141 lines
5.7 KiB
Python
141 lines
5.7 KiB
Python
# Copyright 2012 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import uuid
|
|
|
|
from oslo_policy import policy as oslo_policy
|
|
from oslo_serialization import jsonutils
|
|
import webob
|
|
|
|
from cinder import context
|
|
from cinder import objects
|
|
from cinder.policies.volumes import TENANT_ATTRIBUTE_POLICY
|
|
from cinder import policy
|
|
from cinder import test
|
|
from cinder.tests.unit.api import fakes
|
|
from cinder.tests.unit import fake_constants as fake
|
|
from cinder.tests.unit import fake_volume
|
|
from cinder import volume
|
|
|
|
|
|
PROJECT_ID = '88fd1da4-f464-4a87-9ce5-26f2f40743b9'
|
|
|
|
|
|
def fake_volume_get(*args, **kwargs):
|
|
ctx = context.RequestContext(fake.USER_ID, fake.PROJECT_ID, False)
|
|
vol = {
|
|
'id': fake.VOLUME_ID,
|
|
'project_id': PROJECT_ID,
|
|
}
|
|
return fake_volume.fake_volume_obj(ctx, **vol)
|
|
|
|
|
|
def fake_volume_get_all(*args, **kwargs):
|
|
return objects.VolumeList(objects=[fake_volume_get()])
|
|
|
|
|
|
def app():
|
|
# no auth, just let environ['cinder.context'] pass through
|
|
api = fakes.router.APIRouter()
|
|
mapper = fakes.urlmap.URLMap()
|
|
mapper['/v2'] = api
|
|
return mapper
|
|
|
|
|
|
class VolumeTenantAttributeTest(test.TestCase):
|
|
|
|
def setUp(self):
|
|
super(VolumeTenantAttributeTest, self).setUp()
|
|
self.mock_object(volume.api.API, 'get', fake_volume_get)
|
|
self.mock_object(volume.api.API, 'get_all', fake_volume_get_all)
|
|
self.UUID = uuid.uuid4()
|
|
policy.reset()
|
|
policy.init()
|
|
self.addCleanup(policy.reset)
|
|
|
|
def test_get_volume_includes_tenant_id(self):
|
|
allow_all = {TENANT_ATTRIBUTE_POLICY: oslo_policy._checks.TrueCheck()}
|
|
policy._ENFORCER.set_rules(allow_all, overwrite=False)
|
|
ctx = context.RequestContext(fake.USER_ID, fake.PROJECT_ID, True)
|
|
req = webob.Request.blank('/v2/%s/volumes/%s' % (
|
|
fake.PROJECT_ID, self.UUID))
|
|
req.method = 'GET'
|
|
req.environ['cinder.context'] = ctx
|
|
res = req.get_response(app())
|
|
vol = jsonutils.loads(res.body)['volume']
|
|
self.assertEqual(PROJECT_ID, vol['os-vol-tenant-attr:tenant_id'])
|
|
self.assertIn('os-vol-tenant-attr:tenant_id', vol)
|
|
|
|
def test_get_volume_excludes_tenant_id(self):
|
|
allow_none = {TENANT_ATTRIBUTE_POLICY:
|
|
oslo_policy._checks.FalseCheck()}
|
|
policy._ENFORCER.set_rules(allow_none, overwrite=False)
|
|
ctx = context.RequestContext(fake.USER_ID, fake.PROJECT_ID, True)
|
|
req = webob.Request.blank('/v2/%s/volumes/%s' % (
|
|
fake.PROJECT_ID, self.UUID))
|
|
req.method = 'GET'
|
|
req.environ['cinder.context'] = ctx
|
|
res = req.get_response(app())
|
|
vol = jsonutils.loads(res.body)['volume']
|
|
self.assertEqual(fake.VOLUME_ID, vol['id'])
|
|
self.assertNotIn('os-vol-tenant-attr:tenant_id', vol)
|
|
|
|
def test_list_detail_volumes_includes_tenant_id(self):
|
|
allow_all = {TENANT_ATTRIBUTE_POLICY: oslo_policy._checks.TrueCheck()}
|
|
policy._ENFORCER.set_rules(allow_all, overwrite=False)
|
|
ctx = context.RequestContext(fake.USER_ID, fake.PROJECT_ID, False)
|
|
req = webob.Request.blank('/v2/%s/volumes/detail' % fake.PROJECT_ID)
|
|
req.method = 'GET'
|
|
req.environ['cinder.context'] = ctx
|
|
res = req.get_response(app())
|
|
vol = jsonutils.loads(res.body)['volumes']
|
|
self.assertEqual(PROJECT_ID, vol[0]['os-vol-tenant-attr:tenant_id'])
|
|
|
|
def test_list_detail_volumes_excludes_tenant_id(self):
|
|
allow_none = {TENANT_ATTRIBUTE_POLICY:
|
|
oslo_policy._checks.FalseCheck()}
|
|
policy._ENFORCER.set_rules(allow_none, overwrite=False)
|
|
ctx = context.RequestContext(fake.USER_ID, fake.PROJECT_ID, False)
|
|
req = webob.Request.blank('/v2/%s/volumes/detail' % fake.PROJECT_ID)
|
|
req.method = 'GET'
|
|
req.environ['cinder.context'] = ctx
|
|
res = req.get_response(app())
|
|
vol = jsonutils.loads(res.body)['volumes']
|
|
self.assertEqual(fake.VOLUME_ID, vol[0]['id'])
|
|
self.assertNotIn('os-vol-tenant-attr:tenant_id', vol[0])
|
|
|
|
def test_list_simple_volumes_never_has_tenant_id(self):
|
|
allow_all = {TENANT_ATTRIBUTE_POLICY: oslo_policy._checks.TrueCheck()}
|
|
policy._ENFORCER.set_rules(allow_all, overwrite=False)
|
|
ctx = context.RequestContext(fake.USER_ID, fake.PROJECT_ID, True)
|
|
req = webob.Request.blank('/v2/%s/volumes' % fake.PROJECT_ID)
|
|
req.method = 'GET'
|
|
req.environ['cinder.context'] = ctx
|
|
res = req.get_response(app())
|
|
vol = jsonutils.loads(res.body)['volumes']
|
|
self.assertEqual(fake.VOLUME_ID, vol[0]['id'])
|
|
self.assertNotIn('os-vol-tenant-attr:tenant_id', vol[0])
|
|
|
|
allow_none = {TENANT_ATTRIBUTE_POLICY:
|
|
oslo_policy._checks.FalseCheck()}
|
|
policy._ENFORCER.set_rules(allow_none, overwrite=False)
|
|
ctx = context.RequestContext(fake.USER_ID, fake.PROJECT_ID, True)
|
|
req = webob.Request.blank('/v2/%s/volumes' % fake.PROJECT_ID)
|
|
req.method = 'GET'
|
|
req.environ['cinder.context'] = ctx
|
|
res = req.get_response(app())
|
|
vol = jsonutils.loads(res.body)['volumes']
|
|
self.assertEqual(fake.VOLUME_ID, vol[0]['id'])
|
|
self.assertNotIn('os-vol-tenant-attr:tenant_id', vol[0])
|