In some tests, we were doing an import with a full module path. This has
the side effect of importing every submodule on that path, which led to
some confusing side effects. Use 'import foo from bar' syntax instead
and clean up the damage.
Change-Id: I91a289630f31674dec1d785d67b5acda173b7d7e
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Similar to change I8ae352ff3eeb760c97d1a6fa9d7a59e881d7aea1, if
we're processing a network-vif-deleted event while an instance
is being deleted, the asynchronous interface detach could fail
because the guest is gone from the hypervisor. The existing code
for handling this case was using a stale guest object so this
change tries to refresh the guest from the hypervisor and if the
guest is gone, the Host.get_guest() method should raise an
InstanceNotFound exception which we just trap, log and return.
Change-Id: Ic4c870cc5078d3f7ac6b2f96f8904c2a47de418e
Closes-Bug: #1797966
This adds new defaults roles in os-attach-interfaces API policies.
- GET rules are made granular and default to System or project reader
- Other policies are default to system admin or project member.
Also add tests to simulates the future where we drop the deprecation
fall back in the policy by overriding the rules with a version where
there are no deprecated rule options. Operators can do the same by
adding overrides in their policy files that match the default but
stop the rule deprecation fallback from happening.
Partial implement blueprint policy-defaults-refresh
Change-Id: Ic405544560ae75ad88c10b8ff6d5048b3728cd2b
We have a custom of naming the directory after the API. Reinforce that
here.
Change-Id: I5bf68aacc1d987400a91467835c4b55f03c18beb
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The API URL is '/os-keypairs', not '/keypairs'. Attempting to use these
pagination links as-is will result in a HTTP 404 (Not Found).
Change-Id: Ic04568caecc138e6016418f6878d031c4a0d3fb4
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-bug: #1866373
According to the api-ref, the id passed to calls in os-aggregates is
supposed to be an integer. No function validated this, so any value
passed to these functions would directly reach the DB. While this is
fine for SQLite, making a query with a string for an integer column on
other databases like PostgreSQL results in a DBError exception and thus
a HTTP 500 instead of 400 or 404.
This commit adds validation for the id parameter the same way it's
already done for other endpoints.
Closes-Bug: 1865040
Change-Id: I83817f7301680801beaee375825f02eda526eda1
Current tests do not have good test coverage of existing policies.
Either tests for policies do not exist or if they exist then they
do not cover the actual negative and positive testing.
For Example, if any policy with default rule as admin only then
test should verify:
- policy check pass with context having admin role
- policy check fail with context having any other role than admin
As discussed in policy-defaults-refresh [1], to change the policies
with new default roles and scope_type, we need to have the enough
testing coverage of existing policy behavior.
When we will add the scope_type in policies or new default roles,
then these test coverage will be extended to adopt the new changes
and also make sure we do not break the existing behavior.
This commit covers the testing coverage of existing
os-volumes-attachments policies.
[1]https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/policy-defaults-refresh.html#testing
Partial implement blueprint policy-defaults-refresh
Change-Id: I6b232c65c83dfcf69b711b7d53e75658c9a44df4
Current tests do not have good test coverage of existing policies.
Either tests for policies do not exist or if they exist then they
do not cover the actual negative and positive testing.
For Example, if any policy with default rule as admin only then
test should verify:
- policy check pass with context having admin or server owner
- policy check fail with context having non-admin and not server owner
As discussed in policy-defaults-refresh [1], to change the policies
with new default roles and scope_type, we need to have the enough
testing coverage of existing policy behavior.
When we will add the scope_type in policies or new default roles,
then these test coverage will be extended to adopt the new changes
and also make sure we do not break the existing behavior.
This commit covers the testing coverage of existing create_backup policies.
Partial implement blueprint policy-defaults-refresh
[1] https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/policy-defaults-refresh.html#testing
Change-Id: Iebc79fd72415603112a15a12f06153fb7a4e7fcc
Balazs Gibizer