From 05d9e75c034b6b46b0254de23c47a58641833b7d Mon Sep 17 00:00:00 2001 From: houming-wang Date: Thu, 7 Jan 2016 22:36:30 -0500 Subject: [PATCH] Add policy enforcement unittest to magnum_service Add policy enforcement unittest for magnum_service to imporve test coverage and code quality. Change-Id: I9377f99a361572e985717d950e2812bf69fefb92 Related-Bug: #1520311 --- .../api/controllers/v1/test_magnum_service.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/magnum/tests/unit/api/controllers/v1/test_magnum_service.py b/magnum/tests/unit/api/controllers/v1/test_magnum_service.py index b5ce28872d..5b556d1ffe 100644 --- a/magnum/tests/unit/api/controllers/v1/test_magnum_service.py +++ b/magnum/tests/unit/api/controllers/v1/test_magnum_service.py @@ -11,6 +11,8 @@ # limitations under the License. +import json + import mock from magnum.api.controllers.v1 import magnum_services as mservice @@ -83,3 +85,20 @@ class TestMagnumServiceController(api_base.FunctionalTest): for i in range(svc_num): elem = response['mservices'][i] self.assertEqual(i + 1, elem['id']) + + +class TestMagnumServiceEnforcement(api_base.FunctionalTest): + + def _common_policy_check(self, rule, func, *arg, **kwarg): + self.policy.set_rules({rule: 'project:non_fake'}) + response = func(*arg, **kwarg) + self.assertEqual(403, response.status_int) + self.assertEqual('application/json', response.content_type) + self.assertTrue( + "Policy doesn't allow %s to be performed." % rule, + json.loads(response.json['error_message'])['faultstring']) + + def test_policy_disallow_get_all(self): + self._common_policy_check( + 'magnum-service:get_all', self.get_json, + '/mservices', expect_errors=True)