Read or write object with rights tests broken

Bug #1672613 reported by Eric Xie on 2017-03-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Low
Unassigned

Bug Description

Description
===========
I ran the DefCore tests with the latest tempest.
But got error when executed the `test_read_object_with_rights` case.

Steps to reproduce
==================
* Clone the latest tempest
* Config the tempest config file and account.yml
* Execute `./refstack-client test -c tempest.conf -v --test-list "https://refstack.openstack.org/api/v1/guidelines/2017.01/tests?target=platform&type=required&alias=true&flag=false"`

Expected result
===============
All cases success.

Actual result
=============
Error with `test_read_object_with_rights` case.

Environment
===========
# git log
commit e8192e4b5d22a57edb177279f52e5cd58ddf4999
Merge: f496885 f9ded35
Author: Jenkins <email address hidden>
Date: Thu Feb 2 19:53:02 2017 +0000

    Merge "Fix date-time format checking in response schema"

Logs
===========
tempest.api.object_storage.test_container_acl.ObjectTestACLs.test_read_object_with_rights[id-a3270f3f-7640-4944-8448-c7ea783ea5b6]
----------------------------------------------------------------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "tempest/api/object_storage/test_container_acl.py", line 55, in test_read_object_with_rights
        resp, _ = self.os_roles_operator.object_client.create_object(
      File "tempest/services/object_storage/object_client.py", line 83, in get_object
        resp, body = self.get(url, headers=headers)
      File "tempest/lib/common/rest_client.py", line 291, in get
        return self.request('GET', url, extra_headers, headers)
      File "tempest/lib/common/rest_client.py", line 664, in request
        self._error_checker(resp, resp_body)
      File "tempest/lib/common/rest_client.py", line 751, in _error_checker
        raise exceptions.Unauthorized(resp_body, resp=resp)
    tempest.lib.exceptions.Unauthorized: Unauthorized
    Details: <html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>

tempest.api.object_storage.test_container_acl.ObjectTestACLs.test_write_object_with_rights[id-aa58bfa5-40d9-4bc3-82b4-d07f4a9e392a]
-----------------------------------------------------------------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "tempest/api/object_storage/test_container_acl.py", line 88, in test_write_object_with_rights
        object_name, 'data', headers={})
      File "tempest/services/object_storage/object_client.py", line 40, in create_object
        resp, body = self.put(url, data, headers)
      File "tempest/lib/common/rest_client.py", line 340, in put
        return self.request('PUT', url, extra_headers, headers, body, chunked)
      File "tempest/lib/common/rest_client.py", line 664, in request
        self._error_checker(resp, resp_body)
      File "tempest/lib/common/rest_client.py", line 756, in _error_checker
        raise exceptions.Forbidden(resp_body, resp=resp)
    tempest.lib.exceptions.Forbidden: Forbidden
    Details: <html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>

Eric Xie (eric-xie) wrote :

In https://docs.openstack.org/developer/swift/overview_acl.html
'Note Keystone project (tenant) or user names (i.e., <project-name>:<user-name) must no longer be used because with the introduction of domains in Keystone, names are not globally unique. You should use user and project ids instead.'

But in tempest/api/object_storage/test_container_acl.py, use the name not id.
    def test_read_object_with_rights(self):
        # attempt to read object using authorized user
        # update X-Container-Read metadata ACL
        tenant_name = self.os_roles_operator_alt.credentials.tenant_name
        username = self.os_roles_operator_alt.credentials.username
        cont_headers = {'X-Container-Read': tenant_name + ':' + username}
        resp_meta, body = self.os_roles_operator.container_client.\
            update_container_metadata(
                self.container_name, metadata=cont_headers,
                metadata_prefix='')

Changed in tempest:
status: New → In Progress
assignee: nobody → Eric Xie (eric-xie)
Eric Xie (eric-xie) on 2017-03-14
description: updated
Eric Xie (eric-xie) on 2017-03-14
summary: - Read object with rights broken
+ Read or write object with rights broken
summary: - Read or write object with rights broken
+ Read or write object with rights tests broken
Changed in tempest:
importance: Undecided → Low

Change abandoned by Eric Xie (eric_xiett@163.com) on branch: master
Review: https://review.openstack.org/445358

Eric Xie (eric-xie) on 2018-01-29
Changed in tempest:
assignee: Eric Xie (eric-xie) → nobody
status: In Progress → New

Hi Eric,

I am not able to reproduce it. Are you still facing this issue?
or Could you please guide in more deatil to reproduce it?

Ghanshyam Mann (ghanshyammann) wrote :
Changed in tempest:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers