secure-rbac - minor follow-up for project scoped tests

Just a couple quick items needed to be fixed that were identified in review of the original change. https://review.opendev.org/c/openstack/ironic/+/772451/11/ironic/tests/unit/api/test_rbac_project_scoped.yaml Change-Id: I01701c6908aebbb2e78527087a4f8f2f7a016e1b
2021-03-01 09:03:19 -08:00 · 2021-03-01 09:03:19 -08:00 · 20acfc26e1
commit 20acfc26e1
parent df69b7d147
1 changed files with 1 additions and 4 deletions
--- a/ironic/tests/unit/api/test_rbac_project_scoped.yaml
+++ b/ironic/tests/unit/api/test_rbac_project_scoped.yaml
@ -19,7 +19,7 @@
 # One note regarding return codes. Third party admin, should mainly get
 # 404 return codes as opposed to 403. Because their view is filtered,
 # They can't find the resources to attempt to edit. This is a huge
-# distinction because we alsod on't want to leak that something exists
+# distinction because we also don't want to leak that something exists
 # from a security point of view. If we don't return 404, and they get 403,
 # they can determine that something is special, something is different,
 # and from there try to determine *what* it is. The key in their case
@ -1782,9 +1782,6 @@ third_party_admin_cannot_get_ports_by_portgroup:
  assert_status: 403
  skip_reason: policy not implemented

-# TODO(TheJulia): Huge question hitting me... will these 404 or 403 for 3rd party admin. Likely we should return 404 if they do not have rights to the node itself. A slight delineation between the two.
-
-
 # Volume(s) - https://docs.openstack.org/api-ref/baremetal/#volume-volume
 # TODO(TheJulia): volumes will likely need some level of exhaustive testing.
 # i.e. ensure that the volume is permissible. However this may not be possible