Merge "Removes unnecessary check for admin context in evacuate."

nova/api/openstack/compute/contrib/evacuate.py

@@ -39,9 +39,6 @@ class Controller(wsgi.Controller):
         to a new one.
         """
         context = req.environ["nova.context"]
-        if not context.is_admin:
-            msg = _("Instance evacuate is admin only functionality")
-            raise exc.HTTPForbidden(explanation=msg)
         authorize(context)
 
         try:

nova/tests/api/openstack/compute/contrib/test_evacuate.py

@@ -180,3 +180,19 @@ class EvacuateTest(test.TestCase):
 
         res = req.get_response(app)
         self.assertEqual(res.status_int, 200)
+
+    def test_not_admin(self):
+        ctxt = context.RequestContext('fake', 'fake', is_admin=False)
+        app = fakes.wsgi_app(fake_auth_context=ctxt)
+        uuid = self.UUID
+        req = webob.Request.blank('/v2/fake/servers/%s/action' % uuid)
+        req.method = 'POST'
+        req.body = jsonutils.dumps({
+            'evacuate': {
+                'host': 'my_host',
+                'onSharedStorage': 'True',
+            }
+        })
+        req.content_type = 'application/json'
+        res = req.get_response(app)
+        self.assertEqual(res.status_int, 403)

nova/tests/fake_policy.py

@@ -119,7 +119,7 @@ policy_data = """
     "compute_extension:createserverext": "",
     "compute_extension:deferred_delete": "",
     "compute_extension:disk_config": "",
-    "compute_extension:evacuate": "",
+    "compute_extension:evacuate": "is_admin:True",
     "compute_extension:extended_server_attributes": "",
     "compute_extension:extended_status": "",
     "compute_extension:extended_availability_zone": "",