%2Fvar%2Fsnap%2Fopenstack%2Fcommon%2Fstate%2Fcontrol.socket/1.0/config/JujuController, args={'allow_redirects': True} service.py:118
           DEBUG ('Connection aborted.', PermissionError(13, 'Permission denied')) utils.py:142
                    Traceback (most recent call last):
                      File "/snap/openstack/182/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen
                        httplib_response = self._make_request(
                      File "/snap/openstack/182/lib/python3.10/site-packages/urllib3/connectionpool.py", line 398, in _make_request
                        conn.request(method, url, **httplib_request_kw)
                      File "/usr/lib/python3.10/http/client.py", line 1282, in request
                        self._send_request(method, url, body, headers, encode_chunked)
                      File "/usr/lib/python3.10/http/client.py", line 1328, in _send_request
                        self.endheaders(body, encode_chunked=encode_chunked)
                      File "/usr/lib/python3.10/http/client.py", line 1277, in endheaders
                        self._send_output(message_body, encode_chunked=encode_chunked)
                      File "/usr/lib/python3.10/http/client.py", line 1037, in _send_output
                        self.send(msg)
                      File "/usr/lib/python3.10/http/client.py", line 975, in send
                        self.connect()
                      File "/snap/openstack/182/lib/python3.10/site-packages/requests_unixsocket/adapters.py", line 41, in connect
                        sock.connect(socket_path)
                    PermissionError: [Errno 13] Permission denied

During handling of the above exception, another exception occurred:

                    Traceback (most recent call last):
                      File "/snap/openstack/182/lib/python3.10/site-packages/requests/adapters.py", line 489, in send
                        resp = conn.urlopen(
                      File "/snap/openstack/182/lib/python3.10/site-packages/urllib3/connectionpool.py", line 787, in urlopen
                        retries = retries.increment(
                      File "/snap/openstack/182/lib/python3.10/site-packages/urllib3/util/retry.py", line 550, in increment
                        raise six.reraise(type(error), error, _stacktrace)
                      File "/snap/openstack/182/lib/python3.10/site-packages/urllib3/packages/six.py", line 769, in reraise
                        raise value.with_traceback(tb)
                      File "/snap/openstack/182/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen
                        httplib_response = self._make_request(
                      File "/snap/openstack/182/lib/python3.10/site-packages/urllib3/connectionpool.py", line 398, in _make_request
                        conn.request(method, url, **httplib_request_kw)
                      File "/usr/lib/python3.10/http/client.py", line 1282, in request
                        self._send_request(method, url, body, headers, encode_chunked)
                      File "/usr/lib/python3.10/http/client.py", line 1328, in _send_request
                        self.endheaders(body, encode_chunked=encode_chunked)
                      File "/usr/lib/python3.10/http/client.py", line 1277, in endheaders
                        self._send_output(message_body, encode_chunked=encode_chunked)
                      File "/usr/lib/python3.10/http/client.py", line 1037, in _send_output
                        self.send(msg)
                      File "/usr/lib/python3.10/http/client.py", line 975, in send
                        self.connect()
                      File "/snap/openstack/182/lib/python3.10/site-packages/requests_unixsocket/adapters.py", line 41, in connect
                        sock.connect(socket_path)
                    urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))

During handling of the above exception, another exception occurred:

                    Traceback (most recent call last):
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/clusterd/service.py", line 119, in _request
                        response = self.__session.request(method=method, url=url, **kwargs)
                      File "/snap/openstack/182/lib/python3.10/site-packages/requests/sessions.py", line 587, in request
                        resp = self.send(prep, **send_kwargs)
                      File "/snap/openstack/182/lib/python3.10/site-packages/requests/sessions.py", line 701, in send
                        r = adapter.send(request, **kwargs)
                      File "/snap/openstack/182/lib/python3.10/site-packages/requests/adapters.py", line 547, in send
                        raise ConnectionError(err, request=request)
                    requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))

During handling of the above exception, another exception occurred:

                    Traceback (most recent call last):
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/utils.py", line 140, in __call__
                        return self.main(*args, **kwargs)
                      File "/snap/openstack/182/lib/python3.10/site-packages/click/core.py", line 1055, in main
                        rv = self.invoke(ctx)
                      File "/snap/openstack/182/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
                        return _process_result(sub_ctx.command.invoke(sub_ctx))
                      File "/snap/openstack/182/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
                        return ctx.invoke(self.callback, **ctx.params)
                      File "/snap/openstack/182/lib/python3.10/site-packages/click/core.py", line 760, in invoke
                        return __callback(*args, **kwargs)
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/commands/inspect.py", line 63, in inspect
                        run_plan(plan, console)
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/jobs/common.py", line 222, in run_plan
                        skip_result = step.is_skip()
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/commands/juju.py", line 830, in is_skip
                        run_sync(self.jhelper.get_model(self.model))
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/jobs/juju.py", line 56, in run_sync
                        result = asyncio.get_event_loop().run_until_complete(coro)
                      File "/usr/lib/python3.10/asyncio/base_events.py", line 646, in run_until_complete
                        return future.result()
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/jobs/juju.py", line 182, in wrapper
                        juju_controller = JujuController.load(client)
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/jobs/juju.py", line 168, in load
                        controller = client.cluster.get_config(JUJU_CONTROLLER_KEY)
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/clusterd/cluster.py", line 161, in get_config
                        return self._get(f"/1.0/config/{key}").get("metadata")
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/clusterd/service.py", line 181, in _get
                        return self._request("get", path, **kwargs)
                      File "/snap/openstack/182/lib/python3.10/site-packages/sunbeam/clusterd/service.py", line 128, in _request
                        raise ClusterServiceUnavailableException(msg)
                    sunbeam.clusterd.service.ClusterServiceUnavailableException: ('Connection aborted.', PermissionError(13, 'Permission denied'))
           WARNING An unexpected error has occurred. Please run 'sunbeam inspect' to generate an inspection report. utils.py:147
           ERROR Error: ('Connection aborted.', PermissionError(13, 'Permission denied'))

James Page (james-page) on 2023-06-16

Changed in snap-openstack:
status:	New → Triaged
importance:	Undecided → Wishlist
importance:	Wishlist → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.