Add tests for container action policy

Add tests for container action policy that only the user who creates the container can operate the container. Change-Id: I9c7337ea279c893dd9645735a784f7946176ed64 Closes-Bug: #1557268
2016-03-15 11:27:44 +08:00 · 2016-03-15 11:27:44 +08:00 · a209b13adb
parent 4256e8780e
commit a209b13adb
1 changed files with 23 additions and 0 deletions
--- a/magnum/tests/unit/api/controllers/v1/test_container.py
+++ b/magnum/tests/unit/api/controllers/v1/test_container.py
@ -731,3 +731,26 @@ class TestContainerEnforcement(api_base.FunctionalTest):
            "container:delete", self.delete,
            '/containers/%s' % container.uuid,
            expect_errors=True)
+
+    def test_policy_only_owner_logs(self):
+        container = obj_utils.create_test_container(self.context,
+                                                    user_id='another')
+        self._owner_check("container:logs", self.get_json,
+                          '/containers/logs/%s' % container.uuid,
+                          expect_errors=True)
+
+    def test_policy_only_owner_execute(self):
+        container = obj_utils.create_test_container(self.context,
+                                                    user_id='another')
+        self._owner_check("container:execute", self.put_json,
+                          '/containers/execute/%s/ls' % container.uuid,
+                          {}, expect_errors=True)
+
+    def test_policy_only_owner_actions(self):
+        actions = ['start', 'stop', 'reboot', 'pause', 'unpause']
+        container = obj_utils.create_test_container(self.context,
+                                                    user_id='another')
+        for action in actions:
+            self._owner_check('container:%s' % action, self.put_json,
+                              '/containers/%s/%s' % (action, container.uuid),
+                              {}, expect_errors=True)