Esempio n. 1
0
    def setUp(self):
        super(SecurityGroupsPolicyTest, self).setUp()
        self.controller = security_groups.ServerSecurityGroupController()
        self.action_ctr = security_groups.SecurityGroupActionController()
        self.req = fakes.HTTPRequest.blank('')
        user_id = self.req.environ['nova.context'].user_id
        self.mock_get = self.useFixture(
            fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
        uuid = uuids.fake_id
        self.instance = fake_instance.fake_instance_obj(
                self.project_member_context,
                id=1, uuid=uuid, project_id=self.project_id,
                user_id=user_id, vm_state=vm_states.ACTIVE,
                task_state=None, launched_at=timeutils.utcnow())
        self.mock_get.return_value = self.instance

        # Check that admin or and server owner is able to operate
        # server security groups.
        self.admin_or_owner_authorized_contexts = [
            self.legacy_admin_context, self.system_admin_context,
            self.project_admin_context, self.project_member_context,
            self.project_reader_context, self.project_foo_context]
        # Check that non-admin/owner is not able to operate
        # server security groups.
        self.admin_or_owner_unauthorized_contexts = [
            self.system_member_context, self.system_reader_context,
            self.system_foo_context,
            self.other_project_member_context
        ]
Esempio n. 2
0
    def setUp(self):
        super(ServerSecurityGroupsPolicyTest, self).setUp()
        self.controller = security_groups.ServerSecurityGroupController()
        self.action_ctr = security_groups.SecurityGroupActionController()
        self.req = fakes.HTTPRequest.blank('')
        user_id = self.req.environ['nova.context'].user_id
        self.mock_get = self.useFixture(
            fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
        uuid = uuids.fake_id
        self.instance = fake_instance.fake_instance_obj(
            self.project_member_context,
            id=1,
            uuid=uuid,
            project_id=self.project_id,
            user_id=user_id,
            vm_state=vm_states.ACTIVE,
            task_state=None,
            launched_at=timeutils.utcnow())
        self.mock_get.return_value = self.instance

        # With legacy rule and no scope checks, all admin, project members
        # project reader or other project role(because legacy rule allow server
        # owner- having same project id and no role check) is able to operate
        # server security groups.
        self.project_member_authorized_contexts = [
            self.legacy_admin_context, self.system_admin_context,
            self.project_admin_context, self.project_member_context,
            self.project_reader_context, self.project_foo_context
        ]
        # With legacy rule, any admin or project role is able to get their
        # server SG.
        self.project_reader_authorized_contexts = [
            self.legacy_admin_context,
            self.system_admin_context,
            self.project_admin_context,
            self.project_member_context,
            self.project_reader_context,
            self.project_foo_context,
        ]