From 6dc5a869b12de97922d52eda1dc29247761d44bb Mon Sep 17 00:00:00 2001
From: Slawek Kaplonski <skaplons@redhat.com>
Date: Thu, 1 Apr 2021 11:18:59 +0200
Subject: [PATCH] Add tests for logging API's new policy rules

Related-blueprint: bp/secure-rbac-roles
Change-Id: If1c24df665ce436b581316010e95b311c56d9f56
---
 .../tests/unit/conf/policies/test_logging.py  | 136 ++++++++++++++++++
 1 file changed, 136 insertions(+)
 create mode 100644 neutron/tests/unit/conf/policies/test_logging.py

diff --git a/neutron/tests/unit/conf/policies/test_logging.py b/neutron/tests/unit/conf/policies/test_logging.py
new file mode 100644
index 00000000000..c287f0690a5
--- /dev/null
+++ b/neutron/tests/unit/conf/policies/test_logging.py
@@ -0,0 +1,136 @@
+# Copyright (c) 2021 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from oslo_policy import policy as base_policy
+
+from neutron import policy
+from neutron.tests.unit.conf.policies import base
+
+
+class LoggingAPITestCase(base.PolicyBaseTestCase):
+
+    def setUp(self):
+        super(LoggingAPITestCase, self).setUp()
+        self.target = {'project_id': self.project_id}
+
+
+class SystemAdminTests(LoggingAPITestCase):
+
+    def setUp(self):
+        super(SystemAdminTests, self).setUp()
+        self.context = self.system_admin_ctx
+
+    def test_get_loggable_resource(self):
+        self.assertTrue(
+            policy.enforce(self.context, 'get_loggable_resource', self.target))
+
+    def test_create_log(self):
+        self.assertTrue(
+            policy.enforce(self.context, 'create_log', self.target))
+
+    def test_get_log(self):
+        self.assertTrue(
+            policy.enforce(self.context, 'get_log', self.target))
+
+    def test_update_log(self):
+        self.assertTrue(
+            policy.enforce(self.context, 'update_log', self.target))
+
+    def test_delete_log(self):
+        self.assertTrue(
+            policy.enforce(self.context, 'delete_log', self.target))
+
+
+class SystemMemberTests(LoggingAPITestCase):
+
+    def setUp(self):
+        super(SystemMemberTests, self).setUp()
+        self.context = self.system_member_ctx
+
+    def test_get_loggable_resource(self):
+        self.assertTrue(
+            policy.enforce(self.context, 'get_loggable_resource', self.target))
+
+    def test_create_log(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'create_log', self.target)
+
+    def test_get_log(self):
+        self.assertTrue(
+            policy.enforce(self.context, 'get_log', self.target))
+
+    def test_update_log(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'update_log', self.target)
+
+    def test_delete_log(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'delete_log', self.target)
+
+
+class SystemReaderTests(SystemMemberTests):
+
+    def setUp(self):
+        super(SystemReaderTests, self).setUp()
+        self.context = self.system_reader_ctx
+
+
+class ProjectAdminTests(LoggingAPITestCase):
+
+    def setUp(self):
+        super(ProjectAdminTests, self).setUp()
+        self.context = self.project_admin_ctx
+
+    def test_get_loggable_resource(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'get_loggable_resource', self.target)
+
+    def test_create_log(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'create_log', self.target)
+
+    def test_get_log(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'get_log', self.target)
+
+    def test_update_log(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'update_log', self.target)
+
+    def test_delete_log(self):
+        self.assertRaises(
+            base_policy.PolicyNotAuthorized,
+            policy.enforce, self.context, 'delete_log', self.target)
+
+
+class ProjectMemberTests(ProjectAdminTests):
+
+    def setUp(self):
+        super(ProjectMemberTests, self).setUp()
+        self.context = self.project_member_ctx
+
+
+class ProjectReaderTests(ProjectMemberTests):
+
+    def setUp(self):
+        super(ProjectReaderTests, self).setUp()
+        self.context = self.project_reader_ctx