keystone tests fail scope checking

Bug #1754438 reported by Lance Bragstad on 2018-03-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
sonu

Bug Description

Now that system scope is implemented and oslo.policy understands different scope types. One of two things will happen when a token of the wrong scope is used to access an API. Either a warning will be logged if oslo.policy's enforce_scope is False, or an exception will be raised.

This is apparent in keystone's unit tests because the warning spams the logs.

We should make some utilities that get system-scoped tokens for a user. This will be useful in tests that require system-scoped tokens to operate.

Example warning when tests are run: http://paste.openstack.org/raw/695596/

Changed in keystone:
importance: Undecided → Medium
status: New → Triaged
tags: added: policy
description: updated
tags: added: test-improvement
Lance Bragstad (lbragstad) wrote :

As of today - 782 tests fail when I set oslo_policy.enforce_scope = True in keystone's unit tests [0].

[0] http://paste.openstack.org/show/695634/

sonu (sonu-bhumca11) on 2018-04-17
Changed in keystone:
assignee: nobody → sonu (sonu-bhumca11)

Hi Sonu

Are you working on this?

Thanks

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers