From 3b66a9ff77a0c77075a1320d832f97de7aeab22a Mon Sep 17 00:00:00 2001 From: Ihar Hrachyshka Date: Wed, 18 Mar 2015 14:21:57 +0100 Subject: [PATCH] tests: don't rely on configuration files outside tests directory etc/... may be non existent in some build environments. It's also pip does not install those files under site-packages neutron module, so paths relative to python files don't work. So instead of using relative paths to etc/... contents, maintain our own version of configuration files. It means we need to maintain tests only policy.json file too, in addition to neutron.conf.test and api-paste.ini.test. Ideally, we would make etc/policy.json copied under site-packages in addition to /etc/neutron/. In that way, we would not maintain a copy of policy.json file in two places. Though it seems that setuputils does not have a good way to install files under site-packages that would consider all the differences between python environments (specifically, different prefixes used in different systems). Note: it's not *absolutely* needed to update the test policy.json file on each next policy update, though it will be needed in cases when we want to test policy changes in unit tests. So adding a check to make sure files are identical. This partially reverts commit 1404f33b50452d4c0e0ef8c748011ce80303c2fd. Conflicts: neutron/policy.py Related-Bug: #1433146 Change-Id: If1f5ebd981cf06558d5102524211799676068889 --- neutron/tests/base.py | 16 ++-- neutron/tests/etc/policy.json | 154 ++++++++++++++++++++++++++++++++++ tools/misc-sanity-checks.sh | 13 +++ 3 files changed, 173 insertions(+), 10 deletions(-) create mode 100644 neutron/tests/etc/policy.json diff --git a/neutron/tests/base.py b/neutron/tests/base.py index 63e5e68e199..b3956588100 100644 --- a/neutron/tests/base.py +++ b/neutron/tests/base.py @@ -48,12 +48,12 @@ CONF = cfg.CONF CONF.import_opt('state_path', 'neutron.common.config') LOG_FORMAT = "%(asctime)s %(levelname)8s [%(name)s] %(message)s" -ROOT_DIR = os.path.join(os.path.dirname(__file__), '..', '..') -TEST_ROOT_DIR = os.path.dirname(__file__) +ROOTDIR = os.path.dirname(__file__) +ETCDIR = os.path.join(ROOTDIR, 'etc') -def etcdir(filename, root=TEST_ROOT_DIR): - return os.path.join(root, 'etc', filename) +def etcdir(*p): + return os.path.join(ETCDIR, *p) def fake_use_fatal_exceptions(*args): @@ -214,12 +214,8 @@ class BaseTestCase(DietTestCase): """Create the default configurations.""" # neutron.conf.test includes rpc_backend which needs to be cleaned up if args is None: - args = ['--config-file', etcdir('neutron.conf.test')] - # this is needed to add ROOT_DIR to the list of paths that oslo.config - # will try to traverse when searching for a new config file (it's - # needed so that policy module can locate policy_file) - args += ['--config-file', etcdir('neutron.conf', root=ROOT_DIR)] - + args = [] + args += ['--config-file', etcdir('neutron.conf.test')] if conf is None: config.init(args=args) else: diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json new file mode 100644 index 00000000000..ae46bc2cd48 --- /dev/null +++ b/neutron/tests/etc/policy.json @@ -0,0 +1,154 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", + "context_is_advsvc": "role:advsvc", + "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", + "admin_only": "rule:context_is_admin", + "regular_user": "", + "shared": "field:networks:shared=True", + "shared_firewalls": "field:firewalls:shared=True", + "shared_firewall_policies": "field:firewall_policies:shared=True", + "shared_subnetpools": "field:subnetpools:shared=True", + "external": "field:networks:router:external=True", + "default": "rule:admin_or_owner", + + "create_subnet": "rule:admin_or_network_owner", + "get_subnet": "rule:admin_or_owner or rule:shared", + "update_subnet": "rule:admin_or_network_owner", + "delete_subnet": "rule:admin_or_network_owner", + + "create_subnetpool": "", + "create_subnetpool:shared": "rule:admin_only", + "get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools", + "update_subnetpool": "rule:admin_or_owner", + "delete_subnetpool": "rule:admin_or_owner", + + "create_network": "", + "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc", + "get_network:router:external": "rule:regular_user", + "get_network:segments": "rule:admin_only", + "get_network:provider:network_type": "rule:admin_only", + "get_network:provider:physical_network": "rule:admin_only", + "get_network:provider:segmentation_id": "rule:admin_only", + "get_network:queue_id": "rule:admin_only", + "create_network:shared": "rule:admin_only", + "create_network:router:external": "rule:admin_only", + "create_network:segments": "rule:admin_only", + "create_network:provider:network_type": "rule:admin_only", + "create_network:provider:physical_network": "rule:admin_only", + "create_network:provider:segmentation_id": "rule:admin_only", + "update_network": "rule:admin_or_owner", + "update_network:segments": "rule:admin_only", + "update_network:shared": "rule:admin_only", + "update_network:provider:network_type": "rule:admin_only", + "update_network:provider:physical_network": "rule:admin_only", + "update_network:provider:segmentation_id": "rule:admin_only", + "update_network:router:external": "rule:admin_only", + "delete_network": "rule:admin_or_owner", + + "create_port": "", + "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:binding:host_id": "rule:admin_only", + "create_port:binding:profile": "rule:admin_only", + "create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", + "get_port": "rule:admin_or_owner or rule:context_is_advsvc", + "get_port:queue_id": "rule:admin_only", + "get_port:binding:vif_type": "rule:admin_only", + "get_port:binding:vif_details": "rule:admin_only", + "get_port:binding:host_id": "rule:admin_only", + "get_port:binding:profile": "rule:admin_only", + "update_port": "rule:admin_or_owner or rule:context_is_advsvc", + "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc", + "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", + "update_port:binding:host_id": "rule:admin_only", + "update_port:binding:profile": "rule:admin_only", + "update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", + "delete_port": "rule:admin_or_owner or rule:context_is_advsvc", + + "get_router:ha": "rule:admin_only", + "create_router": "rule:regular_user", + "create_router:external_gateway_info:enable_snat": "rule:admin_only", + "create_router:distributed": "rule:admin_only", + "create_router:ha": "rule:admin_only", + "get_router": "rule:admin_or_owner", + "get_router:distributed": "rule:admin_only", + "update_router:external_gateway_info:enable_snat": "rule:admin_only", + "update_router:distributed": "rule:admin_only", + "update_router:ha": "rule:admin_only", + "delete_router": "rule:admin_or_owner", + + "add_router_interface": "rule:admin_or_owner", + "remove_router_interface": "rule:admin_or_owner", + + "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", + "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", + + "create_firewall": "", + "get_firewall": "rule:admin_or_owner", + "create_firewall:shared": "rule:admin_only", + "get_firewall:shared": "rule:admin_only", + "update_firewall": "rule:admin_or_owner", + "update_firewall:shared": "rule:admin_only", + "delete_firewall": "rule:admin_or_owner", + + "create_firewall_policy": "", + "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies", + "create_firewall_policy:shared": "rule:admin_or_owner", + "update_firewall_policy": "rule:admin_or_owner", + "delete_firewall_policy": "rule:admin_or_owner", + + "create_firewall_rule": "", + "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", + "update_firewall_rule": "rule:admin_or_owner", + "delete_firewall_rule": "rule:admin_or_owner", + + "create_qos_queue": "rule:admin_only", + "get_qos_queue": "rule:admin_only", + + "update_agent": "rule:admin_only", + "delete_agent": "rule:admin_only", + "get_agent": "rule:admin_only", + + "create_dhcp-network": "rule:admin_only", + "delete_dhcp-network": "rule:admin_only", + "get_dhcp-networks": "rule:admin_only", + "create_l3-router": "rule:admin_only", + "delete_l3-router": "rule:admin_only", + "get_l3-routers": "rule:admin_only", + "get_dhcp-agents": "rule:admin_only", + "get_l3-agents": "rule:admin_only", + "get_loadbalancer-agent": "rule:admin_only", + "get_loadbalancer-pools": "rule:admin_only", + "get_agent-loadbalancers": "rule:admin_only", + "get_loadbalancer-hosting-agent": "rule:admin_only", + + "create_floatingip": "rule:regular_user", + "create_floatingip:floating_ip_address": "rule:admin_only", + "update_floatingip": "rule:admin_or_owner", + "delete_floatingip": "rule:admin_or_owner", + "get_floatingip": "rule:admin_or_owner", + + "create_network_profile": "rule:admin_only", + "update_network_profile": "rule:admin_only", + "delete_network_profile": "rule:admin_only", + "get_network_profiles": "", + "get_network_profile": "", + "update_policy_profiles": "rule:admin_only", + "get_policy_profiles": "", + "get_policy_profile": "", + + "create_metering_label": "rule:admin_only", + "delete_metering_label": "rule:admin_only", + "get_metering_label": "rule:admin_only", + + "create_metering_label_rule": "rule:admin_only", + "delete_metering_label_rule": "rule:admin_only", + "get_metering_label_rule": "rule:admin_only", + + "get_service_provider": "rule:regular_user", + "get_lsn": "rule:admin_only", + "create_lsn": "rule:admin_only" +} diff --git a/tools/misc-sanity-checks.sh b/tools/misc-sanity-checks.sh index bc4d2eb0175..eeac227ed98 100644 --- a/tools/misc-sanity-checks.sh +++ b/tools/misc-sanity-checks.sh @@ -61,10 +61,23 @@ check_pot_files_errors () { fi } + +check_identical_policy_files () { + # For unit tests, we maintain their own policy.json file to make test suite + # independent of whether it's executed from the neutron source tree or from + # site-packages installation path. We don't want two copies of the same + # file to diverge, so checking that they are identical + diff etc/policy.json neutron/tests/etc/policy.json 2>&1 > /dev/null + if [ "$?" -ne 0 ]; then + echo "policy.json files must be identical!" >>$FAILURES + fi +} + # Add your checks here... check_opinionated_shell check_no_symlinks_allowed check_pot_files_errors +check_identical_policy_files # Fail, if there are emitted failures if [ -f $FAILURES ]; then