def setUp(self):
super(AttachInterfacesPolicyEnforcementv21, self).setUp()
self.controller = \
attach_interfaces_v21.InterfaceAttachmentController()
self.req = fakes.HTTPRequest.blank('')
self.rule_name = "os_compute_api:os-attach-interfaces"
self.policy.set_rules({self.rule_name: "project:non_fake"})
def setUp(self):
super(AttachInterfacesPolicyTest, self).setUp()
self.controller = attach_interfaces.InterfaceAttachmentController()
self.req = fakes.HTTPRequest.blank('')
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
uuid = uuids.fake_id
self.instance = fake_instance.fake_instance_obj(
self.project_member_context,
id=1,
uuid=uuid,
project_id=self.project_id,
vm_state=vm_states.ACTIVE,
task_state=None,
launched_at=timeutils.utcnow())
self.mock_get.return_value = self.instance
# With legacy rule and no scope checks, all admin, project members
# project reader or other project role(because legacy rule allow server
# owner- having same project id and no role check) is able to attach,
# detach an interface from a server.
self.project_member_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.project_member_context,
self.project_reader_context, self.project_foo_context
]
# and they can get their own server attached interfaces.
self.project_reader_authorized_contexts = (
self.project_member_authorized_contexts)
def setUp(self):
super(AttachInterfacesPolicyTest, self).setUp()
self.controller = attach_interfaces.InterfaceAttachmentController()
self.req = fakes.HTTPRequest.blank('')
self.admin_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.project_member_context,
self.project_reader_context, self.project_foo_context,
self.system_member_context, self.system_reader_context,
self.system_foo_context, self.other_project_member_context
]
self.admin_unauthorized_contexts = []
def setUp(self):
super(AttachInterfacesDeprecatedPolicyTest, self).setUp()
self.controller = attach_interfaces.InterfaceAttachmentController()
self.admin_req = fakes.HTTPRequest.blank('')
self.admin_req.environ['nova.context'] = self.project_admin_context
self.reader_req = fakes.HTTPRequest.blank('')
self.reader_req.environ['nova.context'] = self.project_reader_context
self.deprecated_policy = "os_compute_api:os-attach-interfaces"
# Overridde rule with different checks than defaults so that we can
# verify the rule overridden case.
override_rules = {self.deprecated_policy: base_policy.RULE_ADMIN_API}
# NOTE(gmann): Only override the deprecated rule in policy file so
# that
# we can verify if overridden checks are considered by oslo.policy.
# Oslo.policy will consider the overridden rules if:
# 1. overridden deprecated rule's checks are different than defaults
# 2. new rules are not present in policy file
self.policy = self.useFixture(
policy_fixture.OverridePolicyFixture(rules_in_file=override_rules))
def setUp(self):
super(AttachInterfacesPolicyTest, self).setUp()
self.controller = attach_interfaces.InterfaceAttachmentController()
self.req = fakes.HTTPRequest.blank('')
self.mock_get = self.useFixture(
fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock
uuid = uuids.fake_id
self.instance = fake_instance.fake_instance_obj(
self.project_member_context,
id=1,
uuid=uuid,
project_id=self.project_id,
vm_state=vm_states.ACTIVE,
task_state=None,
launched_at=timeutils.utcnow())
self.mock_get.return_value = self.instance
self.admin_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.project_foo_context,
self.project_reader_context, self.project_member_context
]
self.admin_unauthorized_contexts = [
self.system_member_context,
self.system_reader_context,
self.system_foo_context,
self.other_project_member_context,
self.other_project_reader_context,
]
self.reader_authorized_contexts = [
self.legacy_admin_context, self.system_admin_context,
self.project_admin_context, self.system_member_context,
self.system_reader_context, self.project_reader_context,
self.project_member_context, self.project_foo_context
]
self.reader_unauthorized_contexts = [
self.system_foo_context,
self.other_project_member_context,
self.other_project_reader_context,
]
def setUp(self):
super(InterfaceAttachTestsV270, self).setUp()
self.attachments = (
attach_interfaces_v21.InterfaceAttachmentController())
self.req = fakes.HTTPRequest.blank('', version='2.70')
self.stub_out('nova.compute.api.API.get', fake_get_instance)
