yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1754438] [NEW] keystone tests fail scope checking

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lance Bragstad <lbragstad@xxxxxxxxx>
Date: Thu, 08 Mar 2018 18:41:57 -0000
Reply-to: Bug 1754438 <1754438@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Now that system scope is implemented and oslo.policy understands
different scope types. One of two things will happen when a token of the
wrong scope is used to access an API. Either a warning will be logged if
oslo.policy's enforce_scope is False, or an exception will be raised.

This is apparent in keystone's unit tests because the warning spams the
logs.

We should make some utilities that get system-scoped tokens for a user.
This will be useful in tests that require system-scoped tokens to
operate.

Example warning when tests are run:
http://paste.openstack.org/raw/695596/

** Affects: keystone
     Importance: Medium
         Status: Triaged


** Tags: policy test-improvement

** Changed in: keystone
   Importance: Undecided => Medium

** Changed in: keystone
       Status: New => Triaged

** Tags added: policy

** Description changed:

  Now that system scope is implemented and oslo.policy understands
  different scope types. One of two things will happen when a token of the
  wrong scope is used to access an API. Either a warning will be logged if
  oslo.policy's enforce_scope is False, or an exception will be raised.
  
  This is apparent in keystone's unit tests because the warning spams the
  logs.
  
  We should make some utilities that get system-scoped tokens for a user.
  This will be useful in tests that require system-scoped tokens to
  operate.
+ 
+ Example warning when tests are run:
+ http://paste.openstack.org/raw/695596/

** Tags added: test-improvement

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1754438

Title:
  keystone tests fail scope checking

Status in OpenStack Identity (keystone):
  Triaged

Bug description:
  Now that system scope is implemented and oslo.policy understands
  different scope types. One of two things will happen when a token of
  the wrong scope is used to access an API. Either a warning will be
  logged if oslo.policy's enforce_scope is False, or an exception will
  be raised.

  This is apparent in keystone's unit tests because the warning spams
  the logs.

  We should make some utilities that get system-scoped tokens for a
  user. This will be useful in tests that require system-scoped tokens
  to operate.

  Example warning when tests are run:
  http://paste.openstack.org/raw/695596/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1754438/+subscriptions