cinder/releasenotes/notes/fix-vol-image-metadata-endpoints-returning-none-ba0590e6c6757b0c.yaml
Felipe Monteiro b5f6c2864f Fix volume image metadata endpoints returning None
This commit fixes the following volume image metadata
endpoints returning None following policy enforcement
failure:

  * ``os-set_image_metadata``
  * ``os-unset_image_metadata``

The endpoints will now correctly raise a 403 Forbidden
instead.

The kwarg `fatal=False` was dropped from
`context.authorize` for these APIs because the kwarg
is only useful when adding additional information to
the response body (if the user is authorized).

This commit:

  * makes the fix for the two endpoints above
  * adds unit tests for validating the new, correct
    behavior (as a side note, policy overriding
    in tests can be more easily accomplished via
    adoption of something like [0])

Also note that since the default policy rule
for these endpoints is "admin_or_owner" Tempest
doesn't validate this behavior by default.

[0] e599b13e49/nova/tests/unit/policy_fixture.py (L30)

Change-Id: Icc286d529609165e5f14cb506342660d7bc2ae9f
Closes-Bug: #1737609
2017-12-19 00:38:52 +00:00

11 lines
264 B
YAML

---
fixes:
- |
Fix the following volume image metadata endpoints returning None following
policy enforcement failure:
* ``os-set_image_metadata``
* ``os-unset_image_metadata``
The endpoints will now correctly raise a 403 Forbidden instead.