)]}'
{".zuul.yaml":[{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"2d82a3c32398a95858c5a9a5e8fbc2f6041e0317","unresolved":true,"context_lines":[{"line_number":95,"context_line":"      tempest_test_regex: \u0027\\[.*\\bsmoke\\b.*\\]|^(barbican_tempest_plugin.tests)\u0027"},{"line_number":96,"context_line":"      tox_envlist: all"},{"line_number":97,"context_line":"      devstack_localrc:"},{"line_number":98,"context_line":"        ENFORCE_SCOPE: True"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"- job:"},{"line_number":101,"context_line":"    name: octavia-v2-dsvm-tls-barbican-secure-rbac"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"dfd3512b_1f32a3ad","line":98,"updated":"2025-05-08 01:44:12.000000000","message":"Hm, this did not work to make Barbican configured with enforce_new_defaults \u003d True... Not sure what I\u0027m doing wrong. I wonder if this has to do with the fact that this grenade job is only single node? 🤔","commit_id":"e60b709a261da39309135150798b6e6ebc91ff17"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"193cba8931b4ecf705e4a6eff362a55cc9ddeda5","unresolved":false,"context_lines":[{"line_number":95,"context_line":"      tempest_test_regex: \u0027\\[.*\\bsmoke\\b.*\\]|^(barbican_tempest_plugin.tests)\u0027"},{"line_number":96,"context_line":"      tox_envlist: all"},{"line_number":97,"context_line":"      devstack_localrc:"},{"line_number":98,"context_line":"        ENFORCE_SCOPE: True"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"- job:"},{"line_number":101,"context_line":"    name: octavia-v2-dsvm-tls-barbican-secure-rbac"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"9eddcb09_e9fd8ce1","line":98,"in_reply_to":"dfd3512b_1f32a3ad","updated":"2025-05-08 22:37:48.000000000","message":"Turns out with grenade the devstack variables need to go in a special section `grenade_devstack_localrc`.","commit_id":"e60b709a261da39309135150798b6e6ebc91ff17"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"193cba8931b4ecf705e4a6eff362a55cc9ddeda5","unresolved":true,"context_lines":[{"line_number":96,"context_line":"      tox_envlist: all"},{"line_number":97,"context_line":"      grenade_devstack_localrc:"},{"line_number":98,"context_line":"        shared:"},{"line_number":99,"context_line":"          ENFORCE_SCOPE: True"},{"line_number":100,"context_line":"      devstack_local_conf:"},{"line_number":101,"context_line":"        post-config:"},{"line_number":102,"context_line":"          $BARBICAN_CONF:"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"dde4299e_2c02ef63","line":99,"updated":"2025-05-08 22:37:48.000000000","message":"This avoids the need for the Cinder service user to have the `creator` role to create secrets for encrypted volumes.","commit_id":"f57756bbb46d69ea66f2169ca94f7439793a3890"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"193cba8931b4ecf705e4a6eff362a55cc9ddeda5","unresolved":true,"context_lines":[{"line_number":101,"context_line":"        post-config:"},{"line_number":102,"context_line":"          $BARBICAN_CONF:"},{"line_number":103,"context_line":"            simple_crypto_plugin:"},{"line_number":104,"context_line":"              kek: dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg\u003d"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"- job:"},{"line_number":107,"context_line":"    name: octavia-v2-dsvm-tls-barbican-secure-rbac"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"2dc419d9_9f2010db","line":104,"updated":"2025-05-08 22:37:48.000000000","message":"This is needed because the new side of the upgrade doesn\u0027t have a default set for the config option in the code, so we need to set it ourselves. The devstack plugin code does set this but apparently during a grenade run it will not re-run devstack with the master branch for the new side (or something like that).","commit_id":"f57756bbb46d69ea66f2169ca94f7439793a3890"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"61965bc70cf0cafc4c26f8f52b0713fb88b97891","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"2f3a36e6_dea0f705","updated":"2025-05-08 00:08:20.000000000","message":"Something is still wrong:\n\n```\n2025-05-07 23:50:57.163 | ++ /opt/stack/new/grenade/projects/70_cinder/resources.sh:create:171 :   openstack volume create --size 1 cinder_grenade_vol3 --type cinder_grenade_encrypted_type -f shell\n2025-05-07 23:50:59.060 | Key manager error (HTTP 400) (Request-ID: req-fb403d55-0d3d-4d80-a614-7bdddba1acea)\n```","commit_id":"ab7b78174bbc92cf5cb99b327e9cd1193e27b794"},{"author":{"_account_id":4690,"name":"melanie witt","display_name":"melwitt","email":"melwittt@gmail.com","username":"melwitt"},"change_message_id":"6264e66fd251f46914d2b328a10da4e429203986","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"ee8b844d_c42c359a","in_reply_to":"2f3a36e6_dea0f705","updated":"2025-05-08 00:12:19.000000000","message":"Ah OK, it\u0027s just that in the test environment the `/orders` API is denying permission to Cinder:\n\n```\nMay 07 23:50:59.036068 np0040682286 devstack@c-api.service[86368]: ERROR barbicanclient.client [None req-fb403d55-0d3d-4d80-a614-7bdddba1acea cinder_grenade cinder_grenade] 4xx Client error: Forbidden: Order creation attempt not allowed - please review your user/project privileges\nMay 07 23:50:59.036809 np0040682286 devstack@c-api.service[86368]: ERROR castellan.key_manager.barbican_key_manager [None req-fb403d55-0d3d-4d80-a614-7bdddba1acea cinder_grenade cinder_grenade] Error creating key: Forbidden: Order creation attempt not allowed - please review your user/project privileges: barbicanclient.exceptions.HTTPClientError: Forbidden: Order creation attempt not allowed - please review your user/project privileges\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils [None req-fb403d55-0d3d-4d80-a614-7bdddba1acea cinder_grenade cinder_grenade] Key manager error: castellan.common.exception.KeyManagerError: Key manager error: Forbidden: Order creation attempt not allowed - please review your user/project privileges\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils Traceback (most recent call last):\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/data/venv/lib/python3.10/site-packages/castellan/key_manager/barbican_key_manager.py\", line 287, in create_key\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     order_ref \u003d key_order.submit()\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/v1/orders.py\", line 33, in wrapper\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     return func(self, *args)\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/v1/orders.py\", line 208, in submit\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     response \u003d self._api.post(self._entity, json\u003dorder_dict)\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 75, in post\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     return super(_HTTPClient, self).post(path, *args, **kwargs).json()\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/data/venv/lib/python3.10/site-packages/keystoneauth1/adapter.py\", line 613, in post\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     return self.request(url, \u0027POST\u0027, **kwargs)\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 63, in request\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     self._check_status_code(resp)\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/python-barbicanclient/barbicanclient/client.py\", line 105, in _check_status_code\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     raise exceptions.HTTPClientError(\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils barbicanclient.exceptions.HTTPClientError: Forbidden: Order creation attempt not allowed - please review your user/project privileges\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils \nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils During handling of the above exception, another exception occurred:\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils \nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils Traceback (most recent call last):\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/old/cinder/cinder/volume/volume_utils.py\", line 968, in create_encryption_key\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     encryption_key_id \u003d key_manager.create_key(\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils   File \"/opt/stack/data/venv/lib/python3.10/site-packages/castellan/key_manager/barbican_key_manager.py\", line 294, in create_key\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils     raise exception.KeyManagerError(reason\u003de)\nMay 07 23:50:59.042555 np0040682286 devstack@c-api.service[86368]: ERROR cinder.volume.volume_utils castellan.common.exception.KeyManagerError: Key manager error: Forbidden: Order creation attempt not allowed - please review your user/project privileges\n```\n\nSo it\u0027s just a policy config issue, I think.","commit_id":"ab7b78174bbc92cf5cb99b327e9cd1193e27b794"}]}