diff options
Diffstat (limited to 'nova/tests/unit/policies/test_server_external_events.py')
| -rw-r--r-- | nova/tests/unit/policies/test_server_external_events.py | 52 |
1 files changed, 21 insertions, 31 deletions
diff --git a/nova/tests/unit/policies/test_server_external_events.py b/nova/tests/unit/policies/test_server_external_events.py index f8f1bcd663..401b55325f 100644 --- a/nova/tests/unit/policies/test_server_external_events.py +++ b/nova/tests/unit/policies/test_server_external_events.py @@ -10,7 +10,8 @@ # License for the specific language governing permissions and limitations # under the License. -import mock +from unittest import mock + from oslo_utils.fixture import uuidsentinel as uuids from nova.api.openstack.compute import server_external_events as ev @@ -33,20 +34,12 @@ class ServerExternalEventsPolicyTest(base.BasePolicyTest): self.controller = ev.ServerExternalEventsController() self.req = fakes.HTTPRequest.blank('') - # Check that admin is able to create the server external events. - self.admin_authorized_contexts = [ + # With legacy rule and no scope checks, all admin can + # create the server external events. + self.project_admin_authorized_contexts = [ self.legacy_admin_context, self.system_admin_context, self.project_admin_context ] - # Check that non-admin is not able to create the server - # external events. - self.admin_unauthorized_contexts = [ - self.system_member_context, self.system_reader_context, - self.system_foo_context, self.project_member_context, - self.project_reader_context, self.project_foo_context, - self.other_project_member_context, - self.other_project_reader_context, - ] @mock.patch('nova.compute.api.API.external_instance_event') @mock.patch('nova.objects.InstanceMappingList.get_by_instance_uuids') @@ -58,10 +51,18 @@ class ServerExternalEventsPolicyTest(base.BasePolicyTest): 'server_uuid': uuids.fake_id, 'status': 'completed'}] } - self.common_policy_check(self.admin_authorized_contexts, - self.admin_unauthorized_contexts, - rule_name, self.controller.create, - self.req, body=body) + self.common_policy_auth(self.project_admin_authorized_contexts, + rule_name, self.controller.create, + self.req, body=body) + + +class ServerExternalEventsNoLegacyNoScopeTest( + ServerExternalEventsPolicyTest): + """Test Server External Events API policies with deprecated rules + disabled, but scope checking still disabled. + """ + + without_deprecated_rules = True class ServerExternalEventsScopeTypePolicyTest(ServerExternalEventsPolicyTest): @@ -79,23 +80,12 @@ class ServerExternalEventsScopeTypePolicyTest(ServerExternalEventsPolicyTest): super(ServerExternalEventsScopeTypePolicyTest, self).setUp() self.flags(enforce_scope=True, group="oslo_policy") - # Check that admin is able to create the server external events. - self.admin_authorized_contexts = [ - self.system_admin_context, - ] - # Check that non-admin is not able to create the server - # external events. - self.admin_unauthorized_contexts = [ - self.legacy_admin_context, self.project_admin_context, - self.system_member_context, self.system_reader_context, - self.system_foo_context, self.project_member_context, - self.project_reader_context, self.project_foo_context, - self.other_project_member_context, - self.other_project_reader_context, - ] + # With scope checks, system admin is not allowed. + self.project_admin_authorized_contexts = [ + self.legacy_admin_context, self.project_admin_context] -class ServerExternalEventsNoLegacyPolicyTest( +class ServerExternalEventsScopeTypeNoLegacyPolicyTest( ServerExternalEventsScopeTypePolicyTest): """Test Server External Events APIs policies with system scope enabled, and no more deprecated rules. |