def setUp(self):
super(KeypairsPolicyTest, self).setUp()
self.controller = keypairs.KeypairController()
self.req = fakes.HTTPRequest.blank('')
# Check that everyone is able to create, delete and get
# their keypairs.
self.everyone_authorized_contexts = [
self.legacy_admin_context,
self.system_admin_context,
self.project_admin_context,
self.system_member_context,
self.system_reader_context,
self.system_foo_context,
self.project_member_context,
self.project_reader_context,
self.project_foo_context,
self.other_project_member_context,
self.other_project_reader_context,
]
# Check that admin is able to create, delete and get
# other users keypairs.
self.admin_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context
]
def _setup_app_and_controller(self):
self.app_server = fakes.wsgi_app_v21(init_only=('os-keypairs',
'servers'))
self.controller = keypairs_v21.KeypairController()
class KeypairPolicyTestV21(test.NoDBTestCase):
KeyPairController = keypairs_v21.KeypairController()
policy_path = 'os_compute_api:os-keypairs'
def setUp(self):
super(KeypairPolicyTestV21, self).setUp()
@staticmethod
def _db_key_pair_get(context, user_id, name=None):
if name is not None:
return dict(test_keypair.fake_keypair,
name='foo',
public_key='XXX',
fingerprint='YYY',
type='ssh')
else:
return db_key_pair_get_all_by_user(context, user_id)
self.stub_out("nova.objects.keypair.KeyPair._get_from_db",
_db_key_pair_get)
self.stub_out("nova.db.key_pair_destroy", db_key_pair_destroy)
self.req = fakes.HTTPRequest.blank('')
def test_keypair_list_fail_policy(self):
rules = {self.policy_path + ':index': 'role:admin'}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
self.assertRaises(exception.Forbidden, self.KeyPairController.index,
self.req)
def test_keypair_list_pass_policy(self):
rules = {self.policy_path + ':index': ''}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
res = self.KeyPairController.index(self.req)
self.assertIn('keypairs', res)
def test_keypair_show_fail_policy(self):
rules = {self.policy_path + ':show': 'role:admin'}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
self.assertRaises(exception.Forbidden, self.KeyPairController.show,
self.req, 'FAKE')
def test_keypair_show_pass_policy(self):
rules = {self.policy_path + ':show': ''}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
res = self.KeyPairController.show(self.req, 'FAKE')
self.assertIn('keypair', res)
def test_keypair_create_fail_policy(self):
body = {'keypair': {'name': 'create_test'}}
rules = {self.policy_path + ':create': 'role:admin'}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
self.assertRaises(exception.Forbidden,
self.KeyPairController.create,
self.req,
body=body)
def _assert_keypair_create(self, mock_create, req):
mock_create.assert_called_with(req, 'fake_user', 'create_test', 'ssh')
@mock.patch.object(compute_api.KeypairAPI, 'create_key_pair')
def test_keypair_create_pass_policy(self, mock_create):
keypair_obj = objects.KeyPair(name='',
public_key='',
fingerprint='',
user_id='')
mock_create.return_value = (keypair_obj, 'dummy')
body = {'keypair': {'name': 'create_test'}}
rules = {self.policy_path + ':create': ''}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
res = self.KeyPairController.create(self.req, body=body)
self.assertIn('keypair', res)
req = self.req.environ['nova.context']
self._assert_keypair_create(mock_create, req)
def test_keypair_delete_fail_policy(self):
rules = {self.policy_path + ':delete': 'role:admin'}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
self.assertRaises(exception.Forbidden, self.KeyPairController.delete,
self.req, 'FAKE')
def test_keypair_delete_pass_policy(self):
rules = {self.policy_path + ':delete': ''}
policy.set_rules(oslo_policy.Rules.from_dict(rules))
self.KeyPairController.delete(self.req, 'FAKE')
class KeypairPolicyTestV21(test.TestCase):
KeyPairController = keypairs_v21.KeypairController()
policy_path = 'os_compute_api:os-keypairs'
def setUp(self):
super(KeypairPolicyTestV21, self).setUp()
def _db_key_pair_get(context, user_id, name):
return dict(test_keypair.fake_keypair,
name='foo',
public_key='XXX',
fingerprint='YYY',
type='ssh')
self.stubs.Set(db, "key_pair_get", _db_key_pair_get)
self.stubs.Set(db, "key_pair_get_all_by_user",
db_key_pair_get_all_by_user)
self.stubs.Set(db, "key_pair_create", db_key_pair_create)
self.stubs.Set(db, "key_pair_destroy", db_key_pair_destroy)
self.req = fakes.HTTPRequest.blank('')
def test_keypair_list_fail_policy(self):
rules = {
self.policy_path + ':index': common_policy.parse_rule('role:admin')
}
policy.set_rules(rules)
self.assertRaises(exception.Forbidden, self.KeyPairController.index,
self.req)
def test_keypair_list_pass_policy(self):
rules = {self.policy_path + ':index': common_policy.parse_rule('')}
policy.set_rules(rules)
res = self.KeyPairController.index(self.req)
self.assertIn('keypairs', res)
def test_keypair_show_fail_policy(self):
rules = {
self.policy_path + ':show': common_policy.parse_rule('role:admin')
}
policy.set_rules(rules)
self.assertRaises(exception.Forbidden, self.KeyPairController.show,
self.req, 'FAKE')
def test_keypair_show_pass_policy(self):
rules = {self.policy_path + ':show': common_policy.parse_rule('')}
policy.set_rules(rules)
res = self.KeyPairController.show(self.req, 'FAKE')
self.assertIn('keypair', res)
def test_keypair_create_fail_policy(self):
body = {'keypair': {'name': 'create_test'}}
rules = {
self.policy_path + ':create':
common_policy.parse_rule('role:admin')
}
policy.set_rules(rules)
self.assertRaises(exception.Forbidden,
self.KeyPairController.create,
self.req,
body=body)
def test_keypair_create_pass_policy(self):
body = {'keypair': {'name': 'create_test'}}
rules = {self.policy_path + ':create': common_policy.parse_rule('')}
policy.set_rules(rules)
res = self.KeyPairController.create(self.req, body=body)
self.assertIn('keypair', res)
def test_keypair_delete_fail_policy(self):
rules = {
self.policy_path + ':delete':
common_policy.parse_rule('role:admin')
}
policy.set_rules(rules)
self.assertRaises(exception.Forbidden, self.KeyPairController.delete,
self.req, 'FAKE')
def test_keypair_delete_pass_policy(self):
rules = {self.policy_path + ':delete': common_policy.parse_rule('')}
policy.set_rules(rules)
self.KeyPairController.delete(self.req, 'FAKE')
def _setup_app_and_controller(self):
self.app_server = fakes.wsgi_app_v21()
self.controller = keypairs_v21.KeypairController()
def setUp(self):
super(KeypairsTestV275, self).setUp()
self.controller = keypairs_v21.KeypairController()
