def setUp(self): super(AttachInterfacesPolicyEnforcementv21, self).setUp() self.controller = \ attach_interfaces_v21.InterfaceAttachmentController() self.req = fakes.HTTPRequest.blank('') self.rule_name = "os_compute_api:os-attach-interfaces" self.policy.set_rules({self.rule_name: "project:non_fake"})
def setUp(self): super(AttachInterfacesPolicyTest, self).setUp() self.controller = attach_interfaces.InterfaceAttachmentController() self.req = fakes.HTTPRequest.blank('') self.mock_get = self.useFixture( fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.project_member_context, id=1, uuid=uuid, project_id=self.project_id, vm_state=vm_states.ACTIVE, task_state=None, launched_at=timeutils.utcnow()) self.mock_get.return_value = self.instance # With legacy rule and no scope checks, all admin, project members # project reader or other project role(because legacy rule allow server # owner- having same project id and no role check) is able to attach, # detach an interface from a server. self.project_member_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context ] # and they can get their own server attached interfaces. self.project_reader_authorized_contexts = ( self.project_member_authorized_contexts)
def setUp(self): super(AttachInterfacesPolicyTest, self).setUp() self.controller = attach_interfaces.InterfaceAttachmentController() self.req = fakes.HTTPRequest.blank('') self.admin_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context, self.system_member_context, self.system_reader_context, self.system_foo_context, self.other_project_member_context ] self.admin_unauthorized_contexts = []
def setUp(self): super(AttachInterfacesDeprecatedPolicyTest, self).setUp() self.controller = attach_interfaces.InterfaceAttachmentController() self.admin_req = fakes.HTTPRequest.blank('') self.admin_req.environ['nova.context'] = self.project_admin_context self.reader_req = fakes.HTTPRequest.blank('') self.reader_req.environ['nova.context'] = self.project_reader_context self.deprecated_policy = "os_compute_api:os-attach-interfaces" # Overridde rule with different checks than defaults so that we can # verify the rule overridden case. override_rules = {self.deprecated_policy: base_policy.RULE_ADMIN_API} # NOTE(gmann): Only override the deprecated rule in policy file so # that # we can verify if overridden checks are considered by oslo.policy. # Oslo.policy will consider the overridden rules if: # 1. overridden deprecated rule's checks are different than defaults # 2. new rules are not present in policy file self.policy = self.useFixture( policy_fixture.OverridePolicyFixture(rules_in_file=override_rules))
def setUp(self): super(AttachInterfacesPolicyTest, self).setUp() self.controller = attach_interfaces.InterfaceAttachmentController() self.req = fakes.HTTPRequest.blank('') self.mock_get = self.useFixture( fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.project_member_context, id=1, uuid=uuid, project_id=self.project_id, vm_state=vm_states.ACTIVE, task_state=None, launched_at=timeutils.utcnow()) self.mock_get.return_value = self.instance self.admin_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_foo_context, self.project_reader_context, self.project_member_context ] self.admin_unauthorized_contexts = [ self.system_member_context, self.system_reader_context, self.system_foo_context, self.other_project_member_context, self.other_project_reader_context, ] self.reader_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.system_member_context, self.system_reader_context, self.project_reader_context, self.project_member_context, self.project_foo_context ] self.reader_unauthorized_contexts = [ self.system_foo_context, self.other_project_member_context, self.other_project_reader_context, ]
def setUp(self): super(InterfaceAttachTestsV270, self).setUp() self.attachments = ( attach_interfaces_v21.InterfaceAttachmentController()) self.req = fakes.HTTPRequest.blank('', version='2.70') self.stub_out('nova.compute.api.API.get', fake_get_instance)