New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 695094 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Mar 2017
Cc:
englab-sys-cros@google.com
jrbarnette@chromium.org
kevcheng@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

ACL access on chromeos2-row5-rack4-host11

Project Member Reported by strongj@google.com, Feb 22 2017 
received the following when trying to deploy a host through repair_test:

============
Failures
============
chromeos2-row5-rack4-host11    AclAccessViolation: strongj does not have access to chromeos2-row5-rack4-host11
Traceback (most recent call last):
  File "/usr/local/autotest/frontend/afe/json_rpc/serviceHandler.py", line 118, in dispatchRequest
    results['result'] = self.invokeServiceEndpoint(meth, args)
  File "/usr/local/autotest/frontend/afe/json_rpc/serviceHandler.py", line 158, in invokeServiceEndpoint
    return meth(*args)
  File "/usr/local/autotest/frontend/afe/rpc_handler.py", line 270, in new_fn
    return f(*args, **keyword_args)
  File "/usr/local/autotest/frontend/afe/rpc_interface.py", line 533, in set_host_attribute
    models.AclGroup.check_for_acl_violation_hosts(hosts)
  File "/usr/local/autotest/frontend/afe/models.py", line 942, in check_for_acl_violation_hosts
    (str(user), str(host)))
AclAccessViolation: strongj does not have access to chromeos2-row5-rack4-host11


Installation complete:  0 successes, 1 failures.
Logs will be uploaded to gs://chromeos-install-logs/2017-02-22T10:10:43.844580-08:00-terra

Comment 1 by jrbarnette@chromium.org, Feb 22 2017 

I don't know why there's an ACL on that host.  However, the ACL
checks appear to be haphazard at best.  The checks apply only
to the ability to schedule special tasks (e.g. request repair or
verify) and to the set_host_attribute() call, as in the case above.
ACLs are apparently not checked for any other purpose (e.g. to schedule
tests, as opposed to special tasks, or to add/remove labels).

I kind of expect we should just delete the ACLs altogether.  But for
now, I'll look to see if I can find the acl, and kill it...

Comment 2 by jrbarnette@chromium.org, Feb 22 2017

Status: Available (was: Untriaged)
I'm unable to find any ACL that would restrict access to
chromeos2-row5-rack4-host11.  I can't explain this failure,
and (as yet) I don't know how to stop it.

Have you seen the problem more than once?

Comment 3 by strongj@google.com, Feb 22 2017

Cc: englab-sys-cros@google.com
This is the only location that I've encountered this problem. Maybe someone else on the team may have run into this?

+englab-sys-cros

Comment 4 by strongj@google.com, Mar 1 2017

Status: WontFix (was: Available)
This seems to have resolved itself as I was successful in removing the host from AFE and adding it via deployment_test...

Closing.

Sign in to add a comment