From bc9f1f47b59a57384236fdc1f4d851d9534a7b80 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@gmail.com>
Date: Fri, 22 Jul 2011 20:41:46 +0000
Subject: [PATCH] fix test_access

---
 nova/auth/manager.py      |  9 +++++++++
 nova/tests/test_access.py | 19 +++++++++----------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index 06af7e781..7f99d9016 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -518,6 +518,15 @@ class AuthManager(object):
             return drv.get_user_roles(User.safe_id(user),
                                       Project.safe_id(project))
 
+    def get_active_roles(self, user, project=None):
+        """Get all active roles for context"""
+        if project:
+            roles = FLAGS.allowed_roles
+            roles.append('projectmanager')
+        else:
+            roles = FLAGS.global_roles
+        return [role for role in roles if self.has_role(user, role, project)]
+
     def get_project(self, pid):
         """Get project object by id"""
         with self.driver() as drv:
diff --git a/nova/tests/test_access.py b/nova/tests/test_access.py
index 39558b1cf..3b54fc249 100644
--- a/nova/tests/test_access.py
+++ b/nova/tests/test_access.py
@@ -16,7 +16,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import unittest
 import webob
 
 from nova import context
@@ -93,7 +92,11 @@ class AccessTestCase(test.TestCase):
         super(AccessTestCase, self).tearDown()
 
     def response_status(self, user, methodName):
-        ctxt = context.RequestContext(user.id, self.project.id)
+        roles = manager.AuthManager().get_active_roles(user, self.project)
+        ctxt = context.RequestContext(user.id,
+                                      self.project.id,
+                                      is_admin=user.is_admin(),
+                                      roles=roles)
         environ = self._env_for(ctxt, methodName)
         req = webob.Request.blank('/', environ)
         resp = req.get_response(self.mw)
@@ -105,30 +108,26 @@ class AccessTestCase(test.TestCase):
     def shouldDeny(self, user, methodName):
         self.assertEqual(401, self.response_status(user, methodName))
 
-    def test_001_allow_all(self):
+    def test_allow_all(self):
         users = [self.testadmin, self.testpmsys, self.testnet, self.testsys]
         for user in users:
             self.shouldAllow(user, '_allow_all')
 
-    def test_002_allow_none(self):
+    def test_allow_none(self):
         self.shouldAllow(self.testadmin, '_allow_none')
         users = [self.testpmsys, self.testnet, self.testsys]
         for user in users:
             self.shouldDeny(user, '_allow_none')
 
-    def test_003_allow_project_manager(self):
+    def test_allow_project_manager(self):
         for user in [self.testadmin, self.testpmsys]:
             self.shouldAllow(user, '_allow_project_manager')
         for user in [self.testnet, self.testsys]:
             self.shouldDeny(user, '_allow_project_manager')
 
-    def test_004_allow_sys_and_net(self):
+    def test_allow_sys_and_net(self):
         for user in [self.testadmin, self.testnet, self.testsys]:
             self.shouldAllow(user, '_allow_sys_and_net')
         # denied because it doesn't have the per project sysadmin
         for user in [self.testpmsys]:
             self.shouldDeny(user, '_allow_sys_and_net')
-
-if __name__ == "__main__":
-    # TODO: Implement use_fake as an option
-    unittest.main()