as discussed on review, we should not change the fetal=false, instead we
can adjust the test to verify the things. In this case, we should use
the response to verify the policy enforcement not 403.
** Changed in: nova
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1865117
Title:
fatal=False in context.can() impact the policy-defaults-refresh to get
expect tests results
Status in OpenStack Compute (nova):
Invalid
Bug description:
While we do policy-defaults-refresh feature of os-instance-actions show API
[1].
We should test the authorized contexts and the unauthorized contexts, and
check the PolicyNotAuthorized [2].
If we set fatal=False in context.can(), we will not get the
PolicyNotAuthorized exception (e.g.[1]) [3], so we should adjust the judgment
strategy when context.can() is used as a condition.
[1]https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/instance_actions.py#L161
[2]https://github.com/openstack/nova/blob/master/nova/tests/unit/policies/base.py#L96-L101
[3]https://review.opendev.org/#/c/707777/2/nova/tests/unit/policies/test_instance_actions.py@131
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1865117/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
