Merge "Enforce policy before resource.validate"
This commit is contained in:
commit
9c9bce7045
|
@ -698,6 +698,7 @@ class EngineService(service.Service):
|
|||
parent_resource=parent_resource_name,
|
||||
**common_params)
|
||||
|
||||
self.resource_enforcer.enforce_stack(stack)
|
||||
self._validate_deferred_auth_context(cnxt, stack)
|
||||
stack.validate()
|
||||
# For the root stack print a summary of the TemplateResources loaded
|
||||
|
@ -736,7 +737,6 @@ class EngineService(service.Service):
|
|||
args,
|
||||
convergence=conv_eng)
|
||||
|
||||
self.resource_enforcer.enforce_stack(stack)
|
||||
return api.format_stack_preview(stack)
|
||||
|
||||
@context.request_context
|
||||
|
@ -802,7 +802,6 @@ class EngineService(service.Service):
|
|||
stack_user_project_id, convergence, parent_resource_name,
|
||||
template_id)
|
||||
|
||||
self.resource_enforcer.enforce_stack(stack)
|
||||
stack_id = stack.store()
|
||||
if cfg.CONF.reauthentication_auth_method == 'trusts':
|
||||
stack = parser.Stack.load(
|
||||
|
|
|
@ -24,6 +24,7 @@ from heat.common import context
|
|||
from heat.common import environment_util as env_util
|
||||
from heat.common import exception
|
||||
from heat.common import identifier
|
||||
from heat.common import policy
|
||||
from heat.common import template_format
|
||||
from heat.engine.cfn import template as cfntemplate
|
||||
from heat.engine import environment
|
||||
|
@ -1181,6 +1182,7 @@ class StackServiceTest(common.HeatTestCase):
|
|||
@mock.patch.object(service.api, 'format_stack_preview', new=mock.Mock())
|
||||
@mock.patch.object(service.parser, 'Stack')
|
||||
def test_preview_stack_checks_stack_validity(self, mock_parser):
|
||||
self.patchobject(policy.ResourceEnforcer, 'enforce_stack')
|
||||
exc = exception.StackValidationFailed(message='Validation Failed')
|
||||
mock_parsed_stack = mock.Mock()
|
||||
mock_parsed_stack.validate.side_effect = exc
|
||||
|
|
Loading…
Reference in New Issue