)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":30674,"name":"Lukas Piwowarski","email":"lpiwowar@redhat.com","username":"lukas-piwowarski"},"change_message_id":"ce54dbfbff1c8e53e7803716e48b4a25a7b76103","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d529871a_ad653020","updated":"2023-11-28 12:10:03.000000000","message":"The failure is still present \u003d\u003e \nhttps://40d1580bb656fd0ed240-3f272db0dacf207a646e9867f60c7e03.ssl.cf1.rackcdn.com/901532/1/check/barbican-tempest-plugin-simple-crypto-secure-rbac/f168e39/controller/logs/screen-barbican-svc.txt","commit_id":"68e0fbca0b8c28c391bf19624084a93a0b44d365"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"482554fe949b89bc60cb6c36e37a8c6f64babe4d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"a857cecc_2c26454f","updated":"2024-01-08 12:03:51.000000000","message":"Grenade failed with the following\n\nJan 08 11:45:24.430812 np0036336631 devstack@c-api.service[85985]: DEBUG barbicanclient.client [None req-329dbb76-5be4-4104-9475-ca3f9720cd61 cinder_grenade cinder_grenade] Response status 403 {{(pid\u003d85985) _check_status_code /opt/stack/old/python-barbicanclient/barbicanclient/client.py:87}}\n2935\tJan 08 11:45:24.431175 np0036336631 devstack@c-api.service[85985]: ERROR barbicanclient.client [None req-329dbb76-5be4-4104-9475-ca3f9720cd61 cinder_grenade cinder_grenade] 4xx Client error: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n2936\tJan 08 11:45:24.431956 np0036336631 devstack@c-api.service[85985]: ERROR castellan.key_manager.barbican_key_manager [None req-329dbb76-5be4-4104-9475-ca3f9720cd61 cinder_grenade cinder_grenade] Error creating key: Forbidden: Order creation attempt not allowed - please review your user/project privileges: barbicanclient.exceptions.HTTPClientError: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n2937\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils [None req-329dbb76-5be4-4104-9475-ca3f9720cd61 cinder_grenade cinder_grenade] Key manager error: castellan.common.exception.KeyManagerError: Key manager error: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n2938\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils Traceback (most recent call last):\n2939\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/usr/local/lib/python3.10/dist-packages/castellan/key_manager/barbican_key_manager.py\", line 290, in create_key\n2940\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     order_ref \u003d key_order.submit()\n2941\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/v1/orders.py\", line 33, in wrapper\n2942\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     return func(self, *args)\n2943\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/v1/orders.py\", line 234, in submit\n2944\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     response \u003d self._api.post(self._entity, json\u003dorder_dict)\n2945\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 75, in post\n2946\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     return super(_HTTPClient, self).post(path, *args, **kwargs).json()\n2947\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/usr/local/lib/python3.10/dist-packages/keystoneauth1/adapter.py\", line 401, in post\n2948\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     return self.request(url, \u0027POST\u0027, **kwargs)\n2949\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 63, in request\n2950\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     self._check_status_code(resp)\n2951\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 105, in _check_status_code\n2952\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     raise exceptions.HTTPClientError(\n2953\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils barbicanclient.exceptions.HTTPClientError: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n2954\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils \n2955\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils During handling of the above exception, another exception occurred:\n2956\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils \n2957\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils Traceback (most recent call last):\n2958\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/cinder/cinder/volume/volume_utils.py\", line 971, in create_encryption_key\n2959\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     encryption_key_id \u003d key_manager.create_key(\n2960\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils   File \"/usr/local/lib/python3.10/dist-packages/castellan/key_manager/barbican_key_manager.py\", line 297, in create_key\n2961\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils     raise exception.KeyManagerError(reason\u003de)\n2962\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils castellan.common.exception.KeyManagerError: Key manager error: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n2963\tJan 08 11:45:24.437741 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.volume_utils \n2964\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: WARNING cinder.volume.api [None req-329dbb76-5be4-4104-9475-ca3f9720cd61 cinder_grenade cinder_grenade] Task \u0027cinder.volume.flows.api.create_volume.ExtractVolumeRequestTask;volume:create\u0027 (a23ea266-722d-4d2e-8956-391861a6171c) transitioned into state \u0027FAILURE\u0027 from state \u0027RUNNING\u0027\n2965\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: 1 predecessors (most recent first):\n2966\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]:   Flow \u0027volume_create_api\u0027: cinder.exception.Invalid: Key manager error\n2967\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api Traceback (most recent call last):\n2968\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/usr/local/lib/python3.10/dist-packages/castellan/key_manager/barbican_key_manager.py\", line 290, in create_key\n2969\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     order_ref \u003d key_order.submit()\n2970\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/python-barbicanclient/barbicanclient/v1/orders.py\", line 33, in wrapper\n2971\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     return func(self, *args)\n2972\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/python-barbicanclient/barbicanclient/v1/orders.py\", line 234, in submit\n2973\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     response \u003d self._api.post(self._entity, json\u003dorder_dict)\n2974\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 75, in post\n2975\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     return super(_HTTPClient, self).post(path, *args, **kwargs).json()\n2976\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/usr/local/lib/python3.10/dist-packages/keystoneauth1/adapter.py\", line 401, in post\n2977\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     return self.request(url, \u0027POST\u0027, **kwargs)\n2978\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 63, in request\n2979\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     self._check_status_code(resp)\n2980\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 105, in _check_status_code\n2981\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     raise exceptions.HTTPClientError(\n2982\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api barbicanclient.exceptions.HTTPClientError: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n2983\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api \n2984\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api During handling of the above exception, another exception occurred:\n2985\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api \n2986\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api Traceback (most recent call last):\n2987\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/cinder/cinder/volume/volume_utils.py\", line 971, in create_encryption_key\n2988\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     encryption_key_id \u003d key_manager.create_key(\n2989\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/usr/local/lib/python3.10/dist-packages/castellan/key_manager/barbican_key_manager.py\", line 297, in create_key\n2990\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     raise exception.KeyManagerError(reason\u003de)\n2991\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api castellan.common.exception.KeyManagerError: Key manager error: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n2992\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api \n2993\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api During handling of the above exception, another exception occurred:\n2994\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api \n2995\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api Traceback (most recent call last):\n2996\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/usr/local/lib/python3.10/dist-packages/taskflow/engines/action_engine/executor.py\", line 52, in _execute_task\n2997\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     result \u003d task.execute(**arguments)\n2998\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/cinder/cinder/volume/flows/api/create_volume.py\", line 483, in execute\n2999\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     encryption_key_id \u003d self._get_encryption_key_id(\n3000\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/cinder/cinder/volume/flows/api/create_volume.py\", line 388, in _get_encryption_key_id\n3001\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     new_encryption_key_id \u003d volume_utils.create_encryption_key(\n3002\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api   File \"/opt/stack/old/cinder/cinder/volume/volume_utils.py\", line 980, in create_encryption_key\n3003\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api     raise exception.Invalid(message\u003d\"Key manager error\")\n3004\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api cinder.exception.Invalid: Key manager error\n3005\tJan 08 11:45:24.441607 np0036336631 devstack@c-api.service[85985]: ERROR cinder.volume.api","commit_id":"8fbc127bdccc1c66d62307808097d3d27a0e14a9"}],"barbican/plugin/util/multiple_backends.py":[{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"c445001e9e20321bcfdc9dad8da41cc221e717c8","unresolved":true,"context_lines":[{"line_number":127,"context_line":"    from barbican.plugin.crypto import manager as cm"},{"line_number":128,"context_line":""},{"line_number":129,"context_line":"    # Use one session in order to perform all db operations as a transaction"},{"line_number":130,"context_line":"    session \u003d db_repos.get_session()"},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"    secret_stores_repo \u003d db_repos.get_secret_stores_repository()"},{"line_number":133,"context_line":"    proj_store_repo \u003d db_repos.get_project_secret_store_repository()"}],"source_content_type":"text/x-python","patch_set":1,"id":"aee07135_30ea9043","line":130,"updated":"2023-11-28 12:27:48.000000000","message":"fwict, you\u0027re talking about a TOCTOU issue? If so, a session !\u003d a table lock so I\u0027m not sure how this would help you. To the best of my knowledge, there are two ways to handle TOCTOU issues. For creates, you simply rely on constraints to prevent duplicates and catch/log those races. For updates, you can use [`with_for_update`](https://docs.sqlalchemy.org/en/20/core/selectable.html#sqlalchemy.sql.expression.CompoundSelect.with_for_update) on the `query()` object to lock the rows. Perhaps you need both here since this method appears to handle both initial setup and updates to existing configuration?","commit_id":"68e0fbca0b8c28c391bf19624084a93a0b44d365"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"b0351024a6b44c415506191c5f35ae21110e856b","unresolved":false,"context_lines":[{"line_number":127,"context_line":"    from barbican.plugin.crypto import manager as cm"},{"line_number":128,"context_line":""},{"line_number":129,"context_line":"    # Use one session in order to perform all db operations as a transaction"},{"line_number":130,"context_line":"    session \u003d db_repos.get_session()"},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"    secret_stores_repo \u003d db_repos.get_secret_stores_repository()"},{"line_number":133,"context_line":"    proj_store_repo \u003d db_repos.get_project_secret_store_repository()"}],"source_content_type":"text/x-python","patch_set":1,"id":"e59157ea_66d18771","line":130,"in_reply_to":"aee07135_30ea9043","updated":"2024-01-08 10:52:14.000000000","message":"Thanks for the review, I added catching of the exception thrown in File \"/opt/stack/barbican/barbican/model/repositories.py\", line 425\nBefore throwing the exception, there is a rollback, so I\u0027m keeping the changes to use one session, since this should make the changes to the db more consistent.","commit_id":"68e0fbca0b8c28c391bf19624084a93a0b44d365"}]}