b5f6c2864f
This commit fixes the following volume image metadata
endpoints returning None following policy enforcement
failure:
* ``os-set_image_metadata``
* ``os-unset_image_metadata``
The endpoints will now correctly raise a 403 Forbidden
instead.
The kwarg `fatal=False` was dropped from
`context.authorize` for these APIs because the kwarg
is only useful when adding additional information to
the response body (if the user is authorized).
This commit:
* makes the fix for the two endpoints above
* adds unit tests for validating the new, correct
behavior (as a side note, policy overriding
in tests can be more easily accomplished via
adoption of something like [0])
Also note that since the default policy rule
for these endpoints is "admin_or_owner" Tempest
doesn't validate this behavior by default.
[0] e599b13e49/nova/tests/unit/policy_fixture.py (L30)
Change-Id: Icc286d529609165e5f14cb506342660d7bc2ae9f
Closes-Bug: #1737609
11 lines
264 B
YAML
11 lines
264 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Fix the following volume image metadata endpoints returning None following
|
|
policy enforcement failure:
|
|
|
|
* ``os-set_image_metadata``
|
|
* ``os-unset_image_metadata``
|
|
|
|
The endpoints will now correctly raise a 403 Forbidden instead.
|