In trying to move the flavor manage negative tests out of Tempest and into the Nova functional tree, I ran into one set of tests which are permissions checking. Basically that a regular user isn't allowed to do certain things.
In (nearly) all our tests we use auth_strategy=noauth which takes you to NoAuthMiddlewareBase instead of to keystone. That path makes you an admin regardless of what credentials you send in - https://github.com/openstack/nova/blob/master/nova/api/openstack/auth.py#L56-L59 What I'd like to do is to change this so that if you specify user_id='admin' then is_admin is set true, and it's not true otherwise. That has a bunch of test fall out, because up until this point most of the test users are things like 'fake', which would regress to non admin. About 25% of the api samples tests fail in such a change, so they would need to be fixed. My bigger concern is while I assume this is a test only interface, it is exposed as a config file option. Which means someone could be using it for something real somewhere. Seems kind of nuts, but it's possible. So the safe option would be to replicate this class and make a pseudoauth or something with that behavior. Or a noauth2. And we can deprecate out the old interface. I'm happy to go either way, just want opinions before diving in. -Sean -- Sean Dague http://dague.net __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
