Merge "Add missing policy for limits extension"
This commit is contained in:
commit
ae134e367d
|
@ -307,6 +307,7 @@
|
||||||
"os_compute_api:os-keypairs:create": "",
|
"os_compute_api:os-keypairs:create": "",
|
||||||
"os_compute_api:os-keypairs:delete": "",
|
"os_compute_api:os-keypairs:delete": "",
|
||||||
"os_compute_api:limits:discoverable": "",
|
"os_compute_api:limits:discoverable": "",
|
||||||
|
"os_compute_api:limits": "",
|
||||||
"os_compute_api:os-lock-server:discoverable": "",
|
"os_compute_api:os-lock-server:discoverable": "",
|
||||||
"os_compute_api:os-lock-server:lock": "rule:admin_or_owner",
|
"os_compute_api:os-lock-server:lock": "rule:admin_or_owner",
|
||||||
"os_compute_api:os-lock-server:unlock": "rule:admin_or_owner",
|
"os_compute_api:os-lock-server:unlock": "rule:admin_or_owner",
|
||||||
|
|
|
@ -22,6 +22,7 @@ from nova import quota
|
||||||
|
|
||||||
QUOTAS = quota.QUOTAS
|
QUOTAS = quota.QUOTAS
|
||||||
ALIAS = 'limits'
|
ALIAS = 'limits'
|
||||||
|
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||||
|
|
||||||
|
|
||||||
class LimitsController(wsgi.Controller):
|
class LimitsController(wsgi.Controller):
|
||||||
|
@ -31,6 +32,7 @@ class LimitsController(wsgi.Controller):
|
||||||
def index(self, req):
|
def index(self, req):
|
||||||
"""Return all global and rate limit information."""
|
"""Return all global and rate limit information."""
|
||||||
context = req.environ['nova.context']
|
context = req.environ['nova.context']
|
||||||
|
authorize(context)
|
||||||
project_id = req.params.get('tenant_id', context.project_id)
|
project_id = req.params.get('tenant_id', context.project_id)
|
||||||
quotas = QUOTAS.get_project_quotas(context, project_id,
|
quotas = QUOTAS.get_project_quotas(context, project_id,
|
||||||
usages=False)
|
usages=False)
|
||||||
|
|
|
@ -31,6 +31,7 @@ from nova.api.openstack.compute.plugins.v3 import limits as limits_v21
|
||||||
from nova.api.openstack.compute import views
|
from nova.api.openstack.compute import views
|
||||||
from nova.api.openstack import wsgi
|
from nova.api.openstack import wsgi
|
||||||
import nova.context
|
import nova.context
|
||||||
|
from nova import exception
|
||||||
from nova import test
|
from nova import test
|
||||||
from nova.tests.unit.api.openstack import fakes
|
from nova.tests.unit.api.openstack import fakes
|
||||||
from nova.tests.unit import matchers
|
from nova.tests.unit import matchers
|
||||||
|
@ -897,3 +898,21 @@ class LimitsViewBuilderTest(test.NoDBTestCase):
|
||||||
rate_limits = []
|
rate_limits = []
|
||||||
output = self.view_builder.build(rate_limits, abs_limits)
|
output = self.view_builder.build(rate_limits, abs_limits)
|
||||||
self.assertThat(output, matchers.DictMatches(expected_limits))
|
self.assertThat(output, matchers.DictMatches(expected_limits))
|
||||||
|
|
||||||
|
|
||||||
|
class LimitsPolicyEnforcementV21(test.NoDBTestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(LimitsPolicyEnforcementV21, self).setUp()
|
||||||
|
self.controller = limits_v21.LimitsController()
|
||||||
|
|
||||||
|
def test_limits_index_policy_failed(self):
|
||||||
|
rule_name = "os_compute_api:limits"
|
||||||
|
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||||
|
req = fakes.HTTPRequest.blank('')
|
||||||
|
exc = self.assertRaises(
|
||||||
|
exception.PolicyNotAuthorized,
|
||||||
|
self.controller.index, req=req)
|
||||||
|
self.assertEqual(
|
||||||
|
"Policy doesn't allow %s to be performed." % rule_name,
|
||||||
|
exc.format_message())
|
||||||
|
|
|
@ -353,6 +353,7 @@ policy_data = """
|
||||||
"os_compute_api:os-availability-zone:detail": "",
|
"os_compute_api:os-availability-zone:detail": "",
|
||||||
"compute_extension:used_limits_for_admin": "is_admin:True",
|
"compute_extension:used_limits_for_admin": "is_admin:True",
|
||||||
"os_compute_api:os-used-limits": "is_admin:True",
|
"os_compute_api:os-used-limits": "is_admin:True",
|
||||||
|
"os_compute_api:limits": "",
|
||||||
"compute_extension:migrations:index": "is_admin:True",
|
"compute_extension:migrations:index": "is_admin:True",
|
||||||
"os_compute_api:os-migrations:index": "is_admin:True",
|
"os_compute_api:os-migrations:index": "is_admin:True",
|
||||||
"compute_extension:os-assisted-volume-snapshots:create": "",
|
"compute_extension:os-assisted-volume-snapshots:create": "",
|
||||||
|
|
Loading…
Reference in New Issue