tempest

Read or write object with rights tests broken

Bug #1672613 reported by Eric Xie on 2017-03-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tempest	Fix Released	Low	Unassigned

Bug Description

Description
===========
I ran the DefCore tests with the latest tempest.
But got error when executed the `test_read_object_with_rights` case.

Steps to reproduce
==================
* Clone the latest tempest
* Config the tempest config file and account.yml
* Execute `./refstack-client test -c tempest.conf -v --test-list "https://refstack.openstack.org/api/v1/guidelines/2017.01/tests?target=platform&type=required&alias=true&flag=false"`

Expected result
===============
All cases success.

Actual result
=============
Error with `test_read_object_with_rights` case.

Environment
===========
# git log
commit e8192e4b5d22a57edb177279f52e5cd58ddf4999
Merge: f496885 f9ded35
Author: Jenkins <email address hidden>
Date: Thu Feb 2 19:53:02 2017 +0000

Merge "Fix date-time format checking in response schema"

Logs
===========
tempest.api.object_storage.test_container_acl.ObjectTestACLs.test_read_object_with_rights[id-a3270f3f-7640-4944-8448-c7ea783ea5b6]
----------------------------------------------------------------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "tempest/api/object_storage/test_container_acl.py", line 55, in test_read_object_with_rights
        resp, _ = self.os_roles_operator.object_client.create_object(
      File "tempest/services/object_storage/object_client.py", line 83, in get_object
        resp, body = self.get(url, headers=headers)
      File "tempest/lib/common/rest_client.py", line 291, in get
        return self.request('GET', url, extra_headers, headers)
      File "tempest/lib/common/rest_client.py", line 664, in request
        self._error_checker(resp, resp_body)
      File "tempest/lib/common/rest_client.py", line 751, in _error_checker
        raise exceptions.Unauthorized(resp_body, resp=resp)
    tempest.lib.exceptions.Unauthorized: Unauthorized
    Details: <html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>

tempest.api.object_storage.test_container_acl.ObjectTestACLs.test_write_object_with_rights[id-aa58bfa5-40d9-4bc3-82b4-d07f4a9e392a]
-----------------------------------------------------------------------------------------------------------------------------------

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "tempest/api/object_storage/test_container_acl.py", line 88, in test_write_object_with_rights
        object_name, 'data', headers={})
      File "tempest/services/object_storage/object_client.py", line 40, in create_object
        resp, body = self.put(url, data, headers)
      File "tempest/lib/common/rest_client.py", line 340, in put
        return self.request('PUT', url, extra_headers, headers, body, chunked)
      File "tempest/lib/common/rest_client.py", line 664, in request
        self._error_checker(resp, resp_body)
      File "tempest/lib/common/rest_client.py", line 756, in _error_checker
        raise exceptions.Forbidden(resp_body, resp=resp)
    tempest.lib.exceptions.Forbidden: Forbidden
    Details: <html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>

See original description

Revision history for this message

Eric Xie (eric-xie) wrote on 2017-03-14:

In https://docs.openstack.org/developer/swift/overview_acl.html
'Note Keystone project (tenant) or user names (i.e., <project-name>:<user-name) must no longer be used because with the introduction of domains in Keystone, names are not globally unique. You should use user and project ids instead.'

But in tempest/api/object_storage/test_container_acl.py, use the name not id.
    def test_read_object_with_rights(self):
        # attempt to read object using authorized user
        # update X-Container-Read metadata ACL
        tenant_name = self.os_roles_operator_alt.credentials.tenant_name
        username = self.os_roles_operator_alt.credentials.username
        cont_headers = {'X-Container-Read': tenant_name + ':' + username}
        resp_meta, body = self.os_roles_operator.container_client.\
            update_container_metadata(
                self.container_name, metadata=cont_headers,
                metadata_prefix='')

Changed in tempest:
status:	New → In Progress
assignee:	nobody → Eric Xie (eric-xie)

Eric Xie (eric-xie) on 2017-03-14

description:

updated

Eric Xie (eric-xie) on 2017-03-14

summary:	- Read object with rights broken + Read or write object with rights broken
summary:	- Read or write object with rights broken + Read or write object with rights tests broken

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-14: Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/445358

Ken'ichi Ohmichi (oomichi) on 2017-05-02

Changed in tempest:
importance:	Undecided → Low

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-12: Change abandoned on tempest (master)

Change abandoned by Eric Xie (eric_xiett@163.com) on branch: master
Review: https://review.openstack.org/445358

Eric Xie (eric-xie) on 2018-01-29

Changed in tempest:
assignee:	Eric Xie (eric-xie) → nobody
status:	In Progress → New

Revision history for this message

Manik Bindlish (manikbindlish19) wrote on 2018-10-11:

Hi Eric,

I am not able to reproduce it. Are you still facing this issue?
or Could you please guide in more deatil to reproduce it?

Revision history for this message

Ghanshyam Mann (ghanshyammann) wrote on 2018-12-06:

This seems fixed by https://review.openstack.org/#/c/605017/1

Changed in tempest:
status:	New → Fix Committed

Revision history for this message

Doug Schveninger (ds6901) wrote on 2019-08-02:

should this be changed to fix released?

Revision history for this message

Martin Kopec (mkopec) wrote on 2020-04-02:

Part of tempest since 20.0.0 release.

Changed in tempest:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.