Add support for handling different error codes for different roles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Patrole |
Fix Released
|
Undecided
|
Cliff Parsons |
Bug Description
Patrole currently cannot handle the scenario where two possible error codes can returned by Neutron policy enforcement for a failed policy check (403 Forbidden and 404 NotFound), depending on what role is being tested. Patrole framework can only handle one expected_exception. Example below:
Roles:
admin
role1
role2
role3
Rules:
“show_action”: “role:admin or role:role1”
“update_action”: “role:admin”
In the enforcement of “update_action”, Neutron would return a 403 Forbidden for role1, but a 404 NotFound for role2 and role3 (because policy check fails on “show_action” for role2/role3). The Patrole test case would pass for roles admin and role1, but would always fail for role2 and role3 even though Neutron is producing the correct/expected result.
Changed in patrole: | |
assignee: | nobody → Cliff Parsons (cliffhparsons) |
in-progress - https:/ /review. openstack. org/#/c/ 570262/