openstack/nova
Code Issues Proposed changes

Enforce policy checking in REST API layer for v2.1 server_password

Browse Source 
This patch moves the policy enforcement into REST API layer for v2.1
server_password extension and adds related unittest.

Partially implements bp v3-api-policy
DocImpact
Change-Id: I0c4ff3c8574cc5de54fff44a058a24a73d56fbd8
This commit is contained in:
Eli Qiao
2015-01-15 13:31:36 +08:00
parent 8a6ddbe996
commit e794dbe5d1
2 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nova/api/openstack/compute/plugins/v3/server_password.py
View File

@@ -23,13 +23,13 @@ from nova import compute
ALIAS = 'os-server-password' ALIAS = 'os-server-password'
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS) authorize = extensions.os_compute_authorizer(ALIAS)
class ServerPasswordController(wsgi.Controller): class ServerPasswordController(wsgi.Controller):
"""The Server Password API controller for the OpenStack API.""" """The Server Password API controller for the OpenStack API."""
def __init__(self): def __init__(self):
self.compute_api = compute.API() self.compute_api = compute.API(skip_policy_check=True)
@extensions.expected_errors(404) @extensions.expected_errors(404)
def index(self, req, server_id): def index(self, req, server_id):

27
nova/tests/unit/api/openstack/compute/contrib/test_server_password.py
View File

@@ -21,6 +21,7 @@ from nova.api.openstack.compute.contrib import server_password \
from nova.api.openstack.compute.plugins.v3 import server_password \ from nova.api.openstack.compute.plugins.v3 import server_password \
as server_password_v21 as server_password_v21
from nova import compute from nova import compute
from nova import exception
from nova import test from nova import test
from nova.tests.unit.api.openstack import fakes from nova.tests.unit.api.openstack import fakes
from nova.tests.unit import fake_instance from nova.tests.unit import fake_instance
@@ -74,3 +75,29 @@ class ServerPasswordTestV21(test.TestCase):
class ServerPasswordTestV2(ServerPasswordTestV21): class ServerPasswordTestV2(ServerPasswordTestV21):
server_password = server_password_v2 server_password = server_password_v2
delete_call = 'self.controller.delete' delete_call = 'self.controller.delete'
class ServerPasswordPolicyEnforcementV21(test.NoDBTestCase):
def setUp(self):
super(ServerPasswordPolicyEnforcementV21, self).setUp()
self.controller = server_password_v21.ServerPasswordController()
self.req = fakes.HTTPRequest.blank('')
def _test_policy_failed(self, method, rule_name):
self.policy.set_rules({rule_name: "project:non_fake"})
exc = self.assertRaises(
exception.PolicyNotAuthorized,
method, self.req, fakes.FAKE_UUID)
self.assertEqual(
"Policy doesn't allow %s to be performed." % rule_name,
exc.format_message())
def test_get_password_policy_failed(self):
rule_name = "compute_extension:v3:os-server-password"
self._test_policy_failed(self.controller.index, rule_name)
def test_clear_password_policy_failed(self):
rule_name = "compute_extension:v3:os-server-password"
self._test_policy_failed(self.controller.clear, rule_name)