1ff8ebc13c
This is a preparation to split the openstack api v1 test cases. The current test case file is too large for maintenance. This patch renames the openstack folder to openstack_v1 so that in future we (hopefully) don't have to move them around again. Change-Id: Ie939e2d6022e688e02c5c946346b223e7b319136
120 lines
4.2 KiB
Python
120 lines
4.2 KiB
Python
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import mock
|
|
from webob import exc
|
|
|
|
from heat.api.openstack.v1 import util
|
|
from heat.common import context
|
|
from heat.common import policy
|
|
from heat.common import wsgi
|
|
from heat.tests import common
|
|
|
|
|
|
class TestGetAllowedParams(common.HeatTestCase):
|
|
def setUp(self):
|
|
super(TestGetAllowedParams, self).setUp()
|
|
req = wsgi.Request({})
|
|
self.params = req.params.copy()
|
|
self.params.add('foo', 'foo value')
|
|
self.whitelist = {'foo': 'single'}
|
|
|
|
def test_returns_empty_dict(self):
|
|
self.whitelist = {}
|
|
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertEqual({}, result)
|
|
|
|
def test_only_adds_whitelisted_params_if_param_exists(self):
|
|
self.whitelist = {'foo': 'single'}
|
|
self.params.clear()
|
|
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertNotIn('foo', result)
|
|
|
|
def test_returns_only_whitelisted_params(self):
|
|
self.params.add('bar', 'bar value')
|
|
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertIn('foo', result)
|
|
self.assertNotIn('bar', result)
|
|
|
|
def test_handles_single_value_params(self):
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertEqual('foo value', result['foo'])
|
|
|
|
def test_handles_multiple_value_params(self):
|
|
self.whitelist = {'foo': 'multi'}
|
|
self.params.add('foo', 'foo value 2')
|
|
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertEqual(2, len(result['foo']))
|
|
self.assertIn('foo value', result['foo'])
|
|
self.assertIn('foo value 2', result['foo'])
|
|
|
|
def test_handles_mixed_value_param_with_multiple_entries(self):
|
|
self.whitelist = {'foo': 'mixed'}
|
|
self.params.add('foo', 'foo value 2')
|
|
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertEqual(2, len(result['foo']))
|
|
self.assertIn('foo value', result['foo'])
|
|
self.assertIn('foo value 2', result['foo'])
|
|
|
|
def test_handles_mixed_value_param_with_single_entry(self):
|
|
self.whitelist = {'foo': 'mixed'}
|
|
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertEqual('foo value', result['foo'])
|
|
|
|
def test_ignores_bogus_whitelist_items(self):
|
|
self.whitelist = {'foo': 'blah'}
|
|
result = util.get_allowed_params(self.params, self.whitelist)
|
|
self.assertNotIn('foo', result)
|
|
|
|
|
|
class TestPolicyEnforce(common.HeatTestCase):
|
|
def setUp(self):
|
|
super(TestPolicyEnforce, self).setUp()
|
|
self.req = wsgi.Request({})
|
|
self.req.context = context.RequestContext(tenant_id='foo',
|
|
is_admin=False)
|
|
|
|
class DummyController(object):
|
|
REQUEST_SCOPE = 'test'
|
|
|
|
@util.policy_enforce
|
|
def an_action(self, req):
|
|
return 'woot'
|
|
|
|
self.controller = DummyController()
|
|
|
|
@mock.patch.object(policy.Enforcer, 'enforce')
|
|
def test_policy_enforce_tenant_mismatch(self, mock_enforce):
|
|
mock_enforce.return_value = True
|
|
|
|
self.assertEqual('woot',
|
|
self.controller.an_action(self.req, 'foo'))
|
|
|
|
self.assertRaises(exc.HTTPForbidden,
|
|
self.controller.an_action,
|
|
self.req, tenant_id='bar')
|
|
|
|
@mock.patch.object(policy.Enforcer, 'enforce')
|
|
def test_policy_enforce_policy_deny(self, mock_enforce):
|
|
mock_enforce.return_value = False
|
|
|
|
self.assertRaises(exc.HTTPForbidden,
|
|
self.controller.an_action,
|
|
self.req, tenant_id='foo')
|