7b754ae390
When user is not authorized to perform operations defined in policy file, it should return a 403 error. The 500 error is incorrect. This patch do the following changes: 1. Raise a PolicyNotAuthorized 403 exception when normal user without admin privilege run command 'magnum service-list'. 2. Remove unnecessary hacking rule M301 'decorator must be the first decorator on a method'. 3. Fix failed enforcement test cases introduced by 403 PolicyNotAuthorized exception. Change-Id: Ie5a7d138cdb8b226686c189ae86f251c0a1329c8 Closes-Bug: #1520311
1.0 KiB
1.0 KiB
Magnum Style Commandments
- Step 1: Read the OpenStack Style Commandments http://docs.openstack.org/developer/hacking/
- Step 2: Read on
Magnum Specific Commandments
- [M310] timeutils.utcnow() wrapper must be used instead of direct calls to datetime.datetime.utcnow() to make it easy to override its return value.
- [M318] Change assertEqual(A, None) or assertEqual(None, A) by optimal assert like assertIsNone(A)
- [M322] Method's default argument shouldn't be mutable.
- [M323] Change assertEqual(True, A) or assertEqual(False, A) by optimal assert like assertTrue(A) or assertFalse(A)
- [M302] Change assertEqual(A is not None) by optimal assert like assertIsNotNone(A).
- [M316] Change assertTrue(isinstance(A, B)) by optimal assert like assertIsInstance(A, B).
- [M334] Change assertTrue/False(A in/not in B, message) to the more specific assertIn/NotIn(A, B, message)
- [M336] Must use a dict comprehension instead of a dict constructor with a sequence of key-value pairs.