Some protection test cases have incorrect domain id setup

Bug #1533330 reported by Lance Bragstad on 2016-01-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Lance Bragstad

Bug Description

The IdentityTestv3CloudPolicySample test classes has it's own setup method, similar to other test classes. The setup method for IdentityTestv3CloudPolicySample loads in sample data that can be used throughout the tests in the module.

However, the IdentityTestv3CloudPolicySample setup method creates a domain in such a way that is incompatible with how domains are created in real world deployments. Keystone doesn't allow admins to specify domain_id on request, making it so keystone always issues uuid.hex formatted id strings for domain ids. The only domain that is the exception to this rule is the default domain id, which is specified in keystone's configuration.

The IdentityTestv3CloudPolicySample tests and setup should be refactored to not use 'admin_domain' and instead rely on actual domain ids created by keystone [0].


tags: added: low-hanging-fruit test-improvement

Fix proposed to branch: master

Changed in keystone:
assignee: nobody → Lance Bragstad (lbragstad)
status: New → In Progress
Henry Nash (henry-nash) wrote :

So the reason it is this way, is that this creates the cloud admin capability - as referenced in the v3cloudsample. This test had to be written this way otherwise we'd need to modify the policy file on the fly.

What I think should happen is that we switch to using the new admin_project/admin_domin as the cloud admin indicator...although I'm not sure the later is yet implemented

Fix proposed to branch: master

Changed in keystone:
assignee: Lance Bragstad (lbragstad) → Henry Nash (henry-nash)

Change abandoned by Lance Bragstad (<email address hidden>) on branch: master
Reason: Going to abandon this patch in favor of the one Henry proposed -

Changed in keystone:
assignee: Henry Nash (henry-nash) → Lance Bragstad (lbragstad)
Changed in keystone:
importance: Undecided → Medium
milestone: none → mitaka-2

Submitter: Jenkins
Branch: master

commit 5c0611eccd06d04697040b12f7225168efcb10ce
Author: Henry Nash <email address hidden>
Date: Tue Jan 12 23:58:52 2016 +0000

    Update v3policysample tests to use admin_project not special domain_id

    We now support the special admin_project that can be used to grant
    cloud-wide powers. The tests on the v3cloudsample had been half
    updated to use this new facility, but in fact were still using the
    old "patch a domain id in the policy file" approach. As well as
    not testing the new functionality, the current tests were causing
    problems elsewhere since they used a non-UUID domain_id.

    Closes-Bug: #1533330
    Change-Id: Ic116cf8715130f6ed6bd5380c1b31d5ef0ca154d

Changed in keystone:
status: In Progress → Fix Released

This issue was fixed in the openstack/keystone development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers