yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1611628] [NEW] test_admin_only_rules doesn't check an 'admin_or_owner' case correctly

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Takashi NATSUME <natsume.takashi@xxxxxxxxxxxxx>
Date: Wed, 10 Aug 2016 06:42:42 -0000
Reply-to: Bug 1611628 <1611628@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The test_admin_only_rules method of RealRolePolicyTestCase class in
nova/tests/unit/test_policy.py doesn't check an 'admin_or_owner' case
correctly.

----------------------------------------------------------------------------
    def test_admin_only_rules(self):
        for rule in self.admin_only_rules:
            self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
                              self.non_admin_context, rule, self.target)
            policy.authorize(self.admin_context, rule, self.target)
----------------------------------------------------------------------------
https://github.com/openstack/nova/blob/3d6e72689ee18a779d70405d11e09a69183cc853/nova/tests/unit/test_policy.py#L495

If an admin only rule in source code is changed to 'admin_or_owner' rule by mistake,
the assertRaises statement raises a PolicyNotAuthorized exception
because it is not that the context is non admin user but the owner is defferent.
So the target should be set to same project of non admin context.

** Affects: nova
     Importance: Undecided
     Assignee: Takashi NATSUME (natsume-takashi)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1611628

Title:
  test_admin_only_rules doesn't check an 'admin_or_owner' case correctly

Status in OpenStack Compute (nova):
  New

Bug description:
  The test_admin_only_rules method of RealRolePolicyTestCase class in
  nova/tests/unit/test_policy.py doesn't check an 'admin_or_owner' case
  correctly.

  ----------------------------------------------------------------------------
      def test_admin_only_rules(self):
          for rule in self.admin_only_rules:
              self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
                                self.non_admin_context, rule, self.target)
              policy.authorize(self.admin_context, rule, self.target)
  ----------------------------------------------------------------------------
  https://github.com/openstack/nova/blob/3d6e72689ee18a779d70405d11e09a69183cc853/nova/tests/unit/test_policy.py#L495

  If an admin only rule in source code is changed to 'admin_or_owner' rule by mistake,
  the assertRaises statement raises a PolicyNotAuthorized exception
  because it is not that the context is non admin user but the owner is defferent.
  So the target should be set to same project of non admin context.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1611628/+subscriptions

Follow ups

[Bug 1611628] Re: test_admin_only_rules doesn't check an 'admin_or_owner' case correctly
From: OpenStack Infra, 2016-08-11