diff options
| author | Li Chen <chen.li@intel.com> | 2013-02-01 17:32:26 +0800 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-02-06 00:46:38 +0000 |
| commit | 7ba533f069aa95c73524f7f0a398a216dfbcdbb3 (patch) | |
| tree | 32355c0558879a709e509b09a5f36c6657c7eb5a /nova/tests | |
| parent | af235b22eccb81d815c79fd1f531734a140cfafb (diff) | |
Flavor Extra Specs should require admin privileges
The previous fix added admin check in policy.json,
but code still can't recorginize the detailed actions.
This fix edited "authorize" function for flavor_extra_specs,
to make sure it will check the admin privileges in policy.json.
Also, together with the code, this fix edit old test case with admin privileges,
and added new non-admin privileges test case.
Fixes bug 1094142
Change-Id: Ia286aedb4846383ad51bd54b0984dd1feddfbf81
Diffstat (limited to 'nova/tests')
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py | 48 | ||||
| -rw-r--r-- | nova/tests/fake_policy.py | 6 |
2 files changed, 46 insertions, 8 deletions
diff --git a/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py b/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py index a3745d573..269937b82 100644 --- a/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py +++ b/nova/tests/api/openstack/compute/contrib/test_flavors_extra_specs.py @@ -19,6 +19,7 @@ import webob from nova.api.openstack.compute.contrib import flavorextraspecs import nova.db +from nova import exception from nova import test from nova.tests.api.openstack import fakes @@ -98,26 +99,47 @@ class FlavorsExtraSpecsTest(test.TestCase): delete_flavor_extra_specs) req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + - '/key5') + '/key5', use_admin_context=True) self.controller.delete(req, 1, 'key5') + def test_delete_no_admin(self): + self.stubs.Set(nova.db, 'instance_type_extra_specs_delete', + delete_flavor_extra_specs) + + req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + + '/key5') + self.assertRaises(exception.NotAuthorized, self.controller.delete, + req, 1, 'key 5') + def test_create(self): self.stubs.Set(nova.db, 'instance_type_extra_specs_update_or_create', return_create_flavor_extra_specs) body = {"extra_specs": {"key1": "value1"}} - req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs') + req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs', + use_admin_context=True) res_dict = self.controller.create(req, 1, body) self.assertEqual('value1', res_dict['extra_specs']['key1']) - def test_create_empty_body(self): + def test_create_no_admin(self): self.stubs.Set(nova.db, 'instance_type_extra_specs_update_or_create', return_create_flavor_extra_specs) + body = {"extra_specs": {"key1": "value1"}} req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs') + self.assertRaises(exception.NotAuthorized, self.controller.create, + req, 1, body) + + def test_create_empty_body(self): + self.stubs.Set(nova.db, + 'instance_type_extra_specs_update_or_create', + return_create_flavor_extra_specs) + + req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs', + use_admin_context=True) self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, req, 1, '') @@ -128,18 +150,29 @@ class FlavorsExtraSpecsTest(test.TestCase): body = {"key1": "value1"} req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + - '/key1') + '/key1', use_admin_context=True) res_dict = self.controller.update(req, 1, 'key1', body) self.assertEqual('value1', res_dict['key1']) - def test_update_item_empty_body(self): + def test_update_item_no_admin(self): self.stubs.Set(nova.db, 'instance_type_extra_specs_update_or_create', return_create_flavor_extra_specs) + body = {"key1": "value1"} req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + '/key1') + self.assertRaises(exception.NotAuthorized, self.controller.update, + req, 1, 'key1', body) + + def test_update_item_empty_body(self): + self.stubs.Set(nova.db, + 'instance_type_extra_specs_update_or_create', + return_create_flavor_extra_specs) + + req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + + '/key1', use_admin_context=True) self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update, req, 1, 'key1', '') @@ -150,7 +183,7 @@ class FlavorsExtraSpecsTest(test.TestCase): body = {"key1": "value1", "key2": "value2"} req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs' + - '/key1') + '/key1', use_admin_context=True) self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update, req, 1, 'key1', body) @@ -160,7 +193,8 @@ class FlavorsExtraSpecsTest(test.TestCase): return_create_flavor_extra_specs) body = {"key1": "value1"} - req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs/bad') + req = fakes.HTTPRequest.blank('/v2/fake/flavors/1/os-extra_specs/bad', + use_admin_context=True) self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update, req, 1, 'bad', body) diff --git a/nova/tests/fake_policy.py b/nova/tests/fake_policy.py index 43d9e72b3..3586551d8 100644 --- a/nova/tests/fake_policy.py +++ b/nova/tests/fake_policy.py @@ -126,7 +126,11 @@ policy_data = """ "compute_extension:flavor_rxtx": "", "compute_extension:flavor_swap": "", "compute_extension:flavorextradata": "", - "compute_extension:flavorextraspecs": "", + "compute_extension:flavorextraspecs:index": "", + "compute_extension:flavorextraspecs:show": "", + "compute_extension:flavorextraspecs:create": "is_admin:True", + "compute_extension:flavorextraspecs:update": "is_admin:True", + "compute_extension:flavorextraspecs:delete": "is_admin:True", "compute_extension:flavormanage": "", "compute_extension:floating_ip_dns": "", "compute_extension:floating_ip_pools": "", |