From b80f152edfd082de66ab474d7c8c191d8765bd99 Mon Sep 17 00:00:00 2001 From: LIU Yulong Date: Tue, 15 Feb 2022 14:16:31 +0800 Subject: [PATCH] Add policy for packet rate limit rules This is going to add policy rules for packet rate limit rules of https://review.opendev.org/c/openstack/neutron/+/796363 Partially-Implements: bp/packet-rate-limit Related-Bug: #1938966 Related-Bug: #1912460 Change-Id: I20e45f73869d23f93acf4d7bc4cd378d1fa9a986 --- neutron/conf/policies/qos.py | 56 +++++++ neutron/tests/unit/conf/policies/test_qos.py | 158 +++++++++++++++++++ 2 files changed, 214 insertions(+) diff --git a/neutron/conf/policies/qos.py b/neutron/conf/policies/qos.py index 9a0dae0ac69..c9bdd93c45d 100644 --- a/neutron/conf/policies/qos.py +++ b/neutron/conf/policies/qos.py @@ -192,6 +192,62 @@ rules = [ deprecated_since=versionutils.deprecated.WALLABY) ), + policy.DocumentedRuleDefault( + name='get_policy_packet_rate_limit_rule', + check_str=base.PROJECT_READER, + scope_types=['project'], + description='Get a QoS packet rate limit rule', + operations=[ + { + 'method': 'GET', + 'path': '/qos/policies/{policy_id}/packet_rate_limit_rules', + }, + { + 'method': 'GET', + 'path': ('/qos/policies/{policy_id}/' + 'packet_rate_limit_rules/{rule_id}'), + }, + ] + ), + policy.DocumentedRuleDefault( + name='create_policy_packet_rate_limit_rule', + check_str=base.PROJECT_ADMIN, + scope_types=['project'], + description='Create a QoS packet rate limit rule', + operations=[ + { + 'method': 'POST', + 'path': '/qos/policies/{policy_id}/packet_rate_limit_rules', + }, + ] + ), + policy.DocumentedRuleDefault( + name='update_policy_packet_rate_limit_rule', + check_str=base.PROJECT_ADMIN, + scope_types=['project'], + description='Update a QoS packet rate limit rule', + operations=[ + { + 'method': 'PUT', + 'path': ('/qos/policies/{policy_id}/' + 'packet_rate_limit_rules/{rule_id}'), + }, + ] + ), + policy.DocumentedRuleDefault( + name='delete_policy_packet_rate_limit_rule', + check_str=base.PROJECT_ADMIN, + scope_types=['project'], + description='Delete a QoS packet rate limit rule', + operations=[ + { + 'method': 'DELETE', + 'path': ('/qos/policies/{policy_id}/' + 'packet_rate_limit_rules/{rule_id}'), + }, + ] + ), + policy.DocumentedRuleDefault( name='get_policy_dscp_marking_rule', check_str=base.PROJECT_READER, diff --git a/neutron/tests/unit/conf/policies/test_qos.py b/neutron/tests/unit/conf/policies/test_qos.py index 393ac4b23e4..43ef2fcbb0e 100644 --- a/neutron/tests/unit/conf/policies/test_qos.py +++ b/neutron/tests/unit/conf/policies/test_qos.py @@ -521,6 +521,164 @@ class ProjectReaderQosBandwidthLimitRuleTests( self.context = self.project_reader_ctx +class SystemAdminQosPacketRateLimitRuleTests(QosRulesAPITestCase): + + def setUp(self): + super(SystemAdminQosPacketRateLimitRuleTests, self).setUp() + self.context = self.system_admin_ctx + + def test_get_policy_packet_rate_limit_rule(self): + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'get_policy_packet_rate_limit_rule', + self.target) + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'get_policy_packet_rate_limit_rule', + self.alt_target) + + def test_create_policy_packet_rate_limit_rule(self): + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'create_policy_packet_rate_limit_rule', + self.target) + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'create_policy_packet_rate_limit_rule', + self.alt_target) + + def test_update_policy_packet_rate_limit_rule(self): + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'update_policy_packet_rate_limit_rule', + self.target) + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'update_policy_packet_rate_limit_rule', + self.alt_target) + + def test_delete_policy_packet_rate_limit_rule(self): + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'delete_policy_packet_rate_limit_rule', + self.target) + self.assertRaises( + base_policy.InvalidScope, + policy.enforce, + self.context, 'delete_policy_packet_rate_limit_rule', + self.alt_target) + + +class ProjectAdminQosPacketRateLimitRuleTests(QosRulesAPITestCase): + + def setUp(self): + super(ProjectAdminQosPacketRateLimitRuleTests, self).setUp() + self.context = self.project_admin_ctx + + def test_get_policy_packet_rate_limit_rule(self): + self.assertTrue( + policy.enforce(self.context, + 'get_policy_packet_rate_limit_rule', + self.target)) + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'get_policy_packet_rate_limit_rule', + self.alt_target) + + def test_create_policy_packet_rate_limit_rule(self): + self.assertTrue( + policy.enforce(self.context, + 'create_policy_packet_rate_limit_rule', + self.target)) + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'create_policy_packet_rate_limit_rule', + self.alt_target) + + def test_update_policy_packet_rate_limit_rule(self): + self.assertTrue( + policy.enforce(self.context, + 'update_policy_packet_rate_limit_rule', + self.target)) + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'update_policy_packet_rate_limit_rule', + self.alt_target) + + def test_delete_policy_packet_rate_limit_rule(self): + self.assertTrue( + policy.enforce(self.context, + 'delete_policy_packet_rate_limit_rule', + self.target)) + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'delete_policy_packet_rate_limit_rule', + self.alt_target) + + +class ProjectMemberQosPacketRateLimitRuleTests( + ProjectAdminQosPacketRateLimitRuleTests): + + def setUp(self): + super(ProjectMemberQosPacketRateLimitRuleTests, self).setUp() + self.context = self.project_member_ctx + + def test_create_policy_packet_rate_limit_rule(self): + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'create_policy_packet_rate_limit_rule', + self.target) + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'create_policy_packet_rate_limit_rule', + self.alt_target) + + def test_update_policy_packet_rate_limit_rule(self): + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'update_policy_packet_rate_limit_rule', + self.target) + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'update_policy_packet_rate_limit_rule', + self.alt_target) + + def test_delete_policy_packet_rate_limit_rule(self): + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'delete_policy_packet_rate_limit_rule', + self.target) + self.assertRaises( + base_policy.PolicyNotAuthorized, + policy.enforce, + self.context, 'delete_policy_packet_rate_limit_rule', + self.alt_target) + + +class ProjectReaderQosPacketRateLimitRuleTests( + ProjectMemberQosPacketRateLimitRuleTests): + + def setUp(self): + super(ProjectReaderQosPacketRateLimitRuleTests, self).setUp() + self.context = self.project_reader_ctx + + class SystemAdminQosDSCPMarkingRuleTests(QosRulesAPITestCase): def setUp(self):