User Role Issue for VolumeTypesNegativeTest.test_create_volume_with_private_volume_type Test

Bug #2048195 reported by Ayhan ilhan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cinder-tempest-plugin
New
Undecided
Unassigned

Bug Description

Hi,

In the tempest.api.volume.admin.test_volume_types_negative.VolumeTypesNegativeTest.test_create_volume_with_private_volume_type test, a volume type is created with private status and when I create a volume using this volume_type, the volume should not be created. When I listed the created users, I see 2 users. Even if the created volume_type is private, volume can be created using this volume_type because the user has the admin role. I debugged it and the test passes if we delete the user's admin role before the volume is created.

If only the member role is given for the created "tempest-VolumeTypesNegativeTest-1264850110-project-member" user, no error will be received.

$ openstack user list | grep -i tempest |
| f4c7f9dd4b6f437db7a559c3c0111e95 | tempest-VolumeTypesNegativeTest-1264850110-project-member |
| 26648582926d47e0b92d2cde0041524a | tempest-VolumeTypesNegativeTest-662821279-project-admin |

$ openstack role assignment list --name --user tempest-VolumeTypesNegativeTest-1264850110-project-member --user-domain Default
+--------+-------------------------------------------------------------------+-------+----------------------------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+--------+-------------------------------------------------------------------+-------+----------------------------------------------------+--------+--------+-----------+
| member | tempest-VolumeTypesNegativeTest-1264850110-project-member@Default | | tempest-VolumeTypesNegativeTest-1264850110@Default | | | False |
| admin | tempest-VolumeTypesNegativeTest-1264850110-project-member@Default | | tempest-VolumeTypesNegativeTest-1264850110@Default | | | False |
+--------+-------------------------------------------------------------------+-------+----------------------------------------------------+--------+--------+-----------+

$ openstack role remove --user tempest-VolumeTypesNegativeTest-1264850110-project-member --project tempest-VolumeTypesNegativeTest-1264850110 --project-domain Default admin

Code:
/opt/venv/tempest/lib/python3.8/site-packages/tempest/api/volume/admin/test_volume_types_negative.py
Line:54
'''
    @decorators.attr(type=['negative'])
    @decorators.idempotent_id('8c09f849-f225-4d78-ba87-bffd9a5e0c6f')
    def test_create_volume_with_private_volume_type(self):
        """Test creating volume with private volume type will fail"""
        params = {'os-volume-type-access:is_public': False}
        import pdb; pdb.set_trace()
        volume_type = self.create_volume_type(**params)
        pdb.set_trace()
        self.assertRaises(lib_exc.NotFound,
                          self.create_volume, volume_type=volume_type['id'])
'''

Best regards,

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.