Browse Source

Merge "Correct server shelve policy check_str"

tags/21.0.0.0rc1
Zuul 3 months ago
committed by Gerrit Code Review
parent
commit
b6ebeee9e7
2 changed files with 10 additions and 3 deletions
  1. +2
    -1
      nova/api/openstack/compute/shelve.py
  2. +8
    -2
      nova/tests/unit/api/openstack/compute/test_shelve.py

+ 2
- 1
nova/api/openstack/compute/shelve.py View File

@@ -86,8 +86,9 @@ class ShelveController(wsgi.Controller):
def _unshelve(self, req, id, body):
"""Restore an instance from shelved mode."""
context = req.environ["nova.context"]
context.can(shelve_policies.POLICY_ROOT % 'unshelve')
instance = common.get_instance(self.compute_api, context, id)
context.can(shelve_policies.POLICY_ROOT % 'unshelve',
target={'project_id': instance.project_id})

new_az = None
unshelve_dict = body['unshelve']


+ 8
- 2
nova/tests/unit/api/openstack/compute/test_shelve.py View File

@@ -181,14 +181,20 @@ class ShelvePolicyEnforcementV21(test.NoDBTestCase):
"Policy doesn't allow %s to be performed." % rule_name,
exc.format_message())

def test_unshelve_restricted_by_role(self):
@mock.patch('nova.api.openstack.common.get_instance')
def test_unshelve_restricted_by_role(self, get_instance_mock):
get_instance_mock.return_value = (
fake_instance.fake_instance_obj(self.req.environ['nova.context']))
rules = {'os_compute_api:os-shelve:unshelve': 'role:admin'}
policy.set_rules(oslo_policy.Rules.from_dict(rules))

self.assertRaises(exception.Forbidden, self.controller._unshelve,
self.req, uuidsentinel.fake, body={'unshelve': {}})

def test_unshelve_policy_failed(self):
@mock.patch('nova.api.openstack.common.get_instance')
def test_unshelve_policy_failed(self, get_instance_mock):
get_instance_mock.return_value = (
fake_instance.fake_instance_obj(self.req.environ['nova.context']))
rule_name = "os_compute_api:os-shelve:unshelve"
self.policy.set_rules({rule_name: "project:non_fake"})
exc = self.assertRaises(


Loading…
Cancel
Save