Public bug reported: The test_admin_only_rules method of RealRolePolicyTestCase class in nova/tests/unit/test_policy.py doesn't check an 'admin_or_owner' case correctly.
---------------------------------------------------------------------------- def test_admin_only_rules(self): for rule in self.admin_only_rules: self.assertRaises(exception.PolicyNotAuthorized, policy.authorize, self.non_admin_context, rule, self.target) policy.authorize(self.admin_context, rule, self.target) ---------------------------------------------------------------------------- https://github.com/openstack/nova/blob/3d6e72689ee18a779d70405d11e09a69183cc853/nova/tests/unit/test_policy.py#L495 If an admin only rule in source code is changed to 'admin_or_owner' rule by mistake, the assertRaises statement raises a PolicyNotAuthorized exception because it is not that the context is non admin user but the owner is defferent. So the target should be set to same project of non admin context. ** Affects: nova Importance: Undecided Assignee: Takashi NATSUME (natsume-takashi) Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1611628 Title: test_admin_only_rules doesn't check an 'admin_or_owner' case correctly Status in OpenStack Compute (nova): New Bug description: The test_admin_only_rules method of RealRolePolicyTestCase class in nova/tests/unit/test_policy.py doesn't check an 'admin_or_owner' case correctly. ---------------------------------------------------------------------------- def test_admin_only_rules(self): for rule in self.admin_only_rules: self.assertRaises(exception.PolicyNotAuthorized, policy.authorize, self.non_admin_context, rule, self.target) policy.authorize(self.admin_context, rule, self.target) ---------------------------------------------------------------------------- https://github.com/openstack/nova/blob/3d6e72689ee18a779d70405d11e09a69183cc853/nova/tests/unit/test_policy.py#L495 If an admin only rule in source code is changed to 'admin_or_owner' rule by mistake, the assertRaises statement raises a PolicyNotAuthorized exception because it is not that the context is non admin user but the owner is defferent. So the target should be set to same project of non admin context. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1611628/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp