def setUp(self):
super(ServerMetadataPolicyTest, self).setUp()
self.controller = server_metadata.ServerMetadataController()
self.req = fakes.HTTPRequest.blank('')
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
self.instance = fake_instance.fake_instance_obj(
self.project_member_context,
id=1,
uuid=uuids.fake_id,
project_id=self.project_id)
self.mock_get.return_value = self.instance
# With legacy rule and no scope checks, all admin, project members
# project reader or other project role(because legacy rule allow server
# owner- having same project id and no role check) is able to create,
# update, and delete the server metadata.
self.project_member_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.project_member_context,
self.project_reader_context, self.project_foo_context
]
# and they can get their own server metadata.
self.project_reader_authorized_contexts = (
self.project_member_authorized_contexts)
def setUp(self):
super(ServerMetadataPolicyTest, self).setUp()
self.controller = server_metadata.ServerMetadataController()
self.req = fakes.HTTPRequest.blank('')
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
self.instance = fake_instance.fake_instance_obj(
self.project_member_context,
id=1,
uuid=uuids.fake_id,
project_id=self.project_id)
self.mock_get.return_value = self.instance
# Check that admin or and server owner is able to CRUD
# the server metadata.
self.admin_or_owner_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.project_member_context,
self.project_reader_context, self.project_foo_context
]
# Check that non-admin/owner is not able to CRUD
# the server metadata
self.admin_or_owner_unauthorized_contexts = [
self.system_member_context, self.system_reader_context,
self.system_foo_context, self.other_project_member_context,
self.other_project_reader_context
]
# Check that admin or and server owner is able to get
# the server metadata.
self.reader_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.system_member_context, self.system_reader_context,
self.project_admin_context, self.project_member_context,
self.project_reader_context, self.project_foo_context
]
# Check that non-admin/owner is not able to get
# the server metadata.
self.reader_unauthorized_contexts = [
self.system_foo_context, self.other_project_member_context,
self.other_project_reader_context
]
def setUp(self):
super(ServerMetaPolicyEnforcementV21, self).setUp()
self.controller = server_metadata_v21.ServerMetadataController()
self.req = fakes.HTTPRequest.blank('')
def _set_up_resources(self):
self.controller = server_metadata_v21.ServerMetadataController()
self.uuid = uuids.fake
self.url = '/fake/servers/%s/metadata' % self.uuid
def _set_up_resources(self):
self.controller = server_metadata_v21.ServerMetadataController()
self.uuid = uuids.fake
self.url = '/%s/servers/%s/metadata' % (fakes.FAKE_PROJECT_ID,
self.uuid)
