Merge "Move policy enforcement into REST API layer for v2.1 api attach_interfaces"
This commit is contained in:
commit
e5ed57dc3f
@ -30,8 +30,7 @@ from nova import network
|
||||
|
||||
|
||||
ALIAS = 'os-attach-interfaces'
|
||||
authorize = extensions.extension_authorizer('compute',
|
||||
'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _translate_interface_attachment_view(port_info):
|
||||
@ -49,8 +48,8 @@ class InterfaceAttachmentController(wsgi.Controller):
|
||||
"""The interface attachment API controller for the OpenStack API."""
|
||||
|
||||
def __init__(self):
|
||||
self.compute_api = compute.API()
|
||||
self.network_api = network.API()
|
||||
self.compute_api = compute.API(skip_policy_check=True)
|
||||
self.network_api = network.API(skip_policy_check=True)
|
||||
super(InterfaceAttachmentController, self).__init__()
|
||||
|
||||
@extensions.expected_errors((404, 501))
|
||||
|
@ -427,3 +427,46 @@ class InterfaceAttachTestsV2(InterfaceAttachTestsV21):
|
||||
|
||||
def test_attach_interface_instance_with_non_array_fixed_ips(self):
|
||||
pass
|
||||
|
||||
|
||||
class AttachInterfacesPolicyEnforcementv21(test.NoDBTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(AttachInterfacesPolicyEnforcementv21, self).setUp()
|
||||
self.controller = \
|
||||
attach_interfaces_v21.InterfaceAttachmentController()
|
||||
self.req = fakes.HTTPRequest.blank('')
|
||||
self.rule_name = "compute_extension:v3:os-attach-interfaces"
|
||||
self.policy.set_rules({self.rule_name: "project:non_fake"})
|
||||
|
||||
def test_index_attach_interfaces_policy_failed(self):
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
self.controller.index, self.req, fakes.FAKE_UUID)
|
||||
self.assertEqual(
|
||||
"Policy doesn't allow %s to be performed." % self.rule_name,
|
||||
exc.format_message())
|
||||
|
||||
def test_show_attach_interfaces_policy_failed(self):
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
self.controller.show, self.req, fakes.FAKE_UUID, FAKE_PORT_ID1)
|
||||
self.assertEqual(
|
||||
"Policy doesn't allow %s to be performed." % self.rule_name,
|
||||
exc.format_message())
|
||||
|
||||
def test_create_attach_interfaces_policy_failed(self):
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
self.controller.create, self.req, fakes.FAKE_UUID, body={})
|
||||
self.assertEqual(
|
||||
"Policy doesn't allow %s to be performed." % self.rule_name,
|
||||
exc.format_message())
|
||||
|
||||
def test_delete_attach_interfaces_policy_failed(self):
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
self.controller.delete, self.req, fakes.FAKE_UUID, FAKE_PORT_ID1)
|
||||
self.assertEqual(
|
||||
"Policy doesn't allow %s to be performed." % self.rule_name,
|
||||
exc.format_message())
|
||||
|
Loading…
x
Reference in New Issue
Block a user