def setUp(self):
super(VolumeAttachPolicyTest, self).setUp()
self.controller = volumes_v21.VolumeAttachmentController()
self.req = fakes.HTTPRequest.blank('')
self.policy_root = va_policies.POLICY_ROOT
self.stub_out(
'nova.objects.BlockDeviceMapping'
'.get_by_volume_and_instance', fake_bdm_get_by_volume_and_instance)
self.stub_out('nova.volume.cinder.API.get', fake_get_volume)
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
uuid = uuids.fake_id
self.instance = fake_instance.fake_instance_obj(
self.project_member_context,
id=1,
uuid=uuid,
project_id=self.project_id,
vm_state=vm_states.ACTIVE,
task_state=None,
launched_at=timeutils.utcnow())
self.mock_get.return_value = self.instance
# Check that admin or owner is able to list/create/show/delete
# the attached volume.
self.admin_or_owner_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.project_foo_context,
self.project_reader_context, self.project_member_context
]
self.admin_or_owner_unauthorized_contexts = [
self.system_member_context, self.system_reader_context,
self.system_foo_context, self.other_project_member_context
]
# Check that admin is able to update the attached volume
self.admin_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context
]
# Check that non-admin is not able to update the attached
# volume
self.admin_unauthorized_contexts = [
self.system_member_context, self.system_reader_context,
self.system_foo_context, self.project_member_context,
self.other_project_member_context, self.project_foo_context,
self.project_reader_context
]
self.reader_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.system_reader_context, self.system_member_context,
self.project_admin_context, self.project_reader_context,
self.project_member_context, self.project_foo_context
]
self.reader_unauthorized_contexts = [
self.system_foo_context, self.other_project_member_context
]
def setUp(self):
super(VolumeAttachPolicyTest, self).setUp()
self.controller = volumes_v21.VolumeAttachmentController()
self.req = fakes.HTTPRequest.blank('')
self.policy_root = va_policies.POLICY_ROOT
self.stub_out('nova.objects.BlockDeviceMapping'
'.get_by_volume_and_instance',
fake_bdm_get_by_volume_and_instance)
self.stub_out('nova.volume.cinder.API.get', fake_get_volume)
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
uuid = uuids.fake_id
self.instance = fake_instance.fake_instance_obj(
self.project_member_context,
id=1, uuid=uuid, project_id=self.project_id,
vm_state=vm_states.ACTIVE,
task_state=None, launched_at=timeutils.utcnow())
self.mock_get.return_value = self.instance
# With legacy rule and no scope checks, all admin, project members
# project reader or other project role(because legacy rule allow
# resource owner- having same project id and no role check) is
# able create/delete/update the volume attachment.
self.project_member_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.project_member_context,
self.project_reader_context, self.project_foo_context]
# With legacy rule and no scope checks, all admin, project members
# project reader or other project role(because legacy rule allow
# resource owner- having same project id and no role check) is
# able get the volume attachment.
self.project_reader_authorized_contexts = (
self.project_member_authorized_contexts)
# By default, legacy rule are enable and scope check is disabled.
# system admin, legacy admin, and project admin is able to update
# volume attachment with a different volumeId.
self.project_admin_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context]
def setUp(self):
super(VolumeAttachTestsV21, self).setUp()
self.stub_out('nova.objects.BlockDeviceMappingList'
'.get_by_instance_uuid',
fake_bdm_list_get_by_instance_uuid)
self.stubs.Set(compute_api.API, 'get', fake_get_instance)
self.stubs.Set(cinder.API, 'get', fake_get_volume)
self.context = context.get_admin_context()
self.expected_show = {'volumeAttachment':
{'device': '/dev/fake0',
'serverId': FAKE_UUID,
'id': FAKE_UUID_A,
'volumeId': FAKE_UUID_A
}}
self.attachments = volumes_v21.VolumeAttachmentController()
self.req = fakes.HTTPRequest.blank(
'/v2/servers/id/os-volume_attachments/uuid')
self.req.body = jsonutils.dump_as_bytes({})
self.req.headers['content-type'] = 'application/json'
self.req.environ['nova.context'] = self.context
def setUp(self):
super(TestVolumeAttachPolicyEnforcementV21, self).setUp()
self.controller = volumes_v21.VolumeAttachmentController()
self.req = fakes.HTTPRequest.blank('')
def _set_up_controller(self):
self.attachments = volumes_v21.VolumeAttachmentController()
def setUp(self):
super(VolumeAttachTestsV249, self).setUp()
self.attachments = volumes_v21.VolumeAttachmentController()
self.req = fakes.HTTPRequest.blank(
'/v2/servers/id/os-volume_attachments/uuid', version='2.49')
