The above-mentioned job seems to be failing because of a change in the rule:create_network and rule:create_security_group policies. We've already encountered a similar issue when we enabled NOVA_ENFORCE_SCOPE by default in devstack. (https://bugs.launchpad.net/tempest/+bug/2020860)
ft8.1: setUpClass (tempest.api.network.test_extra_dhcp_options.ExtraDHCPOptionsTestJSON)testtools.testresult.real._StringException: Traceback (most recent call last):
File "/opt/stack/tempest/tempest/test.py", line 206, in setUpClass
raise value.with_traceback(trace)
File "/opt/stack/tempest/tempest/test.py", line 199, in setUpClass
cls.resource_setup()
File "/opt/stack/tempest/tempest/api/network/test_extra_dhcp_options.py", line 46, in resource_setup
cls.network = cls.create_network()
File "/opt/stack/tempest/tempest/api/network/base.py", line 109, in create_network
body = cls.networks_client.create_network(name=network_name, **kwargs)
File "/opt/stack/tempest/tempest/lib/services/network/networks_client.py", line 27, in create_network
return self.create_resource(uri, post_data)
File "/opt/stack/tempest/tempest/lib/services/network/base.py", line 62, in create_resource
resp, body = self.post(req_uri, req_post_data)
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 300, in post
return self.request('POST', url, extra_headers, headers, body, chunked)
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 742, in request
self._error_checker(resp, resp_body)
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 847, in _error_checker
raise exceptions.Forbidden(resp_body, resp=resp)
tempest.lib.exceptions.Forbidden: Forbidden
Details: {'type': 'PolicyNotAuthorized', 'message': 'rule:create_network is disallowed by policy', 'detail': ''}
Traceback (most recent call last):
File "/opt/stack/tempest/tempest/api/compute/security_groups/test_security_groups.py", line 156, in test_list_security_groups_by_server
sg = self.create_security_group()
File "/opt/stack/tempest/tempest/api/compute/base.py", line 267, in create_security_group
body = cls.security_groups_client.create_security_group(
File "/opt/stack/tempest/tempest/lib/services/compute/security_groups_client.py", line 67, in create_security_group
resp, body = self.post('os-security-groups', post_body)
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 300, in post
return self.request('POST', url, extra_headers, headers, body, chunked)
File "/opt/stack/tempest/tempest/lib/services/compute/base_compute_client.py", line 47, in request
resp, resp_body = super(BaseComputeClient, self).request(
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 742, in request
self._error_checker(resp, resp_body)
File "/opt/stack/tempest/tempest/lib/common/rest_client.py", line 847, in _error_checker
raise exceptions.Forbidden(resp_body, resp=resp)
tempest.lib.exceptions.Forbidden: Forbidden
Details: {'code': 403, 'message': "rule:create_security_group is disallowed by policy\nNeutron server returns request_ids: ['req-cae2c8cb-cf8f-4561-b24d-5ac563b582dd']"}
This affects the tempest-full-test-account-no-admin-py3 job.
https://577c7db1b7d82ddde14e-e0bdf3ad49ea8c697978dcccacccf379.ssl.cf2.rackcdn.com/periodic/opendev.org/openstack/tempest/master/tempest-full-test-account-no-admin-py3/831b2e8/testr_results.