tempest

Cannot run tempest without admin creds

Bug #1296955 reported by David Kranz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Invalid
Medium
Matthew Treinish

Bug Description

In havana it was possible to do this though some tests that require admin are not skipped. On master you can't even do 'testr list-tests' without correct admin creds. This is because the OfficialClientManager tries to create network and object clients with admin credentials. I'm not sure of the best way to fix this. Here is the backtrace, generated from nose because testr gives you no information on import failures:

nosetests -v tempest/scenario/test_server_basic_ops.py
Failure: Unauthorized (Could not find project, admi. (HTTP 401)) ... ERROR

======================================================================
ERROR: Failure: Unauthorized (Could not find project, admi. (HTTP 401))
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/nose/loader.py", line 390, in loadTestsFromName
    addr.filename, addr.module)
  File "/usr/lib/python2.7/dist-packages/nose/importer.py", line 39, in importFromPath
    return self.importFromDir(dir_path, fqname)
  File "/usr/lib/python2.7/dist-packages/nose/importer.py", line 86, in importFromDir
    mod = load_module(part_fqname, fh, filename, desc)
  File "/opt/stack/tempest/tempest/scenario/test_server_basic_ops.py", line 32, in <module>
    class TestServerBasicOps(manager.OfficialClientTest):
  File "/opt/stack/tempest/tempest/scenario/test_server_basic_ops.py", line 46, in TestServerBasicOps
    scenario_utils = test_utils.InputScenarioUtils()
  File "/opt/stack/tempest/tempest/common/utils/misc.py", line 23, in getinstance
    instances[cls] = cls()
  File "/opt/stack/tempest/tempest/common/utils/test_utils.py", line 100, in __init__
    CONF.identity.tenant_name)
  File "/opt/stack/tempest/tempest/clients.py", line 482, in __init__
    tenant_name)
  File "/opt/stack/tempest/tempest/clients.py", line 542, in _get_object_storage_client
    CONF.identity.admin_tenant_name)
  File "/opt/stack/tempest/tempest/clients.py", line 607, in _get_identity_client
    insecure=dscv)
  File "/opt/stack/python-keystoneclient/keystoneclient/v2_0/client.py", line 144, in __init__
    self.authenticate()
  File "/opt/stack/python-keystoneclient/keystoneclient/httpclient.py", line 383, in authenticate

See original description
Amit Prakash Pandey (amitpp23)
Changed in tempest:
assignee: nobody → Amit Prakash Pandey (amitpp23)
description: updated
Revision history for this message
David Kranz (david-kranz) wrote :

There is a qa spec for fixing this. That spec should be modified/approved and be the basis for fixing this.
https://review.openstack.org/#/c/86967/

Amit Prakash Pandey (amitpp23)
Changed in tempest:
assignee: Amit Prakash Pandey (amitpp23) → nobody
status: New → In Progress
Mauro S M Rodrigues (maurorodrigues)
Changed in tempest:
status: In Progress → Triaged
importance: Undecided → Medium
tags: added: bp-run-without-admin
Revision history for this message
Matthew Treinish (treinish) wrote :

Is this bug still an issue? As part of test accounts bp in juno a great deal of effort was done to fix some of these problems. Have you tried running without admin enabled and without tenant isolation turned on. If there are still failures I think each incident should be a specific bug for the test which is implicitly requiring admin.

Changed in tempest:
status: Triaged → Incomplete
Revision history for this message
David Kranz (david-kranz) wrote :

I tried this and there are many problems. Using test accounts gets failures and then it seems credentials are not returned always as I start getting errors about not enough users even though running serially without tenant_isolation. If not using test accounts, and not setting admin users away from None, things fail very quickly because an InvalidConfiguration is raised and the admin skip code is expecting NotImplemented.

Revision history for this message
David Kranz (david-kranz) wrote :

What are the exact settings in tempest.conf that are expected to work here?

Revision history for this message
David Kranz (david-kranz) wrote :

I started debugging with all admin setting as None in tempest.conf and no tenant isolation. The biggest problem right off the bat is that there is inconsistency between the kinds of exceptions that are raised in different places that are encountered in the various ways we check for admin creds. Some of those places know they are checking admin creds and some are generic, usually raising ConfigurationError. The admin skip places are looking for NotImplementedError.

In any event we should be changing the try/except logic to check for admin with explicit use of is_admin_available.

Changed in tempest:
assignee: nobody → David Kranz (david-kranz)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/157921

Changed in tempest:
assignee: David Kranz (david-kranz) → Matthew Treinish (treinish)
status: Incomplete → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tempest (master)

Reviewed: https://review.openstack.org/157921
Committed: https://git.openstack.org/cgit/openstack/tempest/commit/?id=fda3765ff2b5a09885dec33631bc219ac170e72a
Submitter: Jenkins
Branch: master

commit fda3765ff2b5a09885dec33631bc219ac170e72a
Author: Matthew Treinish <email address hidden>
Date: Fri Feb 20 15:14:53 2015 -0500

    Fix missing exception catch in is_admin_available()

    This commit adds a missing exception catch in the is_admin_available()
    method. When non-locking test accounts are used and no admin creds are
    available an InvalidConfiguration exception is raised instead of the
    NotImplemented exception raised by the locking test accounts provider.

    Partial-Bug: #1296955
    Change-Id: Ic7006f6a40ac174e4b6793096fb92957df350d61

Revision history for this message
Yaroslav Lobankov (ylobankov) wrote :

Is this issue still actual?

Revision history for this message
Castulo J. Martinez (castulo-martinez) wrote :

This bug is old and nobody has commented out on it for a while. Credential providers have changed in Tempest since then. I'm marking this bug as incomplete. Please feel free to add more information and re-open it if you still think is a bug.

Changed in tempest:
status: In Progress → Incomplete
Revision history for this message
Daniel Mellado (daniel-mellado) wrote :

As Castulo mentioned, this bug is *really*, really old and I don't think it will be affecting Tempest at all.

Changed in tempest:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.