def setUp(self): super(FloatingIPActionPolicyEnforcementV21, self).setUp() self.controller = fips_v21.FloatingIPActionController() self.req = fakes.HTTPRequest.blank('') uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.req.environ['nova.context'], id=2, uuid=uuid, availability_zone='nova', vm_state=vm_states.ACTIVE, project_id=self.req.environ['nova.context'].project_id) self.mock_get = self.useFixture( fixtures.MockPatch('nova.compute.api.API.get')).mock self.mock_get.return_value = self.instance
def setUp(self): super(FloatingIPPolicyTest, self).setUp() self.controller = floating_ips.FloatingIPController() self.action_controller = floating_ips.FloatingIPActionController() self.req = fakes.HTTPRequest.blank('') self.mock_get = self.useFixture( fixtures.MockPatch('nova.api.openstack.common.get_instance')).mock uuid = uuids.fake_id self.instance = fake_instance.fake_instance_obj( self.project_member_context, project_id=self.project_id, id=1, uuid=uuid, vm_state=vm_states.ACTIVE, task_state=None, launched_at=timeutils.utcnow()) self.mock_get.return_value = self.instance # With legacy rule and scope disable, everyone is able to perform crud # operation on FIP. # NOTE: Nova cannot verify the FIP owner during nova policy # enforcement so will be passing context's project_id as target to # policy and always pass. If requester is not admin or owner # of FIP then neutron will be returning the appropriate error. self.member_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context, self.other_project_reader_context, self.system_member_context, self.system_reader_context, self.system_foo_context, self.other_project_member_context ] self.project_reader_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context, self.other_project_reader_context, self.system_member_context, self.system_reader_context, self.system_foo_context, self.other_project_member_context ] # With legacy rule and no scope checks, all admin, project members # project reader or other project role(because legacy rule allow server # owner- having same project id and no role check) is able to add, # delete FIP to server. self.project_member_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context, self.project_member_context, self.project_reader_context, self.project_foo_context ]
def setUp(self): super(FloatingIPActionPolicyEnforcementV21, self).setUp() self.controller = fips_v21.FloatingIPActionController() self.req = fakes.HTTPRequest.blank('')
def setUp(self): super(FloatingIpActionDeprecationTest, self).setUp() self.req = fakes.HTTPRequest.blank('', version='2.44') self.controller = fips_v21.FloatingIPActionController()