def setUp(self):
super(FlavorAccessPolicyTest, self).setUp()
self.controller = flavor_access.FlavorActionController()
self.controller_index = flavor_access.FlavorAccessController()
self.req = fakes.HTTPRequest.blank('')
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_flavor')).mock
uuid = uuids.fake_id
self.flavor = fake_flavor.fake_flavor_obj(self.project_member_context,
id=1,
uuid=uuid,
project_id=self.project_id,
is_public=False)
self.mock_get.return_value = self.flavor
self.stub_out('nova.api.openstack.identity.verify_project_id',
lambda ctx, project_id: True)
self.stub_out('nova.objects.flavor._get_projects_from_db',
lambda context, flavorid: [])
# With legacy rule and no scope checks, all admin is able to
# add/remove flavor access to a tenant.
self.admin_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context
]
# With legacy rule, anyone can access flavor access info.
self.admin_index_authorized_contexts = self.all_contexts
def setUp(self):
super(FlavorAccessPolicyTest, self).setUp()
self.controller = flavor_access.FlavorActionController()
self.controller_index = flavor_access.FlavorAccessController()
self.req = fakes.HTTPRequest.blank('')
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_flavor')).mock
uuid = uuids.fake_id
self.flavor = fake_flavor.fake_flavor_obj(self.project_member_context,
id=1,
uuid=uuid,
project_id=self.project_id,
is_public=False)
self.mock_get.return_value = self.flavor
self.stub_out('nova.api.openstack.identity.verify_project_id',
lambda ctx, project_id: True)
self.stub_out('nova.objects.flavor._get_projects_from_db',
lambda context, flavorid: [])
# Check that admin is able to add/remove flavor access
# to a tenant.
self.admin_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context
]
# Check that non-admin is not able to add/remove flavor access
# to a tenant.
self.admin_unauthorized_contexts = [
self.system_member_context, self.system_reader_context,
self.system_foo_context, self.project_member_context,
self.other_project_member_context,
self.other_project_reader_context, self.project_foo_context,
self.project_reader_context
]
# Check that everyone is able to list flavor access
# information which is nothing but bug#1867840.
self.reader_authorized_contexts = [
self.legacy_admin_context,
self.system_admin_context,
self.project_admin_context,
self.project_member_context,
self.project_reader_context,
self.project_foo_context,
self.system_member_context,
self.system_reader_context,
self.system_foo_context,
self.other_project_member_context,
self.other_project_reader_context,
]
self.reader_unauthorized_contexts = []
def setUp(self):
super(FlavorAccessPolicyEnforcementV21, self).setUp()
self.act_controller = flavor_access_v21.FlavorActionController()
self.access_controller = flavor_access_v21.FlavorAccessController()
self.req = fakes.HTTPRequest.blank('')