tempest.api.compute and a few tempest.api.volume tests started failing, example traceback
ft1.1: setUpClass (tempest.api.compute.floating_ips.test_floating_ips_actions.FloatingIPsAssociationTestJSON)testtools.testresult.real._StringException: Traceback (most recent call last):
File "/opt/stack/tempest/tempest/test.py", line 206, in setUpClass
raise value.with_traceback(trace)
File "/opt/stack/tempest/tempest/test.py", line 199, in setUpClass
cls.resource_setup()
File "/opt/stack/tempest/tempest/api/compute/floating_ips/test_floating_ips_actions.py", line 70, in resource_setup
cls.server = cls.create_test_server(wait_until='ACTIVE')
File "/opt/stack/tempest/tempest/api/compute/base.py", line 272, in create_test_server
body, servers = compute.create_test_server(
File "/opt/stack/tempest/tempest/common/compute.py", line 285, in create_test_server
body = clients.servers_client.create_server(name=name, imageRef=image_id,
File "/opt/stack/tempest/tempest/lib/services/compute/servers_client.py", line 115, in create_server
resp, body = self.post('servers', post_body)
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 300, in post
return self.request('POST', url, extra_headers, headers, body, chunked)
File "/opt/stack/tempest/tempest/lib/services/compute/base_compute_client.py", line 47, in request
resp, resp_body = super(BaseComputeClient, self).request(
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 742, in request
self._error_checker(resp, resp_body)
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 847, in _error_checker
raise exceptions.Forbidden(resp_body, resp=resp)
tempest.lib.exceptions.Forbidden: Forbidden
Details: {'code': 403, 'message': "Policy doesn't allow os_compute_api:servers:create to be performed."}
The affected jobs: tempest-full-test-account-no-admin-py3 and tempest-full-test-account-py3
https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_982/880630/13/check/tempest-full-test-account-py3/982332d/testr_results.html
https://0ba57ff75479255f8769-2b6c314b914fb3f996b5c8a41dca9d5c.ssl.cf2.rackcdn.com/880630/13/check/tempest-full-test-account-no-admin-py3/70fe771/testr_results.html
The tests started failing after we enabled NOVA_ENFORCE_SCOPE by default in devstack:
https://review.opendev.org/c/openstack/devstack/+/883556
I did a quick research on this: /review. opendev. org/c/openstack /tempest/ +/878074 /review. opendev. org/c/openstack /tempest/ +/884509
- I think that this patch causes the issue: https:/
- Thanks to this patch, a test may get project_reader when it requires primary credentials.
- The reason why the errors appear now is probably the fact that we enabled enforce scope for NOVA and GLANCE in devstack recently.
- Here is DNM patch that might fix the issue: https:/