x/python-ganttclient
Code Issues Proposed changes

Add policy checking to nova.network.api.API

Browse Source 
Partially implements bp interim-nova-authz-service

Change-Id: Ib93d854ee1a7f22f4e7f313a9d50300df8b8596b
This commit is contained in:
Brian Waldon
2012-01-12 15:52:11 -08:00
parent 70fff0e7c2
commit c0127c3b17
2 changed files with 75 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
nova/tests/policy.json
View File

@@ -88,5 +88,39 @@
"volume:create_snapshot": [], "volume:create_snapshot": [],
"volume:delete_snapshot": [], "volume:delete_snapshot": [],
"volume:get_snapshot": [], "volume:get_snapshot": [],
"volume:get_all_snapshots": [] "volume:get_all_snapshots": [],
"network:get_all_networks": [],
"network:get_network": [],
"network:delete_network": [],
"network:disassociate_network": [],
"network:get_vifs_by_instance": [],
"network:allocate_for_instance": [],
"network:deallocate_for_instance": [],
"network:validate_networks": [],
"network:get_instance_uuids_by_ip_filter": [],
"network:get_floating_ip": [],
"network:get_floating_ip_pools": [],
"network:get_floating_ip_by_address": [],
"network:get_floating_ips_by_project": [],
"network:get_floating_ips_by_fixed_address": [],
"network:allocate_floating_ip": [],
"network:deallocate_floating_ip": [],
"network:associate_floating_ip": [],
"network:disassociate_floating_ip": [],
"network:get_fixed_ip": [],
"network:add_fixed_ip_to_instance": [],
"network:remove_fixed_ip_from_instance": [],
"network:add_network_to_project": [],
"network:get_instance_nw_info": [],
"network:get_dns_zones": [],
"network:add_dns_entry": [],
"network:modify_dns_entry": [],
"network:delete_dns_entry": [],
"network:get_dns_entries_by_address": [],
"network:get_dns_entries_by_name": []
} }

45
nova/tests/test_network.py
View File

@@ -22,6 +22,7 @@ from nova import db
from nova import exception from nova import exception
from nova import flags from nova import flags
from nova import log as logging from nova import log as logging
import nova.policy
from nova import rpc from nova import rpc
from nova import test from nova import test
from nova import utils from nova import utils
@@ -230,7 +231,7 @@ class FlatNetworkTestCase(test.TestCase):
self.mox.ReplayAll() self.mox.ReplayAll()
self.assertRaises(exception.FixedIpInvalid, self.assertRaises(exception.FixedIpInvalid,
self.network.validate_networks, None, self.network.validate_networks, self.context,
requested_networks) requested_networks)
def test_validate_networks_empty_fixed_ip(self): def test_validate_networks_empty_fixed_ip(self):
@@ -243,7 +244,7 @@ class FlatNetworkTestCase(test.TestCase):
self.assertRaises(exception.FixedIpInvalid, self.assertRaises(exception.FixedIpInvalid,
self.network.validate_networks, self.network.validate_networks,
None, requested_networks) self.context, requested_networks)
def test_validate_networks_none_fixed_ip(self): def test_validate_networks_none_fixed_ip(self):
self.mox.StubOutWithMock(db, 'network_get_all_by_uuids') self.mox.StubOutWithMock(db, 'network_get_all_by_uuids')
@@ -253,7 +254,7 @@ class FlatNetworkTestCase(test.TestCase):
mox.IgnoreArg()).AndReturn(networks) mox.IgnoreArg()).AndReturn(networks)
self.mox.ReplayAll() self.mox.ReplayAll()
self.network.validate_networks(None, requested_networks) self.network.validate_networks(self.context, requested_networks)
def test_add_fixed_ip_instance_without_vpn_requested_networks(self): def test_add_fixed_ip_instance_without_vpn_requested_networks(self):
self.mox.StubOutWithMock(db, 'network_get') self.mox.StubOutWithMock(db, 'network_get')
@@ -813,12 +814,17 @@ class VlanNetworkTestCase(test.TestCase):
class CommonNetworkTestCase(test.TestCase): class CommonNetworkTestCase(test.TestCase):
def setUp(self):
super(CommonNetworkTestCase, self).setUp()
self.context = context.RequestContext('fake', 'fake')
def fake_create_fixed_ips(self, context, network_id): def fake_create_fixed_ips(self, context, network_id):
return None return None
def test_remove_fixed_ip_from_instance(self): def test_remove_fixed_ip_from_instance(self):
manager = fake_network.FakeNetworkManager() manager = fake_network.FakeNetworkManager()
manager.remove_fixed_ip_from_instance(None, 99, '10.0.0.1') manager.remove_fixed_ip_from_instance(self.context, 99, '10.0.0.1')
self.assertEquals(manager.deallocate_called, '10.0.0.1') self.assertEquals(manager.deallocate_called, '10.0.0.1')
@@ -826,7 +832,7 @@ class CommonNetworkTestCase(test.TestCase):
manager = fake_network.FakeNetworkManager() manager = fake_network.FakeNetworkManager()
self.assertRaises(exception.FixedIpNotFoundForSpecificInstance, self.assertRaises(exception.FixedIpNotFoundForSpecificInstance,
manager.remove_fixed_ip_from_instance, manager.remove_fixed_ip_from_instance,
None, 99, 'bad input') self.context, 99, 'bad input')
def test_validate_cidrs(self): def test_validate_cidrs(self):
manager = fake_network.FakeNetworkManager() manager = fake_network.FakeNetworkManager()
@@ -1320,3 +1326,32 @@ class FloatingIPTestCase(test.TestCase):
self.assertRaises(exception.NotFound, self.assertRaises(exception.NotFound,
self.network.delete_dns_entry, self.context, self.network.delete_dns_entry, self.context,
name1, zone) name1, zone)
class NetworkPolicyTestCase(test.TestCase):
def setUp(self):
super(NetworkPolicyTestCase, self).setUp()
nova.policy.reset()
nova.policy.init()
self.context = context.get_admin_context()
def tearDown(self):
super(NetworkPolicyTestCase, self).tearDown()
nova.policy.reset()
def _set_rules(self, rules):
nova.common.policy.set_brain(nova.common.policy.HttpBrain(rules))
def test_check_policy(self):
self.mox.StubOutWithMock(nova.policy, 'enforce')
target = {
'project_id': self.context.project_id,
'user_id': self.context.user_id,
}
nova.policy.enforce(self.context, 'network:get_all', target)
self.mox.ReplayAll()
network_manager.check_policy(self.context, 'get_all')
self.mox.UnsetStubs()
self.mox.VerifyAll()