The endpoints will now correctly raise a 403 Forbidden
instead.
The kwarg `fatal=False` was dropped from
`context.authorize` for these APIs because the kwarg
is only useful when adding additional information to
the response body (if the user is authorized).
This commit:
* makes the fix for the two endpoints above
* adds unit tests for validating the new, correct
behavior (as a side note, policy overriding
in tests can be more easily accomplished via
adoption of something like [0])
Also note that since the default policy rule
for these endpoints is "admin_or_owner" Tempest
doesn't validate this behavior by default.
Reviewed: https:/ /review. openstack. org/527838 /git.openstack. org/cgit/ openstack/ cinder/ commit/ ?id=b5f6c2864f5 ca829854af5c12f 37a3d49ccc9d5f
Committed: https:/
Submitter: Zuul
Branch: master
commit b5f6c2864f5ca82 9854af5c12f37a3 d49ccc9d5f
Author: Felipe Monteiro <email address hidden>
Date: Thu Dec 14 02:24:29 2017 +0000
Fix volume image metadata endpoints returning None
This commit fixes the following volume image metadata
endpoints returning None following policy enforcement
failure:
* ``os-set_ image_metadata` ` image_metadata` `
* ``os-unset_
The endpoints will now correctly raise a 403 Forbidden
instead.
The kwarg `fatal=False` was dropped from authorize` for these APIs because the kwarg
`context.
is only useful when adding additional information to
the response body (if the user is authorized).
This commit:
* makes the fix for the two endpoints above
* adds unit tests for validating the new, correct
behavior (as a side note, policy overriding
in tests can be more easily accomplished via
adoption of something like [0])
Also note that since the default policy rule
for these endpoints is "admin_or_owner" Tempest
doesn't validate this behavior by default.
[0] https:/ /github. com/openstack/ nova/blob/ e599b13e4940fb9 654f0e0c0f43077 a6979eaabe/ nova/tests/ unit/policy_ fixture. py#L30
Change-Id: Icc286d52960916 5e5f14cb5063426 60d7bc2ae9f
Closes-Bug: #1737609