def setUp(self): super(LockServerPolicyTest, self).setUp() self.controller = lock_server.LockServerController() self.req = fakes.HTTPRequest.blank('') user_id = self.req.environ['nova.context'].user_id self.mock_get = self.useFixture( fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.project_member_context, id=1, uuid=uuid, project_id=self.project_id, user_id=user_id, vm_state=vm_states.ACTIVE, task_state=None, launched_at=timeutils.utcnow()) self.mock_get.return_value = self.instance # With legacy rule and no scope checks, all admin, project members # project reader or other project role(because legacy rule allow server # owner- having same project id and no role check) is able to lock, # unlock the server. self.project_action_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context] # By default, legacy rule are enable and scope check is disabled. # system admin, legacy admin, and project admin is able to override # unlock, regardless who locked the server. self.project_admin_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context]
def setUp(self): super(LockServerPolicyTest, self).setUp() self.controller = lock_server.LockServerController() self.req = fakes.HTTPRequest.blank('') user_id = self.req.environ['nova.context'].user_id self.mock_get = self.useFixture( fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.project_member_context, id=1, uuid=uuid, project_id=self.project_id, user_id=user_id, vm_state=vm_states.ACTIVE, task_state=None, launched_at=timeutils.utcnow()) self.mock_get.return_value = self.instance # Check that admin or and server owner is able to lock/unlock # the server self.admin_or_owner_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context ] # Check that non-admin/owner is not able to lock/unlock # the server self.admin_or_owner_unauthorized_contexts = [ self.system_member_context, self.system_reader_context, self.system_foo_context, self.other_project_member_context ] # Check that admin is able to unlock the server which is # locked by other self.admin_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context ] # Check that non-admin is not able to unlock the server # which is locked by other self.admin_unauthorized_contexts = [ self.system_member_context, self.system_reader_context, self.system_foo_context, self.project_member_context, self.project_reader_context, self.project_foo_context, self.other_project_member_context ]
def setUp(self): super(LockServerPolicyEnforcementV21, self).setUp() self.controller = lock_server_v21.LockServerController() self.req = fakes.HTTPRequest.blank('')