tempest

scenario/manager.py create security_group failed for tenant other than the default admin and tenant

Bug #1412303 reported by alex kang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Fix Released
Undecided
Ghanshyam Mann

Bug Description

instance of class NetworkScenarioTest() will create 2 project/tenant/users, admin and tenant.

<instance of NetworkScenarioTest>._create_security_group() can create
[1] security group - self._create_empty_security_group(namestart, client, tenant_id)
[2] loginable security group rule - self._create_loginable_secgroup_rule(secgroup)

The problem is on [2] as it did not pass the client to create security rule, if the client is the <instance of NetworkScenarioTest>.
The test will failed with:

BadRequest: Bad request
Details: {u'NeutronError': u"Specifying 'tenant_id' other than authenticated tenant in request requires admin privileges"}

we need to change:
    rules = self._create_loginable_secgroup_rule(secgroup=secgroup)
to
    rules = self._create_loginable_secgroup_rule(client=client, secgroup=secgroup)

so if I call self._create_security_group(client=self.alt_manager.network_client) the loginable rules can be created as the owner of the security rule is alt_manager, not either one of the default managers of NetworkScenarioTest.

Revision history for this message
alex kang (akang) wrote :

Correction: if the client is NOT either the NetworkScenarioTest's admin or tenant project.

Revision history for this message
Ghanshyam Mann (ghanshyammann) wrote :

Yes, that's issue. When using _create_security_group with other client than primary or admin it through error.

Changed in tempest:
status: New → Triaged
assignee: nobody → Ghanshyam Mann (ghanshyammann)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/148806

Changed in tempest:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tempest (master)

Reviewed: https://review.openstack.org/148806
Committed: https://git.openstack.org/cgit/openstack/tempest/commit/?id=38890b5facf0442d8992f4bec84b96387b4e8bd0
Submitter: Jenkins
Branch: master

commit 38890b5facf0442d8992f4bec84b96387b4e8bd0
Author: ghanshyam <email address hidden>
Date: Wed Jan 21 15:24:18 2015 +0900

    Fix _create_loginable_secgroup_rule in scenario manager

    In NetworkScenarioTest, _create_security_group does not pass the
    requested client to _create_loginable_secgroup_rule.

    If sec grp is being created with different client than admin or primary
    cred then, _create_loginable_secgroup_rule will through Bad Request.
    This is because sec grp is being created with different tenant and tests
    try to add rule with different tenant.

    This patch fix above issue.

    Closes-Bug: 1412303

    Change-Id: I558fec9081644b795f550ae4e63f133e22d6f325

Changed in tempest:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.