| commit | 18120de2820617e233e6d283f71ac40c8620bd5d | [log] [tgz] |
|---|---|---|
| author | Felipe Monteiro <felipe.monteiro@att.com> | Fri Mar 17 02:03:22 2017 +0000 |
| committer | Felipe Monteiro <felipe.monteiro@att.com> | Fri Mar 17 02:03:22 2017 +0000 |
| tree | a5cc051bb8a694b27b1bec1f2517649efcaa234a | |
| parent | e83a257b06a79ff3fc8f8d857f3a7e24728ca118 [diff] |
Fixes instance actions compute rbac test failing for Member role. Currently, test_get_instance_action is failing with an over permission error with Member role [0]. Even though the policy action os-instance-actions:events has rule admin_api (is_admin:True) [1], Nova still allows the API call (servers_client.show_instance_actions) to be performed. This can be seen in the nova controller code [2]: InstanceActionsController.show enforces os_compute_api:os-instance-actions (which allows Member to get some instance action info), then tries to do os_compute_api:os-instance-actions:events, but fails, which is not a fatal error; instead, the response body is not populated with "events" info. This patch adds a check for "events" in the response body to the test: if "events" is not found, then an RbacActionFailed exception is raised. [0] http://logs.openstack.org/99/446799/1/check/gate-tempest-dsvm-patrole-member-ubuntu-xenial-nv/6072e55/console.html [1] https://github.com/openstack/nova/blob/master/nova/policies/instance_actions.py [2] https://github.com/openstack/nova/blob/4f91ed3a547965ed96a22520edcfb783e7936e95/nova/api/openstack/compute/instance_actions.py Change-Id: Iecae5aafaa51eb28f06d34556027be8b0bb46708 Partial-Bug: #1670553