api unittest failed with policy config in '/etc/nova/policy.d'

Bug #1435327 reported by Alex Xu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Low
Alex Xu

Bug Description

After v2.1 policy separated into policy.d. The unittest will failed. Because fake policy fixture will load policy config from real '/etc/nova/policy.d' which override the fake policy rules.

{7} nova.tests.unit.api.openstack.compute.contrib.test_cells.CellsTestV21.test_detail [0.020009s] ... FAILED

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "nova/tests/unit/api/openstack/compute/contrib/test_cells.py", line 119, in test_detail
        res_dict = self.controller.detail(req)
      File "nova/api/openstack/extensions.py", line 478, in wrapped
        return f(*args, **kwargs)
      File "nova/api/openstack/common.py", line 551, in inner
        return function(*args, **kwargs)
      File "nova/api/openstack/compute/plugins/v3/cells.py", line 121, in detail
        authorize(ctxt)
      File "nova/api/openstack/extensions.py", line 347, in authorize
        nova.policy.enforce(context, act, target)
      File "nova/policy.py", line 104, in enforce
        {'action': action, 'credentials': credentials})
      File "/opt/stack/nova/.tox/py27/local/lib/python2.7/site-packages/oslo_utils/excutils.py", line 85, in __exit__
        six.reraise(self.type_, self.value, self.tb)
      File "nova/policy.py", line 98, in enforce
        do_raise=do_raise, exc=exc, action=action)
      File "nova/openstack/common/policy.py", line 363, in enforce
        raise exc(*args, **kwargs)
    nova.exception.PolicyNotAuthorized: Policy doesn't allow os_compute_api:os-cells to be performed.

{5} nova.tests.unit.api.openstack.compute.contrib.test_aggregates.AggregateTestCaseV21.test_remove_host_no_admin [0.027056s] ... ok
{7} nova.tests.unit.api.openstack.compute.contrib.test_cells.CellsTestV21.test_index [0.018851s] ... FAILED

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):
      File "nova/tests/unit/api/openstack/compute/contrib/test_cells.py", line 109, in test_index
        res_dict = self.controller.index(req)
      File "nova/api/openstack/extensions.py", line 478, in wrapped
        return f(*args, **kwargs)
      File "nova/api/openstack/common.py", line 551, in inner
        return function(*args, **kwargs)
      File "nova/api/openstack/compute/plugins/v3/cells.py", line 113, in index
        authorize(ctxt)
      File "nova/api/openstack/extensions.py", line 347, in authorize
        nova.policy.enforce(context, act, target)
      File "nova/policy.py", line 104, in enforce
        {'action': action, 'credentials': credentials})
      File "/opt/stack/nova/.tox/py27/local/lib/python2.7/site-packages/oslo_utils/excutils.py", line 85, in __exit__
        six.reraise(self.type_, self.value, self.tb)
      File "nova/policy.py", line 98, in enforce
        do_raise=do_raise, exc=exc, action=action)
      File "nova/openstack/common/policy.py", line 363, in enforce
        raise exc(*args, **kwargs)
    nova.exception.PolicyNotAuthorized: Policy doesn't allow os_compute_api:os-cells to be performed.

Alex Xu (xuhj)
Changed in nova:
assignee: nobody → Alex Xu (xuhj)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/166811

Changed in nova:
status: New → In Progress
Changed in nova:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/166811
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=e77be6c6da0720f8c28b983746579188245c58d0
Submitter: Jenkins
Branch: master

commit e77be6c6da0720f8c28b983746579188245c58d0
Author: He Jie Xu <email address hidden>
Date: Mon Mar 23 21:24:06 2015 +0800

    Avoid load real policy from policy.d when using fake policy fixture

    The v2.1 API policy rules separated into a file in policy.d. But the
    fake policy fixture didn't override the default policy_dirs config,
    that leads to fake policy fixture will load real policy config from
    "/etc/nova/policy.d" and unittest will failed.

    This patch override default policy_dirs value to empty list.

    Change-Id: I7d8958dc2f0bb927b98b2bb86c99e855db6c5e2e
    Closes-Bug: #1435327

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → kilo-rc1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: kilo-rc1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.