Ejemplo n.º 1
0
    def setUp(self):
        super(ServicesPolicyTest, self).setUp()
        self.controller = services_v21.ServiceController()
        self.req = fakes.HTTPRequest.blank('/services')
        # Check that admin is able to change the service
        self.admin_authorized_contexts = [
            self.legacy_admin_context, self.system_admin_context,
            self.project_admin_context]
        # Check that non-admin is not able to change the service
        self.admin_unauthorized_contexts = [
            self.system_member_context, self.system_reader_context,
            self.system_foo_context, self.project_member_context,
            self.other_project_member_context,
            self.project_foo_context, self.project_reader_context
        ]

        # Check that system scoped admin, member and reader are able to
        # read the service data.
        # NOTE(gmann): Until old default rule which is admin_api is
        # deprecated and not removed, project admin and legacy admin
        # will be able to read the service data. This make sure that existing
        # tokens will keep working even we have changed this policy defaults
        # to reader role.
        self.reader_authorized_contexts = [
            self.system_admin_context, self.system_member_context,
            self.system_reader_context, self.legacy_admin_context,
            self.project_admin_context]
        # Check that non-system-reader are not able to read the service
        # data
        self.reader_unauthorized_contexts = [
            self.system_foo_context, self.other_project_member_context,
            self.project_foo_context, self.project_member_context,
            self.project_reader_context]
Ejemplo n.º 2
0
 def setUp(self):
     super(ComputeHostAPITestCase, self).setUp()
     self.host_api = compute.HostAPI()
     self.aggregate_api = compute_api.AggregateAPI()
     self.ctxt = context.get_admin_context()
     fake_notifier.stub_notifier(self)
     self.addCleanup(fake_notifier.reset)
     self.req = fakes.HTTPRequest.blank('')
     self.controller = services.ServiceController()
Ejemplo n.º 3
0
 def setUp(self):
     super(ComputeHostAPITestCase, self).setUp()
     self.host_api = compute.HostAPI()
     self.aggregate_api = compute.AggregateAPI()
     self.ctxt = context.get_admin_context()
     self.notifier = self.useFixture(
         nova_fixtures.NotificationFixture(self))
     self.req = fakes.HTTPRequest.blank('')
     self.controller = services.ServiceController()
     self.useFixture(nova_fixtures.SingleCellSimple())
Ejemplo n.º 4
0
    def setUp(self):
        super(ServicesPolicyTest, self).setUp()
        self.controller = services_v21.ServiceController()
        self.req = fakes.HTTPRequest.blank('/services')

        # With legacy rule and scope check disabled by default, system admin,
        # legacy admin, and project admin will be able to perform Services
        # Operations.
        self.system_admin_authorized_contexts = [
            self.legacy_admin_context, self.system_admin_context,
            self.project_admin_context
        ]
Ejemplo n.º 5
0
 def setUp(self):
     super(ServicesPolicyTest, self).setUp()
     self.controller = services_v21.ServiceController()
     self.req = fakes.HTTPRequest.blank('/services')
     # Check that admin is able to change the service
     self.admin_authorized_contexts = [
         self.legacy_admin_context, self.system_admin_context,
         self.project_admin_context
     ]
     # Check that non-admin is not able to change the service
     self.admin_unauthorized_contexts = [
         self.system_member_context, self.system_reader_context,
         self.system_foo_context, self.project_member_context,
         self.other_project_member_context, self.project_foo_context,
         self.project_reader_context
     ]
Ejemplo n.º 6
0
 def setUp(self):
     super(ServicesDeprecatedPolicyTest, self).setUp()
     self.controller = services_v21.ServiceController()
     self.member_req = fakes.HTTPRequest.blank('')
     self.member_req.environ['nova.context'] = self.system_reader_context
     self.reader_req = fakes.HTTPRequest.blank('')
     self.reader_req.environ['nova.context'] = self.project_reader_context
     self.deprecated_policy = "os_compute_api:os-services"
     # Overridde rule with different checks than defaults so that we can
     # verify the rule overridden case.
     override_rules = {self.deprecated_policy: base_policy.SYSTEM_READER}
     # NOTE(gmann): Only override the deprecated rule in policy file so
     # that
     # we can verify if overridden checks are considered by oslo.policy.
     # Oslo.policy will consider the overridden rules if:
     #  1. overridden deprecated rule's checks are different than defaults
     #  2. new rules are not present in policy file
     self.policy = self.useFixture(
         policy_fixture.OverridePolicyFixture(rules_in_file=override_rules))
Ejemplo n.º 7
0
 def _set_up_controller(self):
     self.controller = services_v21.ServiceController()
Ejemplo n.º 8
0
 def setUp(self):
     super(ServicesPolicyEnforcementV21, self).setUp()
     self.controller = services_v21.ServiceController()
     self.req = fakes.HTTPRequest.blank('')