Make policy.json not filesystem location specific.

The interaction between the test suite and the policy.json file is problematic, because it imposes an operational assumption that the tests are running with the curdir set to nova/tests. There is no other reason to need to be located in that directory. Part of blueprint grizzly-testtools. Change-Id: I863dac815a768a78fa84d632e5f77ed0f4f599b2
2012-11-09 12:28:34 -05:00 · 2012-11-09 12:28:34 -05:00 · 6ad04e81d2
parent ad3176ee53
commit 6ad04e81d2
6 changed files with 77 additions and 47 deletions
--- a/nova/test.py
+++ b/nova/test.py
@ -46,6 +46,7 @@ from nova.openstack.common import timeutils
 from nova import service
 from nova import tests
 from nova.tests import fake_flags
+from nova.tests import policy_fixture
 from nova.tests import utils


@ -157,6 +158,7 @@ class TestCase(testtools.TestCase):
        self._services = []
        self._modules = {}
        self.useFixture(EnvironmentVariable('http_proxy'))
+        self.policy = self.useFixture(policy_fixture.PolicyFixture())

    def tearDown(self):
        """Runs after each test method to tear down test environment."""
--- a/nova/tests/compute/test_compute.py
+++ b/nova/tests/compute/test_compute.py
@ -48,7 +48,6 @@ from nova.openstack.common import jsonutils
 from nova.openstack.common import log as logging
 from nova.openstack.common.notifier import api as notifier_api
 from nova.openstack.common.notifier import test_notifier
-from nova.openstack.common import policy as common_policy
 from nova.openstack.common import rpc
 from nova.openstack.common.rpc import common as rpc_common
 from nova.openstack.common import timeutils
@ -5324,20 +5323,9 @@ class ComputePolicyTestCase(BaseTestCase):

    def setUp(self):
        super(ComputePolicyTestCase, self).setUp()
-        nova.policy.reset()
-        nova.policy.init()

        self.compute_api = compute.API()

-    def tearDown(self):
-        super(ComputePolicyTestCase, self).tearDown()
-        nova.policy.reset()
-
-    def _set_rules(self, rules):
-        common_policy.set_rules(common_policy.Rules(
-                dict((k, common_policy.parse_rule(v))
-                     for k, v in rules.items())))
-
    def test_actions_are_prefixed(self):
        self.mox.StubOutWithMock(nova.policy, 'enforce')
        nova.policy.enforce(self.context, 'compute:reboot', {})
@ -5349,20 +5337,20 @@ class ComputePolicyTestCase(BaseTestCase):

        # force delete to fail
        rules = {"compute:delete": [["false:false"]]}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.delete, self.context, instance)

        # reset rules to allow deletion
        rules = {"compute:delete": []}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.compute_api.delete(self.context, instance)

    def test_create_fail(self):
        rules = {"compute:create": [["false:false"]]}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.create, self.context, '1', '1')
@ -5373,7 +5361,7 @@ class ComputePolicyTestCase(BaseTestCase):
            "compute:create:attach_network": [["false:false"]],
            "compute:create:attach_volume": [],
        }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.create, self.context, '1', '1',
@ -5386,7 +5374,7 @@ class ComputePolicyTestCase(BaseTestCase):
            "compute:create:attach_network": [],
            "compute:create:attach_volume": [["false:false"]],
        }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.create, self.context, '1', '1',
@ -5399,7 +5387,7 @@ class ComputePolicyTestCase(BaseTestCase):
        rules = {
            "compute:get": [["false:false"]],
        }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.get, self.context, instance['uuid'])
@ -5408,7 +5396,7 @@ class ComputePolicyTestCase(BaseTestCase):
        rules = {
            "compute:get_all": [["false:false"]],
        }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.get_all, self.context)
@ -5421,7 +5409,7 @@ class ComputePolicyTestCase(BaseTestCase):
        rules = {
            "compute:get_instance_faults": [["false:false"]],
        }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.get_instance_faults,
@ -5430,7 +5418,7 @@ class ComputePolicyTestCase(BaseTestCase):
    def test_force_host_fail(self):
        rules = {"compute:create": [],
                 "compute:create:forced_host": [["role:fake"]]}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.assertRaises(exception.PolicyNotAuthorized,
                          self.compute_api.create, self.context, None, '1',
@ -5439,7 +5427,7 @@ class ComputePolicyTestCase(BaseTestCase):
    def test_force_host_pass(self):
        rules = {"compute:create": [],
                 "compute:create:forced_host": []}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)

        self.compute_api.create(self.context, None, '1',
                                availability_zone='1:1')
--- a/nova/tests/fake_policy.py
+++ b/nova/tests/fake_policy.py
@ -1,3 +1,21 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+policy_data = """
 {
    "admin_api": "role:admin",

@ -205,3 +223,4 @@
    "network:create_public_dns_domain": "",
    "network:delete_dns_domain": ""
 }
+"""
--- a/nova/tests/network/test_manager.py
+++ b/nova/tests/network/test_manager.py
@ -1928,9 +1928,6 @@ class NetworkPolicyTestCase(test.TestCase):
        super(NetworkPolicyTestCase, self).tearDown()
        nova.policy.reset()

-    def _set_rules(self, rules):
-        nova.common.policy.set_brain(nova.common.policy.HttpBrain(rules))
-
    def test_check_policy(self):
        self.mox.StubOutWithMock(nova.policy, 'enforce')
        target = {
--- a/nova/tests/policy_fixture.py
+++ b/nova/tests/policy_fixture.py
@ -0,0 +1,44 @@
+# Copyright 2012 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import os
+
+import fixtures
+
+from nova.openstack.common import cfg
+from nova.openstack.common import policy as common_policy
+import nova.policy
+from nova.tests import fake_policy
+
+CONF = cfg.CONF
+
+
+class PolicyFixture(fixtures.Fixture):
+
+    def setUp(self):
+        super(PolicyFixture, self).setUp()
+        self.policy_dir = self.useFixture(fixtures.TempDir())
+        self.policy_file_name = os.path.join(self.policy_dir.path,
+                                             'policy.json')
+        with open(self.policy_file_name, 'w') as policy_file:
+            policy_file.write(fake_policy.policy_data)
+        CONF.set_override('policy_file', self.policy_file_name)
+        nova.policy.reset()
+        nova.policy.init()
+        self.addCleanup(nova.policy.reset)
+
+    def set_rules(self, rules):
+        common_policy.set_rules(common_policy.Rules(
+                dict((k, common_policy.parse_rule(v))
+                     for k, v in rules.items())))
--- a/nova/tests/test_policy.py
+++ b/nova/tests/test_policy.py
@ -32,17 +32,13 @@ from nova import utils
 class PolicyFileTestCase(test.TestCase):
    def setUp(self):
        super(PolicyFileTestCase, self).setUp()
-        policy.reset()
        self.context = context.RequestContext('fake', 'fake')
        self.target = {}

-    def tearDown(self):
-        super(PolicyFileTestCase, self).tearDown()
-        policy.reset()
-
    def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')
+
            self.flags(policy_file=tmpfilename)

            # NOTE(uni): context construction invokes policy check to determin
@ -66,9 +62,6 @@ class PolicyFileTestCase(test.TestCase):
 class PolicyTestCase(test.TestCase):
    def setUp(self):
        super(PolicyTestCase, self).setUp()
-        policy.reset()
-        # NOTE(vish): preload rules to circumvent reloading from file
-        policy.init()
        rules = {
            "true": '@',
            "example:allowed": '@',
@ -81,17 +74,10 @@ class PolicyTestCase(test.TestCase):
            "example:lowercase_admin": "role:admin or role:sysadmin",
            "example:uppercase_admin": "role:ADMIN or role:sysadmin",
        }
-        # NOTE(vish): then overload underlying brain
-        common_policy.set_rules(common_policy.Rules(
-                dict((k, common_policy.parse_rule(v))
-                     for k, v in rules.items())))
+        self.policy.set_rules(rules)
        self.context = context.RequestContext('fake', 'fake', roles=['member'])
        self.target = {}

-    def tearDown(self):
-        policy.reset()
-        super(PolicyTestCase, self).tearDown()
-
    def test_enforce_nonexistent_action_throws(self):
        action = "example:noexist"
        self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
@ -165,8 +151,6 @@ class DefaultPolicyTestCase(test.TestCase):

    def setUp(self):
        super(DefaultPolicyTestCase, self).setUp()
-        policy.reset()
-        policy.init()

        self.rules = {
            "default": '',
@ -183,10 +167,6 @@ class DefaultPolicyTestCase(test.TestCase):
                 for k, v in self.rules.items()), default_rule)
        common_policy.set_rules(rules)

-    def tearDown(self):
-        super(DefaultPolicyTestCase, self).tearDown()
-        policy.reset()
-
    def test_policy_called(self):
        self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                self.context, "example:exist", {})