[Yahoo-eng-team] [Bug 1611628] [NEW] test_admin_only_rules doesn't check an 'admin_or_owner' case correctly

Tue, 09 Aug 2016 23:51:07 -0700 

Public bug reported:

The test_admin_only_rules method of RealRolePolicyTestCase class in
nova/tests/unit/test_policy.py doesn't check an 'admin_or_owner' case
correctly.

----------------------------------------------------------------------------
    def test_admin_only_rules(self):
        for rule in self.admin_only_rules:
            self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
                              self.non_admin_context, rule, self.target)
            policy.authorize(self.admin_context, rule, self.target)
----------------------------------------------------------------------------
https://github.com/openstack/nova/blob/3d6e72689ee18a779d70405d11e09a69183cc853/nova/tests/unit/test_policy.py#L495

If an admin only rule in source code is changed to 'admin_or_owner' rule by 
mistake,
the assertRaises statement raises a PolicyNotAuthorized exception
because it is not that the context is non admin user but the owner is defferent.
So the target should be set to same project of non admin context.

** Affects: nova
     Importance: Undecided
     Assignee: Takashi NATSUME (natsume-takashi)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1611628

Title:
  test_admin_only_rules doesn't check an 'admin_or_owner' case correctly

Status in OpenStack Compute (nova):
  New

Bug description:
  The test_admin_only_rules method of RealRolePolicyTestCase class in
  nova/tests/unit/test_policy.py doesn't check an 'admin_or_owner' case
  correctly.

  ----------------------------------------------------------------------------
      def test_admin_only_rules(self):
          for rule in self.admin_only_rules:
              self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
                                self.non_admin_context, rule, self.target)
              policy.authorize(self.admin_context, rule, self.target)
  ----------------------------------------------------------------------------
  
https://github.com/openstack/nova/blob/3d6e72689ee18a779d70405d11e09a69183cc853/nova/tests/unit/test_policy.py#L495

  If an admin only rule in source code is changed to 'admin_or_owner' rule by 
mistake,
  the assertRaises statement raises a PolicyNotAuthorized exception
  because it is not that the context is non admin user but the owner is 
defferent.
  So the target should be set to same project of non admin context.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1611628/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to