def setUp(self): super(SecurityGroupsPolicyTest, self).setUp() self.controller = security_groups.ServerSecurityGroupController() self.action_ctr = security_groups.SecurityGroupActionController() self.req = fakes.HTTPRequest.blank('') user_id = self.req.environ['nova.context'].user_id self.mock_get = self.useFixture( fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.project_member_context, id=1, uuid=uuid, project_id=self.project_id, user_id=user_id, vm_state=vm_states.ACTIVE, task_state=None, launched_at=timeutils.utcnow()) self.mock_get.return_value = self.instance # Check that admin or and server owner is able to operate # server security groups. self.admin_or_owner_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context] # Check that non-admin/owner is not able to operate # server security groups. self.admin_or_owner_unauthorized_contexts = [ self.system_member_context, self.system_reader_context, self.system_foo_context, self.other_project_member_context ]
def setUp(self): super(ServerSecurityGroupsPolicyTest, self).setUp() self.controller = security_groups.ServerSecurityGroupController() self.action_ctr = security_groups.SecurityGroupActionController() self.req = fakes.HTTPRequest.blank('') user_id = self.req.environ['nova.context'].user_id self.mock_get = self.useFixture( fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.project_member_context, id=1, uuid=uuid, project_id=self.project_id, user_id=user_id, vm_state=vm_states.ACTIVE, task_state=None, launched_at=timeutils.utcnow()) self.mock_get.return_value = self.instance # With legacy rule and no scope checks, all admin, project members # project reader or other project role(because legacy rule allow server # owner- having same project id and no role check) is able to operate # server security groups. self.project_member_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context ] # With legacy rule, any admin or project role is able to get their # server SG. self.project_reader_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context, ]