diff options
author | Zuul <zuul@review.opendev.org> | 2021-03-02 11:38:01 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2021-03-02 11:38:01 +0000 |
commit | 5857fa802d42a49aa4cd2a0b2b0618c0845f6c65 (patch) | |
tree | 9655d83981ded392c613566ecb295aab6e7c4dbb /ironic/tests | |
parent | 178584ab993c1fdea9240b13ca1f0db5eda4b1c4 (diff) | |
parent | 20acfc26e160dc22f884bb35f9a2996cc3fb93e3 (diff) | |
download | ironic-5857fa802d42a49aa4cd2a0b2b0618c0845f6c65.tar.gz |
Merge "secure-rbac - minor follow-up for project scoped tests"
Diffstat (limited to 'ironic/tests')
-rw-r--r-- | ironic/tests/unit/api/test_rbac_project_scoped.yaml | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/ironic/tests/unit/api/test_rbac_project_scoped.yaml b/ironic/tests/unit/api/test_rbac_project_scoped.yaml index 762b141aa..b768e975a 100644 --- a/ironic/tests/unit/api/test_rbac_project_scoped.yaml +++ b/ironic/tests/unit/api/test_rbac_project_scoped.yaml @@ -19,7 +19,7 @@ # One note regarding return codes. Third party admin, should mainly get # 404 return codes as opposed to 403. Because their view is filtered, # They can't find the resources to attempt to edit. This is a huge -# distinction because we alsod on't want to leak that something exists +# distinction because we also don't want to leak that something exists # from a security point of view. If we don't return 404, and they get 403, # they can determine that something is special, something is different, # and from there try to determine *what* it is. The key in their case @@ -1782,9 +1782,6 @@ third_party_admin_cannot_get_ports_by_portgroup: assert_status: 403 skip_reason: policy not implemented -# TODO(TheJulia): Huge question hitting me... will these 404 or 403 for 3rd party admin. Likely we should return 404 if they do not have rights to the node itself. A slight delineation between the two. - - # Volume(s) - https://docs.openstack.org/api-ref/baremetal/#volume-volume # TODO(TheJulia): volumes will likely need some level of exhaustive testing. # i.e. ensure that the volume is permissible. However this may not be possible |