def setUp(self):
super(InstanceActionsPolicyTest, self).setUp()
self.controller = instance_actions_v21.InstanceActionsController()
self.req = fakes.HTTPRequest.blank('')
self.fake_actions = copy.deepcopy(fake_server_actions.FAKE_ACTIONS)
self.fake_events = copy.deepcopy(fake_server_actions.FAKE_EVENTS)
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
uuid = uuids.fake_id
self.instance = fake_instance.fake_instance_obj(
self.project_member_context,
id=1,
uuid=uuid,
project_id=self.project_id,
vm_state=vm_states.ACTIVE,
task_state=None,
launched_at=timeutils.utcnow())
self.mock_get.return_value = self.instance
# Check that system reader are able to show the instance
# actions events.
self.system_reader_authorized_contexts = [
self.system_admin_context, self.system_member_context,
self.system_reader_context, self.legacy_admin_context,
self.project_admin_context
]
# Check that non-system-reader are not able to show the instance
# actions events.
self.system_reader_unauthorized_contexts = [
self.system_foo_context,
self.other_project_member_context,
self.project_foo_context,
self.project_member_context,
self.project_reader_context,
self.other_project_reader_context,
]
self.project_or_system_reader_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.system_member_context,
self.system_reader_context, self.project_reader_context,
self.project_member_context, self.project_foo_context
]
self.project_or_system_reader_unauthorized_contexts = [
self.system_foo_context,
self.other_project_member_context,
self.other_project_reader_context,
]
def setUp(self):
super(InstanceActionsDeprecatedPolicyTest, self).setUp()
self.controller = instance_actions_v21.InstanceActionsController()
self.admin_or_owner_req = fakes.HTTPRequest.blank('')
self.admin_or_owner_req.environ[
'nova.context'] = self.project_admin_context
self.reader_req = fakes.HTTPRequest.blank('')
self.reader_req.environ['nova.context'] = self.project_reader_context
self.deprecated_policy = ia_policies.ROOT_POLICY
# Overridde rule with different checks than defaults so that we can
# verify the rule overridden case.
override_rules = {
self.deprecated_policy: base_policy.RULE_ADMIN_OR_OWNER,
}
# NOTE(brinzhang): Only override the deprecated rule in policy file
# so that we can verify if overridden checks are considered by
# oslo.policy.
# Oslo.policy will consider the overridden rules if:
# 1. overridden deprecated rule's checks are different than defaults
# 2. new rules are not present in policy file
self.policy = self.useFixture(
policy_fixture.OverridePolicyFixture(rules_in_file=override_rules))