Cinder

  1. Bug #1737609
  2. Comment #3

Comment 3 for bug 1737609

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/527838
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=b5f6c2864f5ca829854af5c12f37a3d49ccc9d5f
Submitter: Zuul
Branch: master

commit b5f6c2864f5ca829854af5c12f37a3d49ccc9d5f
Author: Felipe Monteiro <email address hidden>
Date: Thu Dec 14 02:24:29 2017 +0000

    Fix volume image metadata endpoints returning None

    This commit fixes the following volume image metadata
    endpoints returning None following policy enforcement
    failure:

      * ``os-set_image_metadata``
      * ``os-unset_image_metadata``

    The endpoints will now correctly raise a 403 Forbidden
    instead.

    The kwarg `fatal=False` was dropped from
    `context.authorize` for these APIs because the kwarg
    is only useful when adding additional information to
    the response body (if the user is authorized).

    This commit:

      * makes the fix for the two endpoints above
      * adds unit tests for validating the new, correct
        behavior (as a side note, policy overriding
        in tests can be more easily accomplished via
        adoption of something like [0])

    Also note that since the default policy rule
    for these endpoints is "admin_or_owner" Tempest
    doesn't validate this behavior by default.

    [0] https://github.com/openstack/nova/blob/e599b13e4940fb9654f0e0c0f43077a6979eaabe/nova/tests/unit/policy_fixture.py#L30

    Change-Id: Icc286d529609165e5f14cb506342660d7bc2ae9f
    Closes-Bug: #1737609