Read or write object with rights tests broken

Bug #1672613 reported by Eric Xie on 2017-03-14
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

I ran the DefCore tests with the latest tempest.
But got error when executed the `test_read_object_with_rights` case.

Steps to reproduce
* Clone the latest tempest
* Config the tempest config file and account.yml
* Execute `./refstack-client test -c tempest.conf -v --test-list ""`

Expected result
All cases success.

Actual result
Error with `test_read_object_with_rights` case.

# git log
commit e8192e4b5d22a57edb177279f52e5cd58ddf4999
Merge: f496885 f9ded35
Author: Jenkins <email address hidden>
Date: Thu Feb 2 19:53:02 2017 +0000

    Merge "Fix date-time format checking in response schema"


Captured traceback:
    Traceback (most recent call last):
      File "tempest/api/object_storage/", line 55, in test_read_object_with_rights
        resp, _ = self.os_roles_operator.object_client.create_object(
      File "tempest/services/object_storage/", line 83, in get_object
        resp, body = self.get(url, headers=headers)
      File "tempest/lib/common/", line 291, in get
        return self.request('GET', url, extra_headers, headers)
      File "tempest/lib/common/", line 664, in request
        self._error_checker(resp, resp_body)
      File "tempest/lib/common/", line 751, in _error_checker
        raise exceptions.Unauthorized(resp_body, resp=resp)
    tempest.lib.exceptions.Unauthorized: Unauthorized
    Details: <html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>


Captured traceback:
    Traceback (most recent call last):
      File "tempest/api/object_storage/", line 88, in test_write_object_with_rights
        object_name, 'data', headers={})
      File "tempest/services/object_storage/", line 40, in create_object
        resp, body = self.put(url, data, headers)
      File "tempest/lib/common/", line 340, in put
        return self.request('PUT', url, extra_headers, headers, body, chunked)
      File "tempest/lib/common/", line 664, in request
        self._error_checker(resp, resp_body)
      File "tempest/lib/common/", line 756, in _error_checker
        raise exceptions.Forbidden(resp_body, resp=resp)
    tempest.lib.exceptions.Forbidden: Forbidden
    Details: <html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>

Eric Xie (eric-xie) wrote :

'Note Keystone project (tenant) or user names (i.e., <project-name>:<user-name) must no longer be used because with the introduction of domains in Keystone, names are not globally unique. You should use user and project ids instead.'

But in tempest/api/object_storage/, use the name not id.
    def test_read_object_with_rights(self):
        # attempt to read object using authorized user
        # update X-Container-Read metadata ACL
        tenant_name = self.os_roles_operator_alt.credentials.tenant_name
        username = self.os_roles_operator_alt.credentials.username
        cont_headers = {'X-Container-Read': tenant_name + ':' + username}
        resp_meta, body = self.os_roles_operator.container_client.\
                self.container_name, metadata=cont_headers,

Changed in tempest:
status: New → In Progress
assignee: nobody → Eric Xie (eric-xie)
Eric Xie (eric-xie) on 2017-03-14
description: updated
Eric Xie (eric-xie) on 2017-03-14
summary: - Read object with rights broken
+ Read or write object with rights broken
summary: - Read or write object with rights broken
+ Read or write object with rights tests broken
Changed in tempest:
importance: Undecided → Low

Change abandoned by Eric Xie ( on branch: master

Eric Xie (eric-xie) on 2018-01-29
Changed in tempest:
assignee: Eric Xie (eric-xie) → nobody
status: In Progress → New

Hi Eric,

I am not able to reproduce it. Are you still facing this issue?
or Could you please guide in more deatil to reproduce it?

Ghanshyam Mann (ghanshyammann) wrote :
Changed in tempest:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers