On 02/26/2015 04:27 AM, Sean Dague wrote:
In trying to move the flavor manage negative tests out of Tempest and
into the Nova functional tree, I ran into one set of tests which are
permissions checking. Basically that a regular user isn't allowed to do
certain things.
In (nearly) all our tests we use auth_strategy=noauth which takes you to
NoAuthMiddlewareBase instead of to keystone. That path makes you an
admin regardless of what credentials you send in -
https://github.com/openstack/nova/blob/master/nova/api/openstack/auth.py#L56-L59
What I'd like to do is to change this so that if you specify
user_id='admin' then is_admin is set true, and it's not true otherwise.
That has a bunch of test fall out, because up until this point most of
the test users are things like 'fake', which would regress to non admin.
About 25% of the api samples tests fail in such a change, so they would
need to be fixed.
Taking a step back... what exactly is the purpose of the API samples
"functional tests"? If the purpose of these tests has anything to do
with validating some policy thing, then I suppose it's worth changing
the auth middleware to support non-adminness. But, I don't think the API
samples test purpose has anything to do with that (I think the purpose
of the API samples tests is fuzzy, at best, actually). So, I'd just
leave them as-is and not change anything at all.
Best,
-jay
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
