openstack/neutron
Code Issues Proposed changes

Fix expected exception raised when new scope types are enforced

Browse Source 
After fix for the related bug will be fixed in oslo_policy [1],
InvalidScope exception will be raised for the API requests done with
project scope when "system" scope is required.
This patch changes our API policies unit tests to expect proper
exception to be raised in such cases.

This patch also bumps minimum required oslo.policy version to
3.10.1 which contains fix for the scope enforcement in the
custom rules.
Finally it also re-enables enforcing scope in those UT.

[1] https://review.opendev.org/c/openstack/oslo.policy/+/804980

Related-Bug: #1923503
Change-Id: I4c209fa4f504440a44d21a05f2703259f62519a5
This commit is contained in:
Slawek Kaplonski 2021-12-20 15:24:29 +01:00
parent 0baf23d521
commit da8d0eaeea
17 changed files with 217 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lower-constraints.txt
View File

@ -67,7 +67,7 @@ oslo.i18n==3.20.0
oslo.log==4.5.0
oslo.messaging==7.0.0
oslo.middleware==3.31.0
oslo.policy==3.7.0
oslo.policy==3.10.1
oslo.privsep==2.3.0
oslo.reports==1.18.0
oslo.rootwrap==5.8.0

2
neutron/tests/unit/conf/policies/base.py
View File

@ -40,7 +40,7 @@ class PolicyBaseTestCase(tests_base.BaseTestCase):
# https://review.opendev.org/c/openstack/oslo.policy/+/804980 will be
# merged and released in oslo_policy
cfg.CONF.set_override(
'enforce_scope', False, group='oslo_policy')
'enforce_scope', True, group='oslo_policy')
super(PolicyBaseTestCase, self).setUp()
self.project_id = uuidutils.generate_uuid()
self.system_user_id = uuidutils.generate_uuid()

22
neutron/tests/unit/conf/policies/test_agent.py
View File

@ -147,67 +147,67 @@ class ProjectAdminTests(AgentAPITestCase):
def test_get_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_agent", self.target)
def test_update_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "update_agent", self.target)
def test_delete_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "delete_agent", self.target)
def test_add_network_to_dhcp_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "create_dhcp-network", self.target)
def test_networks_on_dhcp_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_dhcp-networks", self.target)
def test_delete_network_from_dhcp_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "delete_dhcp-network", self.target)
def test_add_router_to_l3_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "create_l3-router", self.target)
def test_get_routers_on_l3_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_l3-routers", self.target)
def test_delete_router_from_l3_agent(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "delete_l3-router", self.target)
def test_get_dhcp_agents_hosting_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_dhcp-agents", self.target)
def test_get_l3_agents_hosting_router(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, "get_l3-agents", self.target)

2
neutron/tests/unit/conf/policies/test_availability_zone.py
View File

@ -32,6 +32,6 @@ class AvailabilityZoneAPITestCase(base.PolicyBaseTestCase):
def test_project_reader_can_not_get_availability_zone(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.project_reader_ctx, "get_availability_zone", self.target)

16
neutron/tests/unit/conf/policies/test_flavor.py
View File

@ -161,50 +161,50 @@ class ProjectAdminTests(FlavorAPITestCase):
def test_create_flavor(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_flavor', self.target)
def test_update_flavor(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_flavor', self.target)
def test_delete_flavor(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_flavor', self.target)
def test_create_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_service_profile', self.target)
def test_update_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_service_profile', self.target)
def test_delete_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_service_profile', self.target)
def test_create_flavor_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_flavor_service_profile',
self.target)
def test_delete_flavor_service_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_flavor_service_profile',
self.target)

10
neutron/tests/unit/conf/policies/test_logging.py
View File

@ -98,27 +98,27 @@ class ProjectAdminTests(LoggingAPITestCase):
def test_get_loggable_resource(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_loggable_resource', self.target)
def test_create_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_log', self.target)
def test_get_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_log', self.target)
def test_update_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_log', self.target)
def test_delete_log(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'delete_log', self.target)

144
neutron/tests/unit/conf/policies/test_network.py
View File

@ -474,31 +474,31 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_create_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.alt_target)
def test_create_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.alt_target)
def test_create_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.alt_target)
@ -515,45 +515,45 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_create_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.alt_target)
def test_create_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type',
self.alt_target)
def test_create_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.alt_target)
def test_create_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.alt_target)
@ -577,44 +577,44 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_get_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.alt_target)
def test_get_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.alt_target)
def test_get_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.alt_target)
def test_get_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.alt_target)
@ -629,76 +629,76 @@ class ProjectAdminTests(NetworkAPITestCase):
def test_update_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.alt_target)
def test_update_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.alt_target)
def test_update_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type',
self.alt_target)
def test_update_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.alt_target)
def test_update_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.alt_target)
def test_update_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.alt_target)
def test_update_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.alt_target)
@ -745,31 +745,31 @@ class ProjectReaderTests(ProjectMemberTests):
def test_create_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:shared', self.alt_target)
def test_create_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:router:external', self.alt_target)
def test_create_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:is_default', self.alt_target)
@ -787,89 +787,89 @@ class ProjectReaderTests(ProjectMemberTests):
def test_create_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:segments', self.alt_target)
def test_create_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:network_type',
self.alt_target)
def test_create_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:physical_network',
self.alt_target)
def test_create_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network:provider:segmentation_id',
self.alt_target)
def test_get_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:segments', self.alt_target)
def test_get_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:network_type', self.alt_target)
def test_get_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:physical_network',
self.alt_target)
def test_get_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network:provider:segmentation_id',
self.alt_target)
@ -884,76 +884,76 @@ class ProjectReaderTests(ProjectMemberTests):
def test_update_network_segments(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:segments', self.alt_target)
def test_update_network_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:shared', self.alt_target)
def test_update_network_provider_network_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:network_type',
self.alt_target)
def test_update_network_provider_physical_network(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:physical_network',
self.alt_target)
def test_update_network_provider_segmentation_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:provider:segmentation_id',
self.alt_target)
def test_update_network_external(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:router:external', self.alt_target)
def test_update_network_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network:is_default', self.alt_target)

2
neutron/tests/unit/conf/policies/test_network_ip_availability.py
View File

@ -60,7 +60,7 @@ class ProjectAdminTests(NetworkIPAvailabilityAPITestCase):
def test_get_network_ip_availability(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network_ip_availability', self.target)

8
neutron/tests/unit/conf/policies/test_network_segment_range.py
View File

@ -93,25 +93,25 @@ class ProjectAdminTests(NetworkSegmentRangeAPITestCase):
def test_create_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_network_segment_range', self.target)
def test_get_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_network_segment_range', self.target)
def test_update_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_network_segment_range', self.target)
def test_delete_network_segment_range(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_network_segment_range', self.target)

72
neutron/tests/unit/conf/policies/test_port.py
View File

@ -724,21 +724,21 @@ class ProjectAdminTests(PortAPITestCase):
def test_create_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.alt_target)
def test_create_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.alt_target)
@ -792,51 +792,51 @@ class ProjectAdminTests(PortAPITestCase):
def test_get_port_binding_vif_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.alt_target)
def test_get_port_binding_vif_details(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.alt_target)
def test_get_port_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.alt_target)
def test_get_port_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.alt_target)
def test_get_port_resource_request(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.alt_target)
@ -908,21 +908,21 @@ class ProjectAdminTests(PortAPITestCase):
def test_update_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.alt_target)
def test_update_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.alt_target)
@ -1057,21 +1057,21 @@ class ProjectMemberTests(ProjectAdminTests):
def test_create_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:host_id',
self.alt_target)
def test_create_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_port:binding:profile',
self.alt_target)
@ -1113,51 +1113,51 @@ class ProjectMemberTests(ProjectAdminTests):
def test_get_port_binding_vif_type(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_type',
self.alt_target)
def test_get_port_binding_vif_details(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:vif_details',
self.alt_target)
def test_get_port_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:host_id',
self.alt_target)
def test_get_port_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:binding:profile',
self.alt_target)
def test_get_port_resource_request(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'get_port:resource_request',
self.alt_target)
@ -1227,21 +1227,21 @@ class ProjectMemberTests(ProjectAdminTests):
def test_update_port_with_binding_host_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:host_id',
self.alt_target)
def test_update_port_with_binding_profile(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_port:binding:profile',
self.alt_target)

60
neutron/tests/unit/conf/policies/test_qos.py
View File

@ -114,26 +114,26 @@ class ProjectAdminQosPolicyTests(QosPolicyAPITestCase):
def test_create_policy(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_policy', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'create_policy', self.alt_target)
def test_update_policy(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_policy', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'update_policy', self.alt_target)
def test_delete_policy(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'delete_policy', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce, self.context, 'delete_policy', self.alt_target)
@ -415,24 +415,24 @@ class ProjectAdminQosBandwidthLimitRuleTests(QosRulesAPITestCase):
def test_create_policy_bandwidth_limit_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_bandwidth_limit_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_bandwidth_limit_rule',
self.alt_target)
def test_update_policy_bandwidth_limit_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_bandwidth_limit_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_bandwidth_limit_rule',
self.alt_target)
@ -451,12 +451,12 @@ class ProjectAdminQosBandwidthLimitRuleTests(QosRulesAPITestCase):
def test_delete_policy_bandwidth_limit_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_bandwidth_limit_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_bandwidth_limit_rule',
self.alt_target)
@ -671,24 +671,24 @@ class ProjectAdminQosDSCPMarkingRuleTests(QosRulesAPITestCase):
def test_create_policy_dscp_marking_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_dscp_marking_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_dscp_marking_rule',
self.alt_target)
def test_update_policy_dscp_marking_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_dscp_marking_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_dscp_marking_rule',
self.alt_target)
@ -707,12 +707,12 @@ class ProjectAdminQosDSCPMarkingRuleTests(QosRulesAPITestCase):
def test_delete_policy_dscp_marking_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_dscp_marking_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_dscp_marking_rule',
self.alt_target)
@ -929,24 +929,24 @@ class ProjectAdminQosMinimumBandwidthRuleTests(QosRulesAPITestCase):
def test_create_policy_minimum_bandwidth_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_bandwidth_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_bandwidth_rule',
self.alt_target)
def test_update_policy_minimum_bandwidth_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_bandwidth_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_bandwidth_rule',
self.alt_target)
@ -965,12 +965,12 @@ class ProjectAdminQosMinimumBandwidthRuleTests(QosRulesAPITestCase):
def test_delete_policy_minimum_bandwidth_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_bandwidth_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_bandwidth_rule',
self.alt_target)
@ -1122,36 +1122,36 @@ class ProjectAdminQosMinimumPacketRateRuleTests(QosRulesAPITestCase):
def test_create_policy_minimum_packet_rate_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_packet_rate_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_policy_minimum_packet_rate_rule',
self.alt_target)
def test_update_policy_minimum_packet_rate_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_packet_rate_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_policy_minimum_packet_rate_rule',
self.alt_target)
def test_delete_policy_minimum_packet_rate_rule(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_packet_rate_rule',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_policy_minimum_packet_rate_rule',
self.alt_target)

12
neutron/tests/unit/conf/policies/test_quotas.py
View File

@ -94,31 +94,31 @@ class ProjectAdminTests(QuoatsAPITestCase):
def test_get_quota(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_quota', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_quota', self.alt_target)
def test_update_quota(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_quota', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_quota', self.alt_target)
def test_delete_quota(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_quota', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_quota', self.alt_target)

40
neutron/tests/unit/conf/policies/test_router.py
View File

@ -422,21 +422,21 @@ class ProjectAdminTests(RouterAPITestCase):
def test_create_router_distributed(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:distributed', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:distributed', self.alt_target)
def test_create_router_ha(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:ha', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:ha', self.alt_target)
@ -464,25 +464,25 @@ class ProjectAdminTests(RouterAPITestCase):
def test_create_router_external_gateway_info_enable_snat(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:external_gateway_info:enable_snat',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_router:external_gateway_info:enable_snat',
self.alt_target)
def test_create_router_external_gateway_info_external_fixed_ips(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context,
'create_router:external_gateway_info:external_fixed_ips',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context,
'create_router:external_gateway_info:external_fixed_ips',
@ -498,21 +498,21 @@ class ProjectAdminTests(RouterAPITestCase):
def test_get_router_distributed(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_router:distributed', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_router:distributed', self.alt_target)
def test_get_router_ha(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_router:ha', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_router:ha', self.alt_target)
@ -526,21 +526,21 @@ class ProjectAdminTests(RouterAPITestCase):
def test_update_router_distributed(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_router:distributed', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_router:distributed', self.alt_target)
def test_update_router_ha(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_router:ha', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_router:ha', self.alt_target)
@ -568,25 +568,25 @@ class ProjectAdminTests(RouterAPITestCase):
def test_update_router_external_gateway_info_enable_snat(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_router:external_gateway_info:enable_snat',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_router:external_gateway_info:enable_snat',
self.alt_target)
def test_update_router_external_gateway_info_external_fixed_ips(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context,
'update_router:external_gateway_info:external_fixed_ips',
self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context,
'update_router:external_gateway_info:external_fixed_ips',

8
neutron/tests/unit/conf/policies/test_segment.py
View File

@ -89,25 +89,25 @@ class ProjectAdminTests(SegmentAPITestCase):
def test_create_segment(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_segment', self.target)
def test_get_segment(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_segment', self.target)
def test_update_segment(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_segment', self.target)
def test_delete_segment(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'delete_segment', self.target)

20
neutron/tests/unit/conf/policies/test_subnet.py
View File

@ -218,21 +218,21 @@ class ProjectAdminTests(SubnetAPITestCase):
def test_create_subnet_segment_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnet:segment_id', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnet:segment_id', self.alt_target)
def test_create_subnet_service_types(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnet:service_types', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnet:service_types', self.alt_target)
@ -246,11 +246,11 @@ class ProjectAdminTests(SubnetAPITestCase):
def test_get_subnet_segment_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_subnet:segment_id', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'get_subnet:segment_id', self.alt_target)
@ -264,21 +264,21 @@ class ProjectAdminTests(SubnetAPITestCase):
def test_update_subnet_segment_id(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_subnet:segment_id', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_subnet:segment_id', self.alt_target)
def test_update_subnet_service_types(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_subnet:service_types', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_subnet:service_types', self.alt_target)

12
neutron/tests/unit/conf/policies/test_subnetpool.py
View File

@ -222,21 +222,21 @@ class ProjectAdminTests(SubnetpoolAPITestCase):
def test_create_subnetpool_shared(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnetpool:shared', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnetpool:shared', self.alt_target)
def test_create_subnetpool_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnetpool:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'create_subnetpool:is_default', self.alt_target)
@ -258,11 +258,11 @@ class ProjectAdminTests(SubnetpoolAPITestCase):
def test_update_subnetpool_default(self):
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_subnetpool:is_default', self.target)
self.assertRaises(
base_policy.PolicyNotAuthorized,
base_policy.InvalidScope,
policy.enforce,
self.context, 'update_subnetpool:is_default', self.alt_target)

2
requirements.txt
View File

@ -33,7 +33,7 @@ oslo.i18n>=3.20.0 # Apache-2.0
oslo.log>=4.5.0 # Apache-2.0
oslo.messaging>=7.0.0 # Apache-2.0
oslo.middleware>=3.31.0 # Apache-2.0
oslo.policy>=3.7.0 # Apache-2.0
oslo.policy>=3.10.1 # Apache-2.0
oslo.privsep>=2.3.0 # Apache-2.0
oslo.reports>=1.18.0 # Apache-2.0
oslo.rootwrap>=5.8.0 # Apache-2.0