If you see following errors for all identity api v3 tests, then please be known that its not a a bug in tempest, rather you need to change keystone v3 policy.json and make it more relaxed so tempest can authorize with users created for each test with separate projects(tenants) because we set tenant_isolation to True in tempest.conf ...
If you see following errors for all identity api v3 tests, then please be known that its not a a bug in tempest, rather you need to change keystone v3 policy.json and make it more relaxed so tempest can authorize with users created for each test with separate projects(tenants) because we set tenant_isolation to True in tempest.conf ...
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ===
10:20:47 ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= api.orchestrati on.stacks. test_templates. TemplateYAMLTes tJSON) ------- ------- ------- ------- ------- ------- ------- ------- ------- testresult. real._StringExc eption: Traceback (most recent call last): jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ test.py" , line 255, in setUpClass credentials( ) jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ api/orchestrati on/base. py", line 42, in setup_credentials strationTest, cls).setup_ credentials( ) jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ test.py" , line 338, in setup_credentials type=credential s_type) jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ test.py" , line 416, in get_client_manager version= identity_ version jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ common/ credentials. py", line 39, in get_isolated_ credentials version= identity_ version) jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ common/ isolated_ creds.py" , line 160, in __init__ admin_client, self.creds_ domain_ name) jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ common/ isolated_ creds.py" , line 134, in get_creds_client identity_ client, project_ domain_ name) jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ common/ isolated_ creds.py" , line 106, in __init__ jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ tempest/ services/ identity/ v3/json/ identity_ client. py", line 250, in list_domains jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ .venv/lib/ python2. 7/site- packages/ tempest_ lib/common/ rest_client. py", line 267, in get jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ .venv/lib/ python2. 7/site- packages/ tempest_ lib/common/ rest_client. py", line 629, in request jenkins/ workspace/ tempest_ v3/tempest- repo/tempest/ .venv/lib/ python2. 7/site- packages/ tempest_ lib/common/ rest_client. py", line 672, in _error_checker Forbidden( resp_body) lib.exceptions. Forbidden: Forbidden list_domains (Disable debug mode to suppress these details.)", "code": 403, "title": "Forbidden"}} ======= ======= ======= ======= ======= ======= ======= =====
10:20:47 FAIL: setUpClass (tempest.
10:20:47 -------
10:20:47 Traceback (most recent call last):
10:20:47 testtools.
10:20:47 File "/var/lib/
10:20:47 cls.setup_
10:20:47 File "/var/lib/
10:20:47 super(BaseOrche
10:20:47 File "/var/lib/
10:20:47 credential_
10:20:47 File "/var/lib/
10:20:47 identity_
10:20:47 File "/var/lib/
10:20:47 identity_
10:20:47 File "/var/lib/
10:20:47 self.identity_
10:20:47 File "/var/lib/
10:20:47 return V3CredsClient(
10:20:47 File "/var/lib/
10:20:47 params={'name': domain_name})[0]
10:20:47 File "/var/lib/
10:20:47 resp, body = self.get(url)
10:20:47 File "/var/lib/
10:20:47 return self.request('GET', url, extra_headers, headers)
10:20:47 File "/var/lib/
10:20:47 resp, resp_body)
10:20:47 File "/var/lib/
10:20:47 raise exceptions.
10:20:47 tempest_
10:20:47 Details: {"error": {"message": "You are not authorized to perform the requested action: identity:
======
FOR ERRORS LIKE ABOVE, YOU SHOULD CHANGE THE DEFAULT POLICY.JSON OF KEYSTONE V3 so tests can get past this issue..
hope it helps )