Browse Source

Merge "Fix expected exception raised when new scope types are enforced"

changes/08/821208/6
Zuul 4 months ago committed by Gerrit Code Review
parent
commit
204735f506
  1. 2
      lower-constraints.txt
  2. 2
      neutron/tests/unit/conf/policies/base.py
  3. 22
      neutron/tests/unit/conf/policies/test_agent.py
  4. 2
      neutron/tests/unit/conf/policies/test_availability_zone.py
  5. 16
      neutron/tests/unit/conf/policies/test_flavor.py
  6. 10
      neutron/tests/unit/conf/policies/test_logging.py
  7. 144
      neutron/tests/unit/conf/policies/test_network.py
  8. 2
      neutron/tests/unit/conf/policies/test_network_ip_availability.py
  9. 8
      neutron/tests/unit/conf/policies/test_network_segment_range.py
  10. 72
      neutron/tests/unit/conf/policies/test_port.py
  11. 60
      neutron/tests/unit/conf/policies/test_qos.py
  12. 12
      neutron/tests/unit/conf/policies/test_quotas.py
  13. 40
      neutron/tests/unit/conf/policies/test_router.py
  14. 8
      neutron/tests/unit/conf/policies/test_segment.py
  15. 20
      neutron/tests/unit/conf/policies/test_subnet.py
  16. 12
      neutron/tests/unit/conf/policies/test_subnetpool.py
  17. 2
      requirements.txt

2
lower-constraints.txt

@ -67,7 +67,7 @@ oslo.i18n==3.20.0
oslo.log==4.5.0
oslo.messaging==7.0.0
oslo.middleware==3.31.0
oslo.policy==3.7.0
oslo.policy==3.10.1
oslo.privsep==2.3.0
oslo.reports==1.18.0
oslo.rootwrap==5.15.0

2
neutron/tests/unit/conf/policies/base.py

@ -40,7 +40,7 @@ class PolicyBaseTestCase(tests_base.BaseTestCase):
# https://review.opendev.org/c/openstack/oslo.policy/+/804980 will be
# merged and released in oslo_policy
cfg.CONF.set_override(
'enforce_scope', False, group='oslo_policy')
'enforce_scope', True, group='oslo_policy')
super(PolicyBaseTestCase, self).setUp()
self.project_id = uuidutils.generate_uuid()
self.system_user_id = uuidutils.generate_uuid()

22
neutron/tests/unit/conf/policies/test_agent.py

@ -147,67 +147,67 @@ class ProjectAdminTests(AgentAPITestCase):
def test_get_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_agent", self.target)
def test_update_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "update_agent", self.target)
def test_delete_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "delete_agent", self.target)
def test_add_network_to_dhcp_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "create_dhcp-network", self.target)
def test_networks_on_dhcp_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_dhcp-networks", self.target)
def test_delete_network_from_dhcp_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "delete_dhcp-network", self.target)
def test_add_router_to_l3_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "create_l3-router", self.target)
def test_get_routers_on_l3_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_l3-routers", self.target)
def test_delete_router_from_l3_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "delete_l3-router", self.target)
def test_get_dhcp_agents_hosting_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_dhcp-agents", self.target)
def test_get_l3_agents_hosting_router(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_l3-agents", self.target)

2
neutron/tests/unit/conf/policies/test_availability_zone.py

@ -32,6 +32,6 @@ class AvailabilityZoneAPITestCase(base.PolicyBaseTestCase):
def test_project_reader_can_not_get_availability_zone(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.project_reader_ctx, "get_availability_zone", self.target)

16
neutron/tests/unit/conf/policies/test_flavor.py

@ -161,50 +161,50 @@ class ProjectAdminTests(FlavorAPITestCase):
def test_create_flavor(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_flavor', self.target)
def test_update_flavor(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_flavor', self.target)
def test_delete_flavor(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_flavor', self.target)
def test_create_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_service_profile', self.target)
def test_update_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_service_profile', self.target)
def test_delete_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_service_profile', self.target)
def test_create_flavor_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_flavor_service_profile',
self.target)
def test_delete_flavor_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_flavor_service_profile',
self.target)

10
neutron/tests/unit/conf/policies/test_logging.py

@ -98,27 +98,27 @@ class ProjectAdminTests(LoggingAPITestCase):
def test_get_loggable_resource(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_loggable_resource', self.target)
def test_create_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_log', self.target)
def test_get_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_log', self.target)
def test_update_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_log', self.target)
def test_delete_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'delete_log', self.target)

144
neutron/tests/unit/conf/policies/test_network.py

@ -474,31 +474,31 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_create_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.alt_target)
def test_create_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.alt_target)
def test_create_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.alt_target)
@ -515,45 +515,45 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_create_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.alt_target)
def test_create_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type',
self.alt_target)
def test_create_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.alt_target)
def test_create_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.alt_target)
@ -577,44 +577,44 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_get_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.alt_target)
def test_get_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.alt_target)
def test_get_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.alt_target)
def test_get_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.alt_target)
@ -629,76 +629,76 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_update_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.alt_target)
def test_update_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.alt_target)
def test_update_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type',
self.alt_target)
def test_update_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.alt_target)
def test_update_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.alt_target)
def test_update_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.alt_target)
def test_update_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.alt_target)
@ -745,31 +745,31 @@ class ProjectReaderTests(ProjectMemberTests):
def test_create_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.alt_target)
def test_create_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.alt_target)
def test_create_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.alt_target)
@ -787,89 +787,89 @@ class ProjectReaderTests(ProjectMemberTests):
def test_create_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.alt_target)
def test_create_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type',
self.alt_target)
def test_create_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.alt_target)
def test_create_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.alt_target)
def test_get_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.alt_target)
def test_get_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.alt_target)
def test_get_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.alt_target)
def test_get_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.alt_target)
@ -884,76 +884,76 @@ class ProjectReaderTests(ProjectMemberTests):
def test_update_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.alt_target)
def test_update_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.alt_target)
def test_update_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type',
self.alt_target)
def test_update_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.alt_target)
def test_update_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.alt_target)
def test_update_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.alt_target)
def test_update_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.alt_target)

2
neutron/tests/unit/conf/policies/test_network_ip_availability.py

@ -60,7 +60,7 @@ class ProjectAdminTests(NetworkIPAvailabilityAPITestCase):
def test_get_network_ip_availability(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network_ip_availability', self.target)

8
neutron/tests/unit/conf/policies/test_network_segment_range.py

@ -93,25 +93,25 @@ class ProjectAdminTests(NetworkSegmentRangeAPITestCase):
def test_create_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network_segment_range', self.target)
def test_get_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network_segment_range', self.target)
def test_update_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network_segment_range', self.target)
def test_delete_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_network_segment_range', self.target)

72
neutron/tests/unit/conf/policies/test_port.py

@ -724,21 +724,21 @@ class ProjectAdminTests(PortAPITestCase):
def test_create_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.alt_target)
def test_create_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.alt_target)
@ -792,51 +792,51 @@ class ProjectAdminTests(PortAPITestCase):
def test_get_port_binding_vif_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.alt_target)
def test_get_port_binding_vif_details(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.alt_target)
def test_get_port_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.alt_target)
def test_get_port_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.alt_target)
def test_get_port_resource_request(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.alt_target)
@ -908,21 +908,21 @@ class ProjectAdminTests(PortAPITestCase):
def test_update_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.alt_target)
def test_update_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.alt_target)
@ -1057,21 +1057,21 @@ class ProjectMemberTests(ProjectAdminTests):
def test_create_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.alt_target)
def test_create_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.alt_target)
@ -1113,51 +1113,51 @@ class ProjectMemberTests(ProjectAdminTests):
def test_get_port_binding_vif_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.alt_target)
def test_get_port_binding_vif_details(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.alt_target)
def test_get_port_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.alt_target)
def test_get_port_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.alt_target)
def test_get_port_resource_request(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.alt_target)
@ -1227,21 +1227,21 @@ class ProjectMemberTests(ProjectAdminTests):
def test_update_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.alt_target)
def test_update_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.alt_target)

60
neutron/tests/unit/conf/policies/test_qos.py

@ -114,26 +114,26 @@ class ProjectAdminQosPolicyTests(QosPolicyAPITestCase):
def test_create_policy(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_policy', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_policy', self.alt_target)
def test_update_policy(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_policy', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_policy', self.alt_target)
def test_delete_policy(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'delete_policy', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'delete_policy', self.alt_target)
@ -415,24 +415,24 @@ class ProjectAdminQosBandwidthLimitRuleTests(QosRulesAPITestCase):
def test_create_policy_bandwidth_limit_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_bandwidth_limit_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_bandwidth_limit_rule',
self.alt_target)
def test_update_policy_bandwidth_limit_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_bandwidth_limit_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_bandwidth_limit_rule',
self.alt_target)
@ -451,12 +451,12 @@ class ProjectAdminQosBandwidthLimitRuleTests(QosRulesAPITestCase):
def test_delete_policy_bandwidth_limit_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_bandwidth_limit_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_bandwidth_limit_rule',
self.alt_target)
@ -671,24 +671,24 @@ class ProjectAdminQosDSCPMarkingRuleTests(QosRulesAPITestCase):
def test_create_policy_dscp_marking_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_dscp_marking_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_dscp_marking_rule',
self.alt_target)
def test_update_policy_dscp_marking_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_dscp_marking_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_dscp_marking_rule',
self.alt_target)
@ -707,12 +707,12 @@ class ProjectAdminQosDSCPMarkingRuleTests(QosRulesAPITestCase):
def test_delete_policy_dscp_marking_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_dscp_marking_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_dscp_marking_rule',
self.alt_target)
@ -929,24 +929,24 @@ class ProjectAdminQosMinimumBandwidthRuleTests(QosRulesAPITestCase):
def test_create_policy_minimum_bandwidth_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_bandwidth_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_bandwidth_rule',
self.alt_target)
def test_update_policy_minimum_bandwidth_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_bandwidth_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_bandwidth_rule',
self.alt_target)
@ -965,12 +965,12 @@ class ProjectAdminQosMinimumBandwidthRuleTests(QosRulesAPITestCase):
def test_delete_policy_minimum_bandwidth_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_bandwidth_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_bandwidth_rule',
self.alt_target)
@ -1122,36 +1122,36 @@ class ProjectAdminQosMinimumPacketRateRuleTests(QosRulesAPITestCase):
def test_create_policy_minimum_packet_rate_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_packet_rate_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_packet_rate_rule',
self.alt_target)
def test_update_policy_minimum_packet_rate_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_packet_rate_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_packet_rate_rule',
self.alt_target)
def test_delete_policy_minimum_packet_rate_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_packet_rate_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_packet_rate_rule',
self.alt_target)

12
neutron/tests/unit/conf/policies/test_quotas.py

@ -94,31 +94,31 @@ class ProjectAdminTests(QuoatsAPITestCase):
def test_get_quota(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_quota', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_quota', self.alt_target)
def test_update_quota(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_quota', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_quota', self.alt_target)
def test_delete_quota(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_quota', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_quota', self.alt_target)

40
neutron/tests/unit/conf/policies/test_router.py

@ -422,21 +422,21 @@ class ProjectAdminTests(RouterAPITestCase):
def test_create_router_distributed(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:distributed', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:distributed', self.alt_target)
def test_create_router_ha(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:ha', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:ha', self.alt_target)
@ -464,25 +464,25 @@ class ProjectAdminTests(RouterAPITestCase):
def test_create_router_external_gateway_info_enable_snat(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:external_gateway_info:enable_snat',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:external_gateway_info:enable_snat',
self.alt_target)
def test_create_router_external_gateway_info_external_fixed_ips(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context,
'create_router:external_gateway_info:external_fixed_ips',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context,
'create_router:external_gateway_info:external_fixed_ips',
@ -498,21 +498,21 @@ class ProjectAdminTests(RouterAPITestCase):
def test_get_router_distributed(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_router:distributed', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,