def _test_core_authorizer_throws_exception_if_policy_fails(
self, rule, authorize):
target = {'project_id': '1234', 'user_id': '5678'}
self.mox.StubOutWithMock(patron.policy, 'enforce')
patron.policy.enforce(self.fake_context, rule, target).AndRaise(
exception.PolicyNotAuthorized(action=rule))
self.mox.ReplayAll()
self.assertRaises(exception.PolicyNotAuthorized,
authorize,
self.fake_context,
target=target)
def test_unlock_not_authorized(self):
self.mox.StubOutWithMock(self.compute_api, 'unlock')
instance = self._stub_instance_get()
self.compute_api.unlock(self.context, instance).AndRaise(
exception.PolicyNotAuthorized(action='unlock'))
self.mox.ReplayAll()
body = {}
self.assertRaises(self.authorization_error, self.controller._unlock,
self.req, instance.uuid, body)
def test_non_admin_cannot_fetch_used_limits_for_any_other_project(self):
project_id = "123456"
user_id = "A1234"
tenant_id = "abcd"
self.fake_context.project_id = project_id
self.fake_context.user_id = user_id
obj = {
"limits": {
"rate": [],
"absolute": {},
},
}
target = {"project_id": tenant_id, "user_id": user_id}
fake_req = FakeRequest(self.fake_context)
fake_req.GET = {'tenant_id': tenant_id}
if self.ext_mgr is not None:
self.ext_mgr.is_loaded('os-used-limits-for-admin').AndReturn(True)
self.authorize(self.fake_context, target=target). \
AndRaise(exception.PolicyNotAuthorized(
action=self.used_limit_extension))
self.mox.ReplayAll()
res = wsgi.ResponseObject(obj)
self.assertRaises(exception.PolicyNotAuthorized, self.controller.index,
fake_req, res)
def fake_func():
raise exception.PolicyNotAuthorized(action="foo")
def test_network_create_exception_policy_failed(self):
ex = exception.PolicyNotAuthorized(action='dummy')
expex = webob.exc.HTTPForbidden
self._test_network_create_exception(ex, expex)