Wednesday, 2021-06-23

« Tuesday, 2021-06-22 Index Thursday, 2021-06-24 »
*** akekane_ is now known as abhishekk05:51
opendevreviewAbhishek Kekane proposed openstack/glance-specs master: Spec Lite: Policy tests refactoring  https://review.opendev.org/c/openstack/glance-specs/+/79759307:33
*** bhagyashris_ is now known as bhagyashris08:27
dansmithredrobot: so I have a question, maybe you can consult13:22
dansmithlance left this comment while we were working on the first rbac things: https://github.com/openstack/glance/blob/master/glance/api/policy.py#L171-L18213:22
dansmithand I understand it and what we did13:23
dansmithinitially in my attempt to modernize this, I made get_images more like get_image, in that it tested project stuff as well as some image visibility things13:23
dansmithhowever, thinking about it more and then re-reading that,13:24
dansmithI'm thinking that list should just check get_image against each image instead of checking get_images against each,13:24
dansmithwhich would make get_image more of a "can you even list bro?" check, but which wouldn't really have any project checks at all (since what is the project_id of a list?)13:25
abhishekkdansmith, I put up a second spec (lite) for tests refactoring13:51
dansmithabhishekk: ack, I have it open13:52
abhishekkcool13:52
dansmithabhishekk: any comment on my question to redrobot above?13:53
abhishekklooking at the comment from lance13:54
abhishekkAs per his comment it makes sense to enforce get_image policy rather than get_images13:55
dansmiththat makes the most sense to me as well, but it's not in line with what he set get_images policy to (which might have just been to make it work at the time) and is definitely a departure from the way it has been13:56
* abhishekk need to attend one meeting13:59
abhishekkwill be back in 30 mins13:59
* abhishekk is back15:00
abhishekkI think at that time it was just a hurry to make it work15:01
dansmithabhishekk: can you tell me why this is supposed to fail with forbidden? https://github.com/openstack/glance/blob/master/glance/tests/unit/v2/test_images_resource.py#L125615:07
abhishekklooking15:07
dansmithah, is it because that image is owned by tenant3 and the request is tenant1?15:09
dansmithfrom the name I thought it had something to do with  being queued, or the hidden flag itself15:09
dansmithmaybe that test should be named "test_update_hidden_on_non_owned_image" ?15:10
abhishekkfrankly speaking not able to recollect, but the test is itself wrong 15:13
dansmithin what way?15:13
abhishekkat least it should have been named correctly, and I wasn't intended to check for forbidden15:13
dansmithokay15:14
dansmithit's failing now because that test class uses a fake enforcer that allows anything,15:15
abhishekkThe test should have checked for queued image should not be allowed to be hidden15:15
dansmithso I'm not sure why it was getting forbidden before15:15
dansmithhmm, okay I think it's allowing that though15:15
dansmithyeah, the image comes back with os_hidden=true15:17
abhishekkis it?15:18
dansmithyeah just a sec15:18
dansmithhttps://termbin.com/1nyd15:18
dansmithtesttools.matchers._impl.MismatchError: {} != 'true'15:18
dansmithwhat are you expecting there? Conflict or BadRequest ?15:19
abhishekkI need to go back and look at the spec15:20
abhishekkI do recollect that I decided to raise BadRequest for update on queued call but I guess that was rejected in the discussion15:21
dansmithOkay I don't see anywhere in If8f02ca94fdb8e1ac7a81853cd392988900172d1 that you check for and reject based on state15:21
abhishekkyeah, neither do I15:22
abhishekkmay be the test is for trying to update another users image15:25
abhishekkbecause there is no mention of restricting update call in spec as well15:25
dansmithyeah, but I think something else must have been causing it to fail before,15:26
dansmithbecause the policy being passed there is wide open and should allow anything15:26
dansmithpotentially the authorization layer that just makes everything immutable, which is now disabled15:26
dansmithyeah, I guess that's it..15:27
dansmithso the test really should be using UUID1 (which is owned by TENANT1) and making sure that we get back a BadRequest instead of forbidden yeah?15:27
dansmithalong with whatever enforcement is required for that15:30
abhishekkreally not sure, I think file a bug for this and flag that test as irrelevant at the moment15:30
dansmithmmkay15:31
dansmithhttps://bugs.launchpad.net/glance/+bug/193336015:34
abhishekkperfect, thank you15:37
* abhishekk dinner break15:56
dansmithabhishekk: I'm hoping to push up another rev of the poc set today, but I'm just going to leave that hidden test failing in it16:34
abhishekk dansmith ack16:35
abhishekkdansmith, could you skip that test with reference to bug?16:36
abhishekkjust return in the beginning with comment will be good as well16:37
dansmithI mean, I could, but probably better to just shove a patch underneath to fix/change/whatever it16:37
dansmithnot sure I'll have everything else passing anyway, so...16:37
dansmiththat's the only unit failure, but there might still be other tests that fail16:38
dansmithif I have time I'll put at least a WIP underneath this, I'm just trying to avoid too much going back and forth16:38
abhishekkack16:38
opendevreviewDan Smith proposed openstack/glance master: Refactor gateway get_repo auth layer  https://review.opendev.org/c/openstack/glance/+/78991317:07
opendevreviewDan Smith proposed openstack/glance master: Make property protection tests use member role  https://review.opendev.org/c/openstack/glance/+/78991417:07
opendevreviewDan Smith proposed openstack/glance master: WIP: Make image update check policy at API layer  https://review.opendev.org/c/openstack/glance/+/78991517:07
opendevreviewDan Smith proposed openstack/glance master: WIP: Add a member field to Image when appropriate  https://review.opendev.org/c/openstack/glance/+/79606617:07
opendevreviewDan Smith proposed openstack/glance master: WIP: Check get_image(s) in the API  https://review.opendev.org/c/openstack/glance/+/79606717:07
opendevreviewDan Smith proposed openstack/glance master: Fix broken test_update_queued_image_with_hidden  https://review.opendev.org/c/openstack/glance/+/79772117:07
opendevreviewDan Smith proposed openstack/glance master: Move lazy store update to locations layer  https://review.opendev.org/c/openstack/glance/+/79772217:07
abhishekkwill this last patch of yours conflict with the earlier bug fix?17:13
dansmiththe get_image(s) one?17:19
dansmithoh the lazy store update?17:21
dansmithyes, it'll have to be changed once that merges17:21
abhishekkyes17:22
abhishekkack17:22
* abhishekk signing out for the day17:46
opendevreviewMerged openstack/glance_store master: vmware: Use cookiejar from oslo.vmware client directly  https://review.opendev.org/c/openstack/glance_store/+/78771518:27
opendevreviewMerged openstack/glance master: Replace collections.Iterable  https://review.opendev.org/c/openstack/glance/+/77335720:39
opendevreviewMerged openstack/glance master: Remove references to sys.version_info  https://review.opendev.org/c/openstack/glance/+/79351320:41
opendevreviewMerged openstack/glance master: Changed minversion in tox to 3.18.0  https://review.opendev.org/c/openstack/glance/+/79440420:59
opendevreviewCyril Roelandt proposed openstack/python-glanceclient master: glance help <subcommand>: Clearly specify which options are mandatory  https://review.opendev.org/c/openstack/python-glanceclient/+/79777921:20
« Tuesday, 2021-06-22 Index Thursday, 2021-06-24 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!