219 lines
9.1 KiB
Python
219 lines
9.1 KiB
Python
# Copyright (c) 2012 Midokura Japan K.K.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import mock
|
|
from oslo_policy import policy as oslo_policy
|
|
from oslo_utils.fixture import uuidsentinel as uuids
|
|
import six
|
|
import webob
|
|
|
|
from nova.api.openstack.compute import servers \
|
|
as server_v21
|
|
from nova.compute import api as compute_api
|
|
from nova.db import api as db
|
|
from nova import exception
|
|
from nova import policy
|
|
from nova import test
|
|
from nova.tests import fixtures as nova_fixtures
|
|
from nova.tests.unit.api.openstack import fakes
|
|
|
|
|
|
class ServerStartStopTestV21(test.TestCase):
|
|
|
|
def setUp(self):
|
|
super(ServerStartStopTestV21, self).setUp()
|
|
self._setup_controller()
|
|
self.req = fakes.HTTPRequest.blank('')
|
|
self.useFixture(nova_fixtures.SingleCellSimple())
|
|
self.stub_out('nova.db.api.instance_get_by_uuid',
|
|
fakes.fake_instance_get())
|
|
|
|
def _setup_controller(self):
|
|
self.controller = server_v21.ServersController()
|
|
|
|
@mock.patch.object(compute_api.API, 'start')
|
|
def test_start(self, start_mock):
|
|
body = dict(start="")
|
|
self.controller._start_server(self.req, uuids.instance, body)
|
|
start_mock.assert_called_once_with(mock.ANY, mock.ANY)
|
|
|
|
@mock.patch.object(compute_api.API, 'start',
|
|
side_effect=exception.InstanceNotReady(
|
|
instance_id=uuids.instance))
|
|
def test_start_not_ready(self, start_mock):
|
|
body = dict(start="")
|
|
self.assertRaises(webob.exc.HTTPConflict,
|
|
self.controller._start_server, self.req, uuids.instance, body)
|
|
|
|
@mock.patch.object(compute_api.API, 'start',
|
|
side_effect=exception.InstanceIsLocked(
|
|
instance_uuid=uuids.instance))
|
|
def test_start_locked_server(self, start_mock):
|
|
body = dict(start="")
|
|
self.assertRaises(webob.exc.HTTPConflict,
|
|
self.controller._start_server, self.req, uuids.instance, body)
|
|
|
|
@mock.patch.object(compute_api.API, 'start',
|
|
side_effect=exception.InstanceIsLocked(
|
|
instance_uuid=uuids.instance))
|
|
def test_start_invalid_state(self, start_mock):
|
|
body = dict(start="")
|
|
ex = self.assertRaises(webob.exc.HTTPConflict,
|
|
self.controller._start_server, self.req, uuids.instance, body)
|
|
self.assertIn('is locked', six.text_type(ex))
|
|
|
|
@mock.patch.object(compute_api.API, 'stop')
|
|
def test_stop(self, stop_mock):
|
|
body = dict(stop="")
|
|
self.controller._stop_server(self.req, uuids.instance, body)
|
|
stop_mock.assert_called_once_with(mock.ANY, mock.ANY)
|
|
|
|
@mock.patch.object(compute_api.API, 'stop',
|
|
side_effect=exception.InstanceNotReady(
|
|
instance_id=uuids.instance))
|
|
def test_stop_not_ready(self, stop_mock):
|
|
body = dict(stop="")
|
|
self.assertRaises(webob.exc.HTTPConflict,
|
|
self.controller._stop_server, self.req, uuids.instance, body)
|
|
|
|
@mock.patch.object(compute_api.API, 'stop',
|
|
side_effect=exception.InstanceIsLocked(
|
|
instance_uuid=uuids.instance))
|
|
def test_stop_locked_server(self, stop_mock):
|
|
body = dict(stop="")
|
|
ex = self.assertRaises(webob.exc.HTTPConflict,
|
|
self.controller._stop_server, self.req, uuids.instance, body)
|
|
self.assertIn('is locked', six.text_type(ex))
|
|
|
|
@mock.patch.object(compute_api.API, 'stop',
|
|
side_effect=exception.InstanceIsLocked(
|
|
instance_uuid=uuids.instance))
|
|
def test_stop_invalid_state(self, stop_mock):
|
|
body = dict(start="")
|
|
self.assertRaises(webob.exc.HTTPConflict,
|
|
self.controller._stop_server, self.req, uuids.instance, body)
|
|
|
|
@mock.patch.object(db, 'instance_get_by_uuid',
|
|
side_effect=exception.InstanceNotFound(
|
|
instance_id=uuids.instance))
|
|
def test_start_with_bogus_id(self, get_mock):
|
|
body = dict(start="")
|
|
self.assertRaises(webob.exc.HTTPNotFound,
|
|
self.controller._start_server, self.req, uuids.instance, body)
|
|
|
|
@mock.patch.object(db, 'instance_get_by_uuid',
|
|
side_effect=exception.InstanceNotFound(
|
|
instance_id=uuids.instance))
|
|
def test_stop_with_bogus_id(self, get_mock):
|
|
body = dict(stop="")
|
|
self.assertRaises(webob.exc.HTTPNotFound,
|
|
self.controller._stop_server, self.req, uuids.instance, body)
|
|
|
|
|
|
class ServerStartStopPolicyEnforcementV21(test.TestCase):
|
|
start_policy = "os_compute_api:servers:start"
|
|
stop_policy = "os_compute_api:servers:stop"
|
|
|
|
def setUp(self):
|
|
super(ServerStartStopPolicyEnforcementV21, self).setUp()
|
|
self.controller = server_v21.ServersController()
|
|
self.req = fakes.HTTPRequest.blank('')
|
|
self.useFixture(nova_fixtures.SingleCellSimple())
|
|
self.stub_out(
|
|
'nova.db.api.instance_get_by_uuid',
|
|
fakes.fake_instance_get(
|
|
project_id=self.req.environ['nova.context'].project_id))
|
|
|
|
def test_start_policy_failed(self):
|
|
rules = {
|
|
self.start_policy: "project_id:non_fake"
|
|
}
|
|
policy.set_rules(oslo_policy.Rules.from_dict(rules))
|
|
body = dict(start="")
|
|
exc = self.assertRaises(exception.PolicyNotAuthorized,
|
|
self.controller._start_server,
|
|
self.req, uuids.instance, body)
|
|
self.assertIn(self.start_policy, exc.format_message())
|
|
|
|
def test_start_overridden_policy_failed_with_other_user_in_same_project(
|
|
self):
|
|
rules = {
|
|
self.start_policy: "user_id:%(user_id)s"
|
|
}
|
|
policy.set_rules(oslo_policy.Rules.from_dict(rules))
|
|
# Change the user_id in request context.
|
|
self.req.environ['nova.context'].user_id = 'other-user'
|
|
body = dict(start="")
|
|
exc = self.assertRaises(exception.PolicyNotAuthorized,
|
|
self.controller._start_server,
|
|
self.req, uuids.instance, body)
|
|
self.assertIn(self.start_policy, exc.format_message())
|
|
|
|
@mock.patch('nova.compute.api.API.start')
|
|
def test_start_overridden_policy_pass_with_same_user(self, start_mock):
|
|
rules = {
|
|
self.start_policy: "user_id:%(user_id)s"
|
|
}
|
|
policy.set_rules(oslo_policy.Rules.from_dict(rules))
|
|
body = dict(start="")
|
|
self.controller._start_server(self.req, uuids.instance, body)
|
|
start_mock.assert_called_once_with(mock.ANY, mock.ANY)
|
|
|
|
def test_stop_policy_failed_with_other_project(self):
|
|
rules = {
|
|
self.stop_policy: "project_id:%(project_id)s"
|
|
}
|
|
policy.set_rules(oslo_policy.Rules.from_dict(rules))
|
|
body = dict(stop="")
|
|
# Change the project_id in request context.
|
|
self.req.environ['nova.context'].project_id = 'other-project'
|
|
exc = self.assertRaises(exception.PolicyNotAuthorized,
|
|
self.controller._stop_server,
|
|
self.req, uuids.instance, body)
|
|
self.assertIn(self.stop_policy, exc.format_message())
|
|
|
|
@mock.patch('nova.compute.api.API.stop')
|
|
def test_stop_overridden_policy_pass_with_same_project(self, stop_mock):
|
|
rules = {
|
|
self.stop_policy: "project_id:%(project_id)s"
|
|
}
|
|
policy.set_rules(oslo_policy.Rules.from_dict(rules))
|
|
body = dict(stop="")
|
|
self.controller._stop_server(self.req, uuids.instance, body)
|
|
stop_mock.assert_called_once_with(mock.ANY, mock.ANY)
|
|
|
|
def test_stop_overridden_policy_failed_with_other_user_in_same_project(
|
|
self):
|
|
rules = {
|
|
self.stop_policy: "user_id:%(user_id)s"
|
|
}
|
|
policy.set_rules(oslo_policy.Rules.from_dict(rules))
|
|
# Change the user_id in request context.
|
|
self.req.environ['nova.context'].user_id = 'other-user'
|
|
body = dict(stop="")
|
|
exc = self.assertRaises(exception.PolicyNotAuthorized,
|
|
self.controller._stop_server,
|
|
self.req, uuids.instance, body)
|
|
self.assertIn(self.stop_policy, exc.format_message())
|
|
|
|
@mock.patch('nova.compute.api.API.stop')
|
|
def test_stop_overridden_policy_pass_with_same_user(self, stop_mock):
|
|
rules = {
|
|
self.stop_policy: "user_id:%(user_id)s"
|
|
}
|
|
policy.set_rules(oslo_policy.Rules.from_dict(rules))
|
|
body = dict(stop="")
|
|
self.controller._stop_server(self.req, uuids.instance, body)
|
|
stop_mock.assert_called_once_with(mock.ANY, mock.ANY)
|