as discussed on review, we should not change the fetal=false, instead we can adjust the test to verify the things. In this case, we should use the response to verify the policy enforcement not 403.
** Changed in: nova Status: In Progress => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1865117 Title: fatal=False in context.can() impact the policy-defaults-refresh to get expect tests results Status in OpenStack Compute (nova): Invalid Bug description: While we do policy-defaults-refresh feature of os-instance-actions show API [1]. We should test the authorized contexts and the unauthorized contexts, and check the PolicyNotAuthorized [2]. If we set fatal=False in context.can(), we will not get the PolicyNotAuthorized exception (e.g.[1]) [3], so we should adjust the judgment strategy when context.can() is used as a condition. [1]https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/instance_actions.py#L161 [2]https://github.com/openstack/nova/blob/master/nova/tests/unit/policies/base.py#L96-L101 [3]https://review.opendev.org/#/c/707777/2/nova/tests/unit/policies/test_instance_actions.py@131 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1865117/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp