search

red-hat-storage / ceph-qe-scripts

Various QE scripts written by QE for Ceph Testing
MIT License
10 stars 29 forks source link

[TFA]improvise delete_objects policy action verification and remove notif actions from policy verification configs #628

Closed hmaheswa closed 1 month ago

hmaheswa commented 2 months ago

this PR is to fix STS policy and bucket policy verfication failures with put_bucket_notification and delete_objects also to update sse_s3_with_bucket_policy config according to the changes in script

failures in TFA:

  1. put_bucket_notification failed on quincy, bz filed: bz-2306898 http://magna002.ceph.redhat.com/cephci-jenkins/results/openstack/RH/6.1/rhel-9/Weekly/17.2.6-239/rgw/34/tier-2_rgw_regression/test_bucket_policy_with_multiple_statements_0.log http://magna002.ceph.redhat.com/cephci-jenkins/results/openstack/IBM/6.1/rhel-9/Regression/17.2.6-239/rgw/64/tier-1-extn_rgw/STS_test_to_verify_session_policy_allow_actions_0.log

  2. create_topic failed because permission not added for it in sts role policy. check bz: bz-2293233 http://magna002.ceph.redhat.com/cephci-jenkins/results/openstack/RH/6.1/rhel-9/Weekly/17.2.6-246/rgw/35/tier-2_rgw_sts_aswi/STS_aswi_Tests_to_veify_role_policy_allow_actions_0.log http://magna002.ceph.redhat.com/cephci-jenkins/results/openstack/RH/6.1/rhel-9/Weekly/17.2.6-246/rgw/35/tier-2_rgw_sts_aswi/STS_aswi_Tests_to_veify_role_policy_deny_actions_0.log

  3. sse_s3_with_bucket_policy failed as its config is not updated according to the changes in script: http://magna002.ceph.redhat.com/cephci-jenkins/results/openstack/RH/7.1/rhel-9/Stage/18.2.1-229/13/sanity_rgw_multisite/test_sse_kms_per_bucket_with_bucket_policy_0.log http://magna002.ceph.redhat.com/cephci-jenkins/results/openstack/RH/6.1/rhel-9/Weekly/17.2.6-239/rgw/34/tier-2_sse_s3_encryption/test_sse_kms_per_bucket_with_bucket_policy_0.log

  4. deny delete_objects failed on squid because the response status is 200 and the response has AccessDenied Errors for keys. added a check for Errors as well instead of just checking status_code http://magna002.ceph.redhat.com/cephci-jenkins/results/openstack/RH/8.0/rhel-9/Weekly/19.1.0-22/rgw/4/tier-2_ssl_rgw_regression_test/STS_test_to_verify_session_policy_deny_actions_0.log

TFA ticket: https://issues.redhat.com/browse/RHCEPHQE-15568

pass logs on quincy: http://magna002.ceph.redhat.com/cephci-jenkins/hsm/TFA_sts_and_bucket_policy/quincy/

pass logs on reef: http://magna002.ceph.redhat.com/cephci-jenkins/hsm/TFA_sts_and_bucket_policy/reef/

pass logs on squid: http://magna002.ceph.redhat.com/cephci-jenkins/hsm/TFA_sts_and_bucket_policy/squid/

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: anrao19, ckulal, hmaheswa, viduship

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/red-hat-storage/ceph-qe-scripts/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment