Hi,
In the tempest.api.volume.admin.test_volume_types_negative.VolumeTypesNegativeTest.test_create_volume_with_private_volume_type test, a volume type is created with private status and when I create a volume using this volume_type, the volume should not be created. When I listed the created users, I see 2 users. Even if the created volume_type is private, volume can be created using this volume_type because the user has the admin role. I debugged it and the test passes if we delete the user's admin role before the volume is created.
If only the member role is given for the created "tempest-VolumeTypesNegativeTest-1264850110-project-member" user, no error will be received.
$ openstack user list | grep -i tempest |
| f4c7f9dd4b6f437db7a559c3c0111e95 | tempest-VolumeTypesNegativeTest-1264850110-project-member |
| 26648582926d47e0b92d2cde0041524a | tempest-VolumeTypesNegativeTest-662821279-project-admin |
$ openstack role assignment list --name --user tempest-VolumeTypesNegativeTest-1264850110-project-member --user-domain Default
+--------+-------------------------------------------------------------------+-------+----------------------------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+--------+-------------------------------------------------------------------+-------+----------------------------------------------------+--------+--------+-----------+
| member | tempest-VolumeTypesNegativeTest-1264850110-project-member@Default | | tempest-VolumeTypesNegativeTest-1264850110@Default | | | False |
| admin | tempest-VolumeTypesNegativeTest-1264850110-project-member@Default | | tempest-VolumeTypesNegativeTest-1264850110@Default | | | False |
+--------+-------------------------------------------------------------------+-------+----------------------------------------------------+--------+--------+-----------+
$ openstack role remove --user tempest-VolumeTypesNegativeTest-1264850110-project-member --project tempest-VolumeTypesNegativeTest-1264850110 --project-domain Default admin
Code:
/opt/venv/tempest/lib/python3.8/site-packages/tempest/api/volume/admin/test_volume_types_negative.py
Line:54
'''
@decorators.attr(type=['negative'])
@decorators.idempotent_id('8c09f849-f225-4d78-ba87-bffd9a5e0c6f')
def test_create_volume_with_private_volume_type(self):
"""Test creating volume with private volume type will fail"""
params = {'os-volume-type-access:is_public': False}
import pdb; pdb.set_trace()
volume_type = self.create_volume_type(**params)
pdb.set_trace()
self.assertRaises(lib_exc.NotFound,
self.create_volume, volume_type=volume_type['id'])
'''
Best regards,