From da8d0eaeea08bac469a4236c546103d7bfb12471 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Mon, 20 Dec 2021 15:24:29 +0100 Subject: [PATCH] Fix expected exception raised when new scope types are enforced After fix for the related bug will be fixed in oslo_policy [1], InvalidScope exception will be raised for the API requests done with project scope when "system" scope is required. This patch changes our API policies unit tests to expect proper exception to be raised in such cases. This patch also bumps minimum required oslo.policy version to 3.10.1 which contains fix for the scope enforcement in the custom rules. Finally it also re-enables enforcing scope in those UT. [1] https://review.opendev.org/c/openstack/oslo.policy/+/804980 Related-Bug: #1923503 Change-Id: I4c209fa4f504440a44d21a05f2703259f62519a5 --- lower-constraints.txt | 2 +- neutron/tests/unit/conf/policies/base.py | 2 +- .../tests/unit/conf/policies/test_agent.py | 22 +-- .../conf/policies/test_availability_zone.py | 2 +- .../tests/unit/conf/policies/test_flavor.py | 16 +- .../tests/unit/conf/policies/test_logging.py | 10 +- .../tests/unit/conf/policies/test_network.py | 144 +++++++++--------- .../policies/test_network_ip_availability.py | 2 +- .../policies/test_network_segment_range.py | 8 +- neutron/tests/unit/conf/policies/test_port.py | 72 ++++----- neutron/tests/unit/conf/policies/test_qos.py | 60 ++++---- .../tests/unit/conf/policies/test_quotas.py | 12 +- .../tests/unit/conf/policies/test_router.py | 40 ++--- .../tests/unit/conf/policies/test_segment.py | 8 +- .../tests/unit/conf/policies/test_subnet.py | 20 +-- .../unit/conf/policies/test_subnetpool.py | 12 +- requirements.txt | 2 +- 17 files changed, 217 insertions(+), 217 deletions(-) diff --git a/lower-constraints.txt b/lower-constraints.txt index a4889e8d6a1..8a210e7917e 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -67,7 +67,7 @@ oslo.i18n==3.20.0 oslo.log==4.5.0 oslo.messaging==7.0.0 oslo.middleware==3.31.0 -oslo.policy==3.7.0 +oslo.policy==3.10.1 oslo.privsep==2.3.0 oslo.reports==1.18.0 oslo.rootwrap==5.8.0 diff --git a/neutron/tests/unit/conf/policies/base.py b/neutron/tests/unit/conf/policies/base.py index 768015a42bd..a54ac0470c5 100644 --- a/neutron/tests/unit/conf/policies/base.py +++ b/neutron/tests/unit/conf/policies/base.py @@ -40,7 +40,7 @@ class PolicyBaseTestCase(tests_base.BaseTestCase): # https://review.opendev.org/c/openstack/oslo.policy/+/804980 will be # merged and released in oslo_policy cfg.CONF.set_override( - 'enforce_scope', False, group='oslo_policy') + 'enforce_scope', True, group='oslo_policy') super(PolicyBaseTestCase, self).setUp() self.project_id = uuidutils.generate_uuid() self.system_user_id = uuidutils.generate_uuid() diff --git a/neutron/tests/unit/conf/policies/test_agent.py b/neutron/tests/unit/conf/policies/test_agent.py index 05d3d0b6d2e..700fd0e0519 100644 --- a/neutron/tests/unit/conf/policies/test_agent.py +++ b/neutron/tests/unit/conf/policies/test_agent.py @@ -147,67 +147,67 @@ class ProjectAdminTests(AgentAPITestCase): def test_get_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "get_agent", self.target) def test_update_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "update_agent", self.target) def test_delete_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "delete_agent", self.target) def test_add_network_to_dhcp_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "create_dhcp-network", self.target) def test_networks_on_dhcp_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "get_dhcp-networks", self.target) def test_delete_network_from_dhcp_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "delete_dhcp-network", self.target) def test_add_router_to_l3_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "create_l3-router", self.target) def test_get_routers_on_l3_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "get_l3-routers", self.target) def test_delete_router_from_l3_agent(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "delete_l3-router", self.target) def test_get_dhcp_agents_hosting_network(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "get_dhcp-agents", self.target) def test_get_l3_agents_hosting_router(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, "get_l3-agents", self.target) diff --git a/neutron/tests/unit/conf/policies/test_availability_zone.py b/neutron/tests/unit/conf/policies/test_availability_zone.py index 95234e1fe6e..9d2d45f8356 100644 --- a/neutron/tests/unit/conf/policies/test_availability_zone.py +++ b/neutron/tests/unit/conf/policies/test_availability_zone.py @@ -32,6 +32,6 @@ class AvailabilityZoneAPITestCase(base.PolicyBaseTestCase): def test_project_reader_can_not_get_availability_zone(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.project_reader_ctx, "get_availability_zone", self.target) diff --git a/neutron/tests/unit/conf/policies/test_flavor.py b/neutron/tests/unit/conf/policies/test_flavor.py index 2f827835755..ef0fd01f3ac 100644 --- a/neutron/tests/unit/conf/policies/test_flavor.py +++ b/neutron/tests/unit/conf/policies/test_flavor.py @@ -161,50 +161,50 @@ class ProjectAdminTests(FlavorAPITestCase): def test_create_flavor(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_flavor', self.target) def test_update_flavor(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_flavor', self.target) def test_delete_flavor(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_flavor', self.target) def test_create_service_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_service_profile', self.target) def test_update_service_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_service_profile', self.target) def test_delete_service_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_service_profile', self.target) def test_create_flavor_service_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_flavor_service_profile', self.target) def test_delete_flavor_service_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_flavor_service_profile', self.target) diff --git a/neutron/tests/unit/conf/policies/test_logging.py b/neutron/tests/unit/conf/policies/test_logging.py index c287f0690a5..80944bf11f0 100644 --- a/neutron/tests/unit/conf/policies/test_logging.py +++ b/neutron/tests/unit/conf/policies/test_logging.py @@ -98,27 +98,27 @@ class ProjectAdminTests(LoggingAPITestCase): def test_get_loggable_resource(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_loggable_resource', self.target) def test_create_log(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_log', self.target) def test_get_log(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_log', self.target) def test_update_log(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_log', self.target) def test_delete_log(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_log', self.target) diff --git a/neutron/tests/unit/conf/policies/test_network.py b/neutron/tests/unit/conf/policies/test_network.py index b3ce3671f40..d929dce0ddf 100644 --- a/neutron/tests/unit/conf/policies/test_network.py +++ b/neutron/tests/unit/conf/policies/test_network.py @@ -474,31 +474,31 @@ class ProjectAdminTests(NetworkAPITestCase): def test_create_network_shared(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:shared', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:shared', self.alt_target) def test_create_network_external(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:router:external', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:router:external', self.alt_target) def test_create_network_default(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:is_default', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:is_default', self.alt_target) @@ -515,45 +515,45 @@ class ProjectAdminTests(NetworkAPITestCase): def test_create_network_segments(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:segments', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:segments', self.alt_target) def test_create_network_provider_network_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:network_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:network_type', self.alt_target) def test_create_network_provider_physical_network(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:physical_network', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:physical_network', self.alt_target) def test_create_network_provider_segmentation_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:segmentation_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:segmentation_id', self.alt_target) @@ -577,44 +577,44 @@ class ProjectAdminTests(NetworkAPITestCase): def test_get_network_segments(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:segments', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:segments', self.alt_target) def test_get_network_provider_network_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:network_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:network_type', self.alt_target) def test_get_network_provider_physical_network(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:physical_network', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:physical_network', self.alt_target) def test_get_network_provider_segmentation_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:segmentation_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:segmentation_id', self.alt_target) @@ -629,76 +629,76 @@ class ProjectAdminTests(NetworkAPITestCase): def test_update_network_segments(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:segments', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:segments', self.alt_target) def test_update_network_shared(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:shared', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:shared', self.alt_target) def test_update_network_provider_network_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:network_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:network_type', self.alt_target) def test_update_network_provider_physical_network(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:physical_network', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:physical_network', self.alt_target) def test_update_network_provider_segmentation_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:segmentation_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:segmentation_id', self.alt_target) def test_update_network_external(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:router:external', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:router:external', self.alt_target) def test_update_network_default(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:is_default', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:is_default', self.alt_target) @@ -745,31 +745,31 @@ class ProjectReaderTests(ProjectMemberTests): def test_create_network_shared(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:shared', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:shared', self.alt_target) def test_create_network_external(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:router:external', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:router:external', self.alt_target) def test_create_network_default(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:is_default', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:is_default', self.alt_target) @@ -787,89 +787,89 @@ class ProjectReaderTests(ProjectMemberTests): def test_create_network_segments(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:segments', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:segments', self.alt_target) def test_create_network_provider_network_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:network_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:network_type', self.alt_target) def test_create_network_provider_physical_network(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:physical_network', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:physical_network', self.alt_target) def test_create_network_provider_segmentation_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:segmentation_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network:provider:segmentation_id', self.alt_target) def test_get_network_segments(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:segments', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:segments', self.alt_target) def test_get_network_provider_network_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:network_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:network_type', self.alt_target) def test_get_network_provider_physical_network(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:physical_network', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:physical_network', self.alt_target) def test_get_network_provider_segmentation_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:segmentation_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network:provider:segmentation_id', self.alt_target) @@ -884,76 +884,76 @@ class ProjectReaderTests(ProjectMemberTests): def test_update_network_segments(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:segments', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:segments', self.alt_target) def test_update_network_shared(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:shared', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:shared', self.alt_target) def test_update_network_provider_network_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:network_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:network_type', self.alt_target) def test_update_network_provider_physical_network(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:physical_network', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:physical_network', self.alt_target) def test_update_network_provider_segmentation_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:segmentation_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:provider:segmentation_id', self.alt_target) def test_update_network_external(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:router:external', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:router:external', self.alt_target) def test_update_network_default(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:is_default', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network:is_default', self.alt_target) diff --git a/neutron/tests/unit/conf/policies/test_network_ip_availability.py b/neutron/tests/unit/conf/policies/test_network_ip_availability.py index 7433189d462..19a323fd6d1 100644 --- a/neutron/tests/unit/conf/policies/test_network_ip_availability.py +++ b/neutron/tests/unit/conf/policies/test_network_ip_availability.py @@ -60,7 +60,7 @@ class ProjectAdminTests(NetworkIPAvailabilityAPITestCase): def test_get_network_ip_availability(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network_ip_availability', self.target) diff --git a/neutron/tests/unit/conf/policies/test_network_segment_range.py b/neutron/tests/unit/conf/policies/test_network_segment_range.py index 3c74cf20e0b..99e09b11ea5 100644 --- a/neutron/tests/unit/conf/policies/test_network_segment_range.py +++ b/neutron/tests/unit/conf/policies/test_network_segment_range.py @@ -93,25 +93,25 @@ class ProjectAdminTests(NetworkSegmentRangeAPITestCase): def test_create_network_segment_range(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_network_segment_range', self.target) def test_get_network_segment_range(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_network_segment_range', self.target) def test_update_network_segment_range(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_network_segment_range', self.target) def test_delete_network_segment_range(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_network_segment_range', self.target) diff --git a/neutron/tests/unit/conf/policies/test_port.py b/neutron/tests/unit/conf/policies/test_port.py index 4f93a4f7d96..f6dd913132e 100644 --- a/neutron/tests/unit/conf/policies/test_port.py +++ b/neutron/tests/unit/conf/policies/test_port.py @@ -724,21 +724,21 @@ class ProjectAdminTests(PortAPITestCase): def test_create_port_with_binding_host_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:host_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:host_id', self.alt_target) def test_create_port_with_binding_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:profile', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:profile', self.alt_target) @@ -792,51 +792,51 @@ class ProjectAdminTests(PortAPITestCase): def test_get_port_binding_vif_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_type', self.alt_target) def test_get_port_binding_vif_details(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_details', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_details', self.alt_target) def test_get_port_binding_host_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:host_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:host_id', self.alt_target) def test_get_port_binding_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:profile', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:profile', self.alt_target) def test_get_port_resource_request(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:resource_request', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:resource_request', self.alt_target) @@ -908,21 +908,21 @@ class ProjectAdminTests(PortAPITestCase): def test_update_port_with_binding_host_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:host_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:host_id', self.alt_target) def test_update_port_with_binding_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:profile', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:profile', self.alt_target) @@ -1057,21 +1057,21 @@ class ProjectMemberTests(ProjectAdminTests): def test_create_port_with_binding_host_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:host_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:host_id', self.alt_target) def test_create_port_with_binding_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:profile', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_port:binding:profile', self.alt_target) @@ -1113,51 +1113,51 @@ class ProjectMemberTests(ProjectAdminTests): def test_get_port_binding_vif_type(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_type', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_type', self.alt_target) def test_get_port_binding_vif_details(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_details', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:vif_details', self.alt_target) def test_get_port_binding_host_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:host_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:host_id', self.alt_target) def test_get_port_binding_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:profile', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:binding:profile', self.alt_target) def test_get_port_resource_request(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:resource_request', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_port:resource_request', self.alt_target) @@ -1227,21 +1227,21 @@ class ProjectMemberTests(ProjectAdminTests): def test_update_port_with_binding_host_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:host_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:host_id', self.alt_target) def test_update_port_with_binding_profile(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:profile', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_port:binding:profile', self.alt_target) diff --git a/neutron/tests/unit/conf/policies/test_qos.py b/neutron/tests/unit/conf/policies/test_qos.py index c26e41f470e..3b2554dfcc2 100644 --- a/neutron/tests/unit/conf/policies/test_qos.py +++ b/neutron/tests/unit/conf/policies/test_qos.py @@ -114,26 +114,26 @@ class ProjectAdminQosPolicyTests(QosPolicyAPITestCase): def test_create_policy(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy', self.alt_target) def test_update_policy(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy', self.alt_target) def test_delete_policy(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy', self.alt_target) @@ -415,24 +415,24 @@ class ProjectAdminQosBandwidthLimitRuleTests(QosRulesAPITestCase): def test_create_policy_bandwidth_limit_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_bandwidth_limit_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_bandwidth_limit_rule', self.alt_target) def test_update_policy_bandwidth_limit_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_bandwidth_limit_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_bandwidth_limit_rule', self.alt_target) @@ -451,12 +451,12 @@ class ProjectAdminQosBandwidthLimitRuleTests(QosRulesAPITestCase): def test_delete_policy_bandwidth_limit_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_bandwidth_limit_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_bandwidth_limit_rule', self.alt_target) @@ -671,24 +671,24 @@ class ProjectAdminQosDSCPMarkingRuleTests(QosRulesAPITestCase): def test_create_policy_dscp_marking_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_dscp_marking_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_dscp_marking_rule', self.alt_target) def test_update_policy_dscp_marking_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_dscp_marking_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_dscp_marking_rule', self.alt_target) @@ -707,12 +707,12 @@ class ProjectAdminQosDSCPMarkingRuleTests(QosRulesAPITestCase): def test_delete_policy_dscp_marking_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_dscp_marking_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_dscp_marking_rule', self.alt_target) @@ -929,24 +929,24 @@ class ProjectAdminQosMinimumBandwidthRuleTests(QosRulesAPITestCase): def test_create_policy_minimum_bandwidth_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_minimum_bandwidth_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_minimum_bandwidth_rule', self.alt_target) def test_update_policy_minimum_bandwidth_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_minimum_bandwidth_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_minimum_bandwidth_rule', self.alt_target) @@ -965,12 +965,12 @@ class ProjectAdminQosMinimumBandwidthRuleTests(QosRulesAPITestCase): def test_delete_policy_minimum_bandwidth_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_minimum_bandwidth_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_minimum_bandwidth_rule', self.alt_target) @@ -1122,36 +1122,36 @@ class ProjectAdminQosMinimumPacketRateRuleTests(QosRulesAPITestCase): def test_create_policy_minimum_packet_rate_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_minimum_packet_rate_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_policy_minimum_packet_rate_rule', self.alt_target) def test_update_policy_minimum_packet_rate_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_minimum_packet_rate_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_policy_minimum_packet_rate_rule', self.alt_target) def test_delete_policy_minimum_packet_rate_rule(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_minimum_packet_rate_rule', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_policy_minimum_packet_rate_rule', self.alt_target) diff --git a/neutron/tests/unit/conf/policies/test_quotas.py b/neutron/tests/unit/conf/policies/test_quotas.py index 560c105d56c..e5b7357c26a 100644 --- a/neutron/tests/unit/conf/policies/test_quotas.py +++ b/neutron/tests/unit/conf/policies/test_quotas.py @@ -94,31 +94,31 @@ class ProjectAdminTests(QuoatsAPITestCase): def test_get_quota(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_quota', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_quota', self.alt_target) def test_update_quota(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_quota', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_quota', self.alt_target) def test_delete_quota(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_quota', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_quota', self.alt_target) diff --git a/neutron/tests/unit/conf/policies/test_router.py b/neutron/tests/unit/conf/policies/test_router.py index 75a39494246..df031182dc6 100644 --- a/neutron/tests/unit/conf/policies/test_router.py +++ b/neutron/tests/unit/conf/policies/test_router.py @@ -422,21 +422,21 @@ class ProjectAdminTests(RouterAPITestCase): def test_create_router_distributed(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:distributed', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:distributed', self.alt_target) def test_create_router_ha(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:ha', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:ha', self.alt_target) @@ -464,25 +464,25 @@ class ProjectAdminTests(RouterAPITestCase): def test_create_router_external_gateway_info_enable_snat(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:external_gateway_info:enable_snat', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:external_gateway_info:enable_snat', self.alt_target) def test_create_router_external_gateway_info_external_fixed_ips(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:external_gateway_info:external_fixed_ips', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_router:external_gateway_info:external_fixed_ips', @@ -498,21 +498,21 @@ class ProjectAdminTests(RouterAPITestCase): def test_get_router_distributed(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_router:distributed', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_router:distributed', self.alt_target) def test_get_router_ha(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_router:ha', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_router:ha', self.alt_target) @@ -526,21 +526,21 @@ class ProjectAdminTests(RouterAPITestCase): def test_update_router_distributed(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:distributed', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:distributed', self.alt_target) def test_update_router_ha(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:ha', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:ha', self.alt_target) @@ -568,25 +568,25 @@ class ProjectAdminTests(RouterAPITestCase): def test_update_router_external_gateway_info_enable_snat(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:external_gateway_info:enable_snat', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:external_gateway_info:enable_snat', self.alt_target) def test_update_router_external_gateway_info_external_fixed_ips(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:external_gateway_info:external_fixed_ips', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_router:external_gateway_info:external_fixed_ips', diff --git a/neutron/tests/unit/conf/policies/test_segment.py b/neutron/tests/unit/conf/policies/test_segment.py index 8946e1dfdf7..5659be030b9 100644 --- a/neutron/tests/unit/conf/policies/test_segment.py +++ b/neutron/tests/unit/conf/policies/test_segment.py @@ -89,25 +89,25 @@ class ProjectAdminTests(SegmentAPITestCase): def test_create_segment(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_segment', self.target) def test_get_segment(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_segment', self.target) def test_update_segment(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_segment', self.target) def test_delete_segment(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'delete_segment', self.target) diff --git a/neutron/tests/unit/conf/policies/test_subnet.py b/neutron/tests/unit/conf/policies/test_subnet.py index f9a2365b47d..950b1477f0e 100644 --- a/neutron/tests/unit/conf/policies/test_subnet.py +++ b/neutron/tests/unit/conf/policies/test_subnet.py @@ -218,21 +218,21 @@ class ProjectAdminTests(SubnetAPITestCase): def test_create_subnet_segment_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnet:segment_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnet:segment_id', self.alt_target) def test_create_subnet_service_types(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnet:service_types', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnet:service_types', self.alt_target) @@ -246,11 +246,11 @@ class ProjectAdminTests(SubnetAPITestCase): def test_get_subnet_segment_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_subnet:segment_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'get_subnet:segment_id', self.alt_target) @@ -264,21 +264,21 @@ class ProjectAdminTests(SubnetAPITestCase): def test_update_subnet_segment_id(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_subnet:segment_id', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_subnet:segment_id', self.alt_target) def test_update_subnet_service_types(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_subnet:service_types', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_subnet:service_types', self.alt_target) diff --git a/neutron/tests/unit/conf/policies/test_subnetpool.py b/neutron/tests/unit/conf/policies/test_subnetpool.py index 84475e1c1ac..fc5bb6b29e4 100644 --- a/neutron/tests/unit/conf/policies/test_subnetpool.py +++ b/neutron/tests/unit/conf/policies/test_subnetpool.py @@ -222,21 +222,21 @@ class ProjectAdminTests(SubnetpoolAPITestCase): def test_create_subnetpool_shared(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnetpool:shared', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnetpool:shared', self.alt_target) def test_create_subnetpool_default(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnetpool:is_default', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'create_subnetpool:is_default', self.alt_target) @@ -258,11 +258,11 @@ class ProjectAdminTests(SubnetpoolAPITestCase): def test_update_subnetpool_default(self): self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_subnetpool:is_default', self.target) self.assertRaises( - base_policy.PolicyNotAuthorized, + base_policy.InvalidScope, policy.enforce, self.context, 'update_subnetpool:is_default', self.alt_target) diff --git a/requirements.txt b/requirements.txt index 9b9551740ad..33b42b5d1ca 100644 --- a/requirements.txt +++ b/requirements.txt @@ -33,7 +33,7 @@ oslo.i18n>=3.20.0 # Apache-2.0 oslo.log>=4.5.0 # Apache-2.0 oslo.messaging>=7.0.0 # Apache-2.0 oslo.middleware>=3.31.0 # Apache-2.0 -oslo.policy>=3.7.0 # Apache-2.0 +oslo.policy>=3.10.1 # Apache-2.0 oslo.privsep>=2.3.0 # Apache-2.0 oslo.reports>=1.18.0 # Apache-2.0 oslo.rootwrap>=5.8.0 # Apache-2.0