Actions
Bug #67444
closedcrypt/barbican: Cannot create secret (secrets:post is disallowed by policy)
% Done:
100%
Source:
Development
Backport:
quincy reef squid
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Tags (freeform):
barbican backport_processed
Merge Commit:
Fixed In:
v19.3.0-4331-g630f8e04c0
Released In:
v20.2.0~2205
Upkeep Timestamp:
2025-11-01T01:31:15+00:00
Description
Secret creation attempt not allowed - please review your user/project privileges: oslo_policy.policy.PolicyNotAuthorized: secrets:post is disallowed by policy
2024-08-08T17:02:58.815 INFO:tasks.barbican:Running barbican...
2024-08-08T17:02:58.815 INFO:tasks.barbican.client.0:Restarting daemon
2024-08-08T17:02:58.816 DEBUG:teuthology.orchestra.run.smithi092:> (cd /home/ubuntu/cephtest/barbican && exec bash -c 'cd /home/ubuntu/cephtest/barbican && . .barbicanenv/bin/activate && HOME=/home/ubuntu/cephtest/barbican && exec bin/barbican-api & { read; kill %1; }')
2024-08-08T17:02:58.818 INFO:tasks.barbican.client.0:Started
2024-08-08T17:02:58.818 DEBUG:teuthology.orchestra.run.smithi092:> cd /home/ubuntu/cephtest/barbican && . .barbicanenv/bin/activate && sleep 15
2024-08-08T17:02:59.889 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.892 32479 INFO barbican.model.repositories [-] Setting up database engine and session factory
2024-08-08T17:02:59.944 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.947 32479 INFO barbican.model.repositories [-] Not auto-creating barbican registry DB
2024-08-08T17:02:59.944 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.948 32479 INFO barbican.api.app [-] Barbican app created and initialized
2024-08-08T17:02:59.946 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.950 32479 WARNING keystonemiddleware._common.config [-] The option "auth_url" is not known to keystonemiddleware
2024-08-08T17:02:59.946 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.950 32479 WARNING keystonemiddleware._common.config [-] The option "username" is not known to keystonemiddleware
2024-08-08T17:02:59.947 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.950 32479 WARNING keystonemiddleware._common.config [-] The option "user_domain_name" is not known to keystonemiddleware
2024-08-08T17:02:59.947 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.950 32479 WARNING keystonemiddleware._common.config [-] The option "password" is not known to keystonemiddleware
2024-08-08T17:02:59.947 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:02:59.950 32479 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
2024-08-08T17:03:13.825 INFO:tasks.barbican:barbican_url=http://smithi092.front.sepia.ceph.com:9311
2024-08-08T17:03:14.212 INFO:tasks.keystone.client.0.smithi092.stderr:172.21.0.51 - - [08/Aug/2024 17:03:14] "POST /v3/auth/tokens HTTP/1.1" 201 1329
2024-08-08T17:03:14.530 INFO:tasks.keystone.client.0.smithi092.stderr:172.21.0.51 - - [08/Aug/2024 17:03:14] "POST /v3/auth/tokens HTTP/1.1" 201 1256
2024-08-08T17:03:14.533 INFO:tasks.barbican.client.0.smithi092.stdout:serving on 0.0.0.0:9311 view at http://127.0.0.1:9311
2024-08-08T17:03:14.533 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:03:14.537 32479 WARNING keystonemiddleware.auth_token [-] Using the in-process token cache is deprecated as of the 4.2.0 release and may be removed in the 5.0.0 release or the 'O' development cycle. The in-process cache causes inconsistent results and high memory usage. When the feature is removed the auth_token middleware will not cache tokens by default which may result in performance issues. It is recommended to use memcache for the auth_token token cache by setting the memcached_servers option.
2024-08-08T17:03:14.537 INFO:tasks.keystone.client.0.smithi092.stderr:172.21.15.92 - - [08/Aug/2024 17:03:14] "GET /v3 HTTP/1.1" 200 270
2024-08-08T17:03:14.839 INFO:tasks.keystone.client.0.smithi092.stderr:172.21.15.92 - - [08/Aug/2024 17:03:14] "POST /v3/auth/tokens HTTP/1.1" 201 1390
2024-08-08T17:03:14.940 INFO:tasks.keystone.client.0.smithi092.stderr:172.21.15.92 - - [08/Aug/2024 17:03:14] "GET /v3/auth/tokens HTTP/1.1" 200 1256
2024-08-08T17:03:14.942 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:03:14.946 32479 INFO barbican.api.middleware.context [-] Begin processing request req-77bfced0-e2ab-498a-8e78-9a77a627da11
2024-08-08T17:03:14.964 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:03:14.968 32479 ERROR barbican.api.controllers [None req-bf09c869-09a1-414b-b6d0-f3facdbe4bc9 3d94525ca2104154b6e323659f7fe799 5d4c705643674e6a853fed8213e3fce9 - - default default] Secret creation attempt not allowed - please review your user/project privileges: oslo_policy.policy.PolicyNotAuthorized: secrets:post is disallowed by policy
2024-08-08T17:03:14.965 INFO:tasks.barbican.client.0.smithi092.stdout:2024-08-08 17:03:14.969 32479 INFO barbican.api.middleware.context [None req-bf09c869-09a1-414b-b6d0-f3facdbe4bc9 3d94525ca2104154b6e323659f7fe799 5d4c705643674e6a853fed8213e3fce9 - - default default] Processed request: 403 Forbidden - POST http://smithi092.front.sepia.ceph.com:9311/v1/secrets
2024-08-08T17:03:14.966 ERROR:teuthology.contextutil:Saw exception from nested tasks
Traceback (most recent call last):
File "/home/teuthworker/src/git.ceph.com_teuthology_b5e1bfde2b4411fce0aaa1818b3782952c563c60/teuthology/contextutil.py", line 30, in nested
vars.append(enter())
File "/usr/lib/python3.10/contextlib.py", line 135, in __enter__
return next(self.gen)
File "/home/teuthworker/src/git.ceph.com_ceph-c_2fc80b54ed6f827da7fabeaa28dafc822a5384aa/qa/tasks/barbican.py", line 371, in create_secrets
raise Exception("Cannot create secret")
Exception: Cannot create secret
Updated by Casey Bodley over 1 year ago
- Status changed from New to In Progress
- Pull request ID set to 59241
Updated by Casey Bodley over 1 year ago
- Status changed from In Progress to Pending Backport
- Assignee set to Casey Bodley
Updated by Upkeep Bot over 1 year ago
- Copied to Backport #67618: quincy: crypt/barbican: Cannot create secret (secrets:post is disallowed by policy) added
Updated by Upkeep Bot over 1 year ago
- Copied to Backport #67619: reef: crypt/barbican: Cannot create secret (secrets:post is disallowed by policy) added
Updated by Upkeep Bot over 1 year ago
- Copied to Backport #67620: squid: crypt/barbican: Cannot create secret (secrets:post is disallowed by policy) added
Updated by Upkeep Bot over 1 year ago
- Tags (freeform) changed from barbican to barbican backport_processed
Updated by Konstantin Shalygin about 1 year ago
- Status changed from Pending Backport to Resolved
- Target version set to v20.0.0
- % Done changed from 0 to 100
- Source set to Development
Updated by Upkeep Bot 8 months ago
- Merge Commit set to 630f8e04c093d97a36c4a10b683ebccd46fccbce
- Fixed In set to v19.3.0-4331-g630f8e04c09
- Upkeep Timestamp set to 2025-07-10T16:11:03+00:00
Updated by Upkeep Bot 8 months ago
- Fixed In changed from v19.3.0-4331-g630f8e04c09 to v19.3.0-4331-g630f8e04c0
- Upkeep Timestamp changed from 2025-07-10T16:11:03+00:00 to 2025-07-14T20:11:35+00:00
Updated by Upkeep Bot 5 months ago
- Released In set to v20.2.0~2205
- Upkeep Timestamp changed from 2025-07-14T20:11:35+00:00 to 2025-11-01T01:31:15+00:00
Actions