Merge "Add policy enforcement unittest to magnum_service"

2016-01-08 22:22:58 +00:00 · 2016-01-08 22:22:58 +00:00 · 9d23a79c31
parent 107e40bb5f 05d9e75c03
commit 9d23a79c31
1 changed files with 19 additions and 0 deletions
--- a/magnum/tests/unit/api/controllers/v1/test_magnum_service.py
+++ b/magnum/tests/unit/api/controllers/v1/test_magnum_service.py
@ -11,6 +11,8 @@
 #    limitations under the License.


+import json
+
 import mock

 from magnum.api.controllers.v1 import magnum_services as mservice
@ -83,3 +85,20 @@ class TestMagnumServiceController(api_base.FunctionalTest):
        for i in range(svc_num):
            elem = response['mservices'][i]
            self.assertEqual(i + 1, elem['id'])
+
+
+class TestMagnumServiceEnforcement(api_base.FunctionalTest):
+
+    def _common_policy_check(self, rule, func, *arg, **kwarg):
+        self.policy.set_rules({rule: 'project:non_fake'})
+        response = func(*arg, **kwarg)
+        self.assertEqual(403, response.status_int)
+        self.assertEqual('application/json', response.content_type)
+        self.assertTrue(
+            "Policy doesn't allow %s to be performed." % rule,
+            json.loads(response.json['error_message'])['faultstring'])
+
+    def test_policy_disallow_get_all(self):
+        self._common_policy_check(
+            'magnum-service:get_all', self.get_json,
+            '/mservices', expect_errors=True)