Handle Forbidden exception when creating role

Until now the code has been counting on the fact that demo user can't list roles. This has changed and the code has started faling on creating a new role because demo user doesn't have proper permissions. The patch wraps the whole logic around listing and creating roles to try except block. The patch also sets refstack-client-devstack-tempestconf as non voting, because in order to fix it this review needs to be merged first. Change-Id: Ief0916e4ec51a23c72ffd1cde529ecb33f949dec
2018-12-11 14:23:00 +00:00 · 2018-12-11 14:23:00 +00:00 · a99b846475
commit a99b846475
parent e06dd67887
2 changed files with 15 additions and 14 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -13,7 +13,8 @@
        - python-tempestconf-tempest-packstack-admin
        - python-tempestconf-tempest-packstack-demo
        - tripleo-ci-centos-7-scenario002-multinode-oooq-container
-        - refstack-client-devstack-tempestconf
+        - refstack-client-devstack-tempestconf:
+            voting: false
    gate:
      jobs:
        - python-tempestconf-tempest-devstack-admin
@ -21,7 +22,8 @@
        - python-tempestconf-tempest-packstack-admin
        - python-tempestconf-tempest-packstack-demo
        - tripleo-ci-centos-7-scenario002-multinode-oooq-container
-        - refstack-client-devstack-tempestconf
+        - refstack-client-devstack-tempestconf:
+            voting: false

 - job:
    name: python-tempestconf-devstack-base
--- a/config_tempest/services/object_storage.py
+++ b/config_tempest/services/object_storage.py
@ -40,22 +40,21 @@ class ObjectStorageService(Service):
    def list_create_roles(self, conf, client):
        try:
            roles = client.list_roles()['roles']
+            for section_key in ["operator_role", "reseller_admin_role"]:
+                key_value = conf.get_defaulted("object-storage", section_key)
+                if key_value not in [r['name'] for r in roles]:
+                    LOG.info("Creating %s role", key_value)
+                    try:
+                        client.create_role(name=key_value)
+                    except exceptions.Conflict:
+                        LOG.info("Role %s already exists", key_value)
+            conf.set('object-storage', 'operator_role', 'admin')
        except exceptions.Forbidden:
-            LOG.info("Roles can't be listed - the user needs permissions.")
+            LOG.info("Roles can't be listed or created. The user doesn't have "
+                     "permissions.")
            # If is not admin, we set the operator_role to Member
            # otherwise we set to admin
            conf.set('object-storage', 'operator_role', 'Member')
-            return
-
-        for section_key in ["operator_role", "reseller_admin_role"]:
-            key_value = conf.get_defaulted("object-storage", section_key)
-            if key_value not in [r['name'] for r in roles]:
-                LOG.info("Creating %s role", key_value)
-                try:
-                    client.create_role(name=key_value)
-                except exceptions.Conflict:
-                    LOG.info("Role %s already exists", key_value)
-        conf.set('object-storage', 'operator_role', 'admin')

    def get_feature_name(self):
        return 'object-storage'