Merge "Remove admin_only ext attr in favor of authz"

author: Jenkins <jenkins@review.openstack.org> 2012-01-24 19:32:49 +0000
committer: Gerrit Code Review <review@openstack.org> 2012-01-24 19:32:49 +0000
commit: 8dfd968e83cbcdc0796caa44289144d38a6a5ce8 (patch)
tree: e0e2e571a9aae49fc71736ad034d8fb6ed31b0b0 /nova/tests
parent: c88771d8202f9c1c3f7a7260dea200d902b3c3aa (diff)
parent: 9cb5f547dc6f3242edf393928dbc14b7cbfbbdd4 (diff)
15 files changed, 48 insertions, 116 deletions
diff --git a/nova/tests/api/openstack/compute/contrib/test_accounts.py b/nova/tests/api/openstack/compute/contrib/test_accounts.py
index dbf0e2600..6b820bd57 100644
--- a/nova/tests/api/openstack/compute/contrib/test_accounts.py
+++ b/nova/tests/api/openstack/compute/contrib/test_accounts.py
@@ -29,18 +29,12 @@ def fake_init(self):
     self.manager = fakes.FakeAuthManager()
 
 
-def fake_admin_check(self, req):
-    return True
-
-
 class AccountsTest(test.TestCase):
     def setUp(self):
         super(AccountsTest, self).setUp()
-        self.flags(verbose=True, allow_admin_api=True)
+        self.flags(verbose=True)
         self.stubs.Set(accounts.Controller, '__init__',
                        fake_init)
-        self.stubs.Set(accounts.Controller, '_check_admin',
-                       fake_admin_check)
         fakes.FakeAuthManager.clear_fakes()
         fakes.FakeAuthDatabase.data = {}
         fakes.stub_out_networking(self.stubs)
diff --git a/nova/tests/api/openstack/compute/contrib/test_admin_actions.py b/nova/tests/api/openstack/compute/contrib/test_admin_actions.py
index 3878ce676..f572b12d9 100644
--- a/nova/tests/api/openstack/compute/contrib/test_admin_actions.py
+++ b/nova/tests/api/openstack/compute/contrib/test_admin_actions.py
@@ -79,7 +79,6 @@ class AdminActionsTest(test.TestCase):
         super(AdminActionsTest, self).setUp()
         self.stubs.Set(compute.API, 'get', fake_compute_api_get)
         self.UUID = utils.gen_uuid()
-        self.flags(allow_admin_api=True)
         for _method in self._methods:
             self.stubs.Set(compute.API, _method, fake_compute_api)
 
@@ -122,8 +121,9 @@ class CreateBackupTests(test.TestCase):
         self.stubs.Set(compute.API, 'get', fake_compute_api_get)
         self.backup_stubs = fakes.stub_out_compute_api_backup(self.stubs)
 
-        self.flags(allow_admin_api=True)
-        self.app = compute_api.APIRouter()
+        router = compute_api.APIRouter()
+        ext_middleware = extensions.ExtensionMiddleware(router)
+        self.app = wsgi.LazySerializationMiddleware(ext_middleware)
 
         self.uuid = utils.gen_uuid()
 
diff --git a/nova/tests/api/openstack/compute/contrib/test_cloudpipe.py b/nova/tests/api/openstack/compute/contrib/test_cloudpipe.py
index 64b206aef..27341f199 100644
--- a/nova/tests/api/openstack/compute/contrib/test_cloudpipe.py
+++ b/nova/tests/api/openstack/compute/contrib/test_cloudpipe.py
@@ -107,7 +107,6 @@ class CloudpipeTest(test.TestCase):
 
     def setUp(self):
         super(CloudpipeTest, self).setUp()
-        self.flags(allow_admin_api=True)
         self.app = fakes.wsgi_app()
         inner_app = compute.APIRouter()
         self.context = context.RequestContext('fake', 'fake', is_admin=True)
diff --git a/nova/tests/api/openstack/compute/contrib/test_deferred_delete.py b/nova/tests/api/openstack/compute/contrib/test_deferred_delete.py
index a864aa595..d02569e00 100644
--- a/nova/tests/api/openstack/compute/contrib/test_deferred_delete.py
+++ b/nova/tests/api/openstack/compute/contrib/test_deferred_delete.py
@@ -18,6 +18,7 @@
 import webob
 
 from nova.api.openstack.compute.contrib import deferred_delete
+import nova.context
 from nova import compute
 from nova import exception
 from nova import test
@@ -34,7 +35,7 @@ class DeferredDeleteExtensionTest(test.TestCase):
         self.extension = deferred_delete.DeferredDeleteController()
         self.fake_input_dict = {}
         self.fake_uuid = 'fake_uuid'
-        self.fake_context = 'fake_context'
+        self.fake_context = nova.context.RequestContext('fake', 'fake')
         self.fake_req = FakeRequest(self.fake_context)
 
     def test_force_delete(self):
diff --git a/nova/tests/api/openstack/compute/contrib/test_extendedstatus.py b/nova/tests/api/openstack/compute/contrib/test_extendedstatus.py
index dc7f0cefa..738ab8290 100644
--- a/nova/tests/api/openstack/compute/contrib/test_extendedstatus.py
+++ b/nova/tests/api/openstack/compute/contrib/test_extendedstatus.py
@@ -41,7 +41,6 @@ class ExtendedStatusTest(test.TestCase):
         self.uuid = '70f6db34-de8d-4fbd-aafb-4065bdfa6114'
         self.url = '/v2/fake/servers/%s' % self.uuid
         fakes.stub_out_nw_api(self.stubs)
-        self.flags(allow_admin_api=True)
         self.stubs.Set(compute.api.API, 'routing_get', fake_compute_get)
 
     def _make_request(self):
diff --git a/nova/tests/api/openstack/compute/contrib/test_hosts.py b/nova/tests/api/openstack/compute/contrib/test_hosts.py
index e6a91477e..af4818c90 100644
--- a/nova/tests/api/openstack/compute/contrib/test_hosts.py
+++ b/nova/tests/api/openstack/compute/contrib/test_hosts.py
@@ -94,17 +94,14 @@ class HostTestCase(test.TestCase):
         self.assertEqual(result_c2["status"], "disabled")
 
     def test_host_startup(self):
-        self.flags(allow_admin_api=True)
         result = self.controller.startup(self.req, "host_c1")
         self.assertEqual(result["power_action"], "startup")
 
     def test_host_shutdown(self):
-        self.flags(allow_admin_api=True)
         result = self.controller.shutdown(self.req, "host_c1")
         self.assertEqual(result["power_action"], "shutdown")
 
     def test_host_reboot(self):
-        self.flags(allow_admin_api=True)
         result = self.controller.reboot(self.req, "host_c1")
         self.assertEqual(result["power_action"], "reboot")
 
diff --git a/nova/tests/api/openstack/compute/contrib/test_networks.py b/nova/tests/api/openstack/compute/contrib/test_networks.py
index 0eefca652..ed928348e 100644
--- a/nova/tests/api/openstack/compute/contrib/test_networks.py
+++ b/nova/tests/api/openstack/compute/contrib/test_networks.py
@@ -92,7 +92,6 @@ class NetworksTest(test.TestCase):
 
     def setUp(self):
         super(NetworksTest, self).setUp()
-        self.flags(allow_admin_api=True)
         self.fake_network_api = FakeNetworkAPI()
         self.controller = networks.NetworkController(self.fake_network_api)
         fakes.stub_out_networking(self.stubs)
diff --git a/nova/tests/api/openstack/compute/contrib/test_server_action_list.py b/nova/tests/api/openstack/compute/contrib/test_server_action_list.py
index ffd4f744d..2a175f1dd 100644
--- a/nova/tests/api/openstack/compute/contrib/test_server_action_list.py
+++ b/nova/tests/api/openstack/compute/contrib/test_server_action_list.py
@@ -47,7 +47,6 @@ class ServerActionsTest(test.TestCase):
 
     def setUp(self):
         super(ServerActionsTest, self).setUp()
-        self.flags(allow_admin_api=True)
         self.flags(verbose=True)
         self.stubs.Set(nova.compute.API, 'get_actions', fake_get_actions)
         self.stubs.Set(nova.compute.API, 'get', fake_instance_get)
diff --git a/nova/tests/api/openstack/compute/contrib/test_server_diagnostics.py b/nova/tests/api/openstack/compute/contrib/test_server_diagnostics.py
index 688940e3d..b18b5018d 100644
--- a/nova/tests/api/openstack/compute/contrib/test_server_diagnostics.py
+++ b/nova/tests/api/openstack/compute/contrib/test_server_diagnostics.py
@@ -40,7 +40,6 @@ class ServerDiagnosticsTest(test.TestCase):
 
     def setUp(self):
         super(ServerDiagnosticsTest, self).setUp()
-        self.flags(allow_admin_api=True)
         self.flags(verbose=True)
         self.stubs.Set(nova.compute.API, 'get_diagnostics',
                        fake_get_diagnostics)
diff --git a/nova/tests/api/openstack/compute/contrib/test_simple_tenant_usage.py b/nova/tests/api/openstack/compute/contrib/test_simple_tenant_usage.py
index b41773824..812aac297 100644
--- a/nova/tests/api/openstack/compute/contrib/test_simple_tenant_usage.py
+++ b/nova/tests/api/openstack/compute/contrib/test_simple_tenant_usage.py
@@ -88,7 +88,6 @@ class SimpleTenantUsageTest(test.TestCase):
         self.alt_user_context = context.RequestContext('fakeadmin_0',
                                                       'faketenant_1',
                                                        is_admin=False)
-        FLAGS.allow_admin_api = True
 
     def test_verify_index(self):
         req = webob.Request.blank(
diff --git a/nova/tests/api/openstack/compute/contrib/test_users.py b/nova/tests/api/openstack/compute/contrib/test_users.py
index 5895f4f66..3dd0b3074 100644
--- a/nova/tests/api/openstack/compute/contrib/test_users.py
+++ b/nova/tests/api/openstack/compute/contrib/test_users.py
@@ -26,18 +26,12 @@ def fake_init(self):
     self.manager = fakes.FakeAuthManager()
 
 
-def fake_admin_check(self, req):
-    return True
-
-
 class UsersTest(test.TestCase):
     def setUp(self):
         super(UsersTest, self).setUp()
-        self.flags(verbose=True, allow_admin_api=True)
+        self.flags(verbose=True)
         self.stubs.Set(users.Controller, '__init__',
                        fake_init)
-        self.stubs.Set(users.Controller, '_check_admin',
-                       fake_admin_check)
         fakes.FakeAuthManager.clear_fakes()
         fakes.FakeAuthManager.projects = dict(testacct=Project('testacct',
                                                                'testacct',
diff --git a/nova/tests/api/openstack/compute/contrib/test_zones.py b/nova/tests/api/openstack/compute/contrib/test_zones.py
index e23ea85e6..9f887cb0d 100644
--- a/nova/tests/api/openstack/compute/contrib/test_zones.py
+++ b/nova/tests/api/openstack/compute/contrib/test_zones.py
@@ -95,7 +95,6 @@ def zone_select(context, specs):
 class ZonesTest(test.TestCase):
     def setUp(self):
         super(ZonesTest, self).setUp()
-        self.flags(verbose=True, allow_admin_api=True)
         fakes.stub_out_networking(self.stubs)
         fakes.stub_out_rate_limiting(self.stubs)
 
diff --git a/nova/tests/api/openstack/compute/test_extensions.py b/nova/tests/api/openstack/compute/test_extensions.py
index 796880e1f..54d0e4625 100644
--- a/nova/tests/api/openstack/compute/test_extensions.py
+++ b/nova/tests/api/openstack/compute/test_extensions.py
@@ -150,7 +150,6 @@ class ExtensionControllerTest(ExtensionTestCase):
 
     def setUp(self):
         super(ExtensionControllerTest, self).setUp()
-        self.flags(allow_admin_api=True)
         self.ext_list = [
             "Accounts",
             "AdminActions",
@@ -355,19 +354,6 @@ class InvalidExtension(object):
     alias = "THIRD"
 
 
-class AdminExtension(base_extensions.ExtensionDescriptor):
-    """Admin-only extension"""
-
-    name = "Admin Ext"
-    alias = "ADMIN"
-    namespace = "http://www.example.com/"
-    updated = "2011-01-22T13:25:27-06:00"
-    admin_only = True
-
-    def __init__(self, *args, **kwargs):
-        pass
-
-
 class ExtensionManagerTest(ExtensionTestCase):
 
     response_body = "Try to say this Mr. Knox, sir..."
@@ -388,22 +374,6 @@ class ExtensionManagerTest(ExtensionTestCase):
         self.assertTrue('FOXNSOX' in ext_mgr.extensions)
         self.assertTrue('THIRD' not in ext_mgr.extensions)
 
-    def test_admin_extensions(self):
-        self.flags(allow_admin_api=True)
-        app = compute.APIRouter()
-        ext_mgr = compute_extensions.ExtensionManager()
-        ext_mgr.register(AdminExtension())
-        self.assertTrue('FOXNSOX' in ext_mgr.extensions)
-        self.assertTrue('ADMIN' in ext_mgr.extensions)
-
-    def test_admin_extensions_no_admin_api(self):
-        self.flags(allow_admin_api=False)
-        app = compute.APIRouter()
-        ext_mgr = compute_extensions.ExtensionManager()
-        ext_mgr.register(AdminExtension())
-        self.assertTrue('FOXNSOX' in ext_mgr.extensions)
-        self.assertTrue('ADMIN' not in ext_mgr.extensions)
-
 
 class ActionExtensionTest(ExtensionTestCase):
 
diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py
index f545aeaec..c6c7fcc43 100644
--- a/nova/tests/api/openstack/compute/test_servers.py
+++ b/nova/tests/api/openstack/compute/test_servers.py
@@ -861,7 +861,6 @@ class ServersControllerTest(test.TestCase):
             return [fakes.stub_instance(100, uuid=server_uuid)]
 
         self.stubs.Set(nova.compute.API, 'get_all', fake_get_all)
-        self.flags(allow_admin_api=False)
 
         req = fakes.HTTPRequest.blank('/v2/fake/servers?image=12345')
         servers = self.controller.index(req)['servers']
@@ -878,7 +877,6 @@ class ServersControllerTest(test.TestCase):
 
         self.stubs.Set(nova.db, 'instance_get_all_by_filters',
                        fake_get_all)
-        self.flags(allow_admin_api=True)
 
         req = fakes.HTTPRequest.blank('/v2/fake/servers?tenant_id=fake',
                                       use_admin_context=True)
@@ -897,7 +895,6 @@ class ServersControllerTest(test.TestCase):
             return [fakes.stub_instance(100, uuid=server_uuid)]
 
         self.stubs.Set(nova.compute.API, 'get_all', fake_get_all)
-        self.flags(allow_admin_api=False)
 
         req = fakes.HTTPRequest.blank('/v2/fake/servers?flavor=12345')
         servers = self.controller.index(req)['servers']
@@ -915,7 +912,6 @@ class ServersControllerTest(test.TestCase):
             return [fakes.stub_instance(100, uuid=server_uuid)]
 
         self.stubs.Set(nova.compute.API, 'get_all', fake_get_all)
-        self.flags(allow_admin_api=False)
 
         req = fakes.HTTPRequest.blank('/v2/fake/servers?status=active')
         servers = self.controller.index(req)['servers']
@@ -925,8 +921,8 @@ class ServersControllerTest(test.TestCase):
 
     def test_get_servers_invalid_status(self):
         """Test getting servers by invalid status"""
-        self.flags(allow_admin_api=False)
-        req = fakes.HTTPRequest.blank('/v2/fake/servers?status=unknown')
+        req = fakes.HTTPRequest.blank('/v2/fake/servers?status=unknown',
+                                      use_admin_context=False)
         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.index, req)
 
     def test_get_servers_allows_name(self):
@@ -939,7 +935,6 @@ class ServersControllerTest(test.TestCase):
             return [fakes.stub_instance(100, uuid=server_uuid)]
 
         self.stubs.Set(nova.compute.API, 'get_all', fake_get_all)
-        self.flags(allow_admin_api=False)
 
         req = fakes.HTTPRequest.blank('/v2/fake/servers?name=whee.*')
         servers = self.controller.index(req)['servers']
@@ -972,47 +967,11 @@ class ServersControllerTest(test.TestCase):
         req = fakes.HTTPRequest.blank('/v2/fake/servers?%s' % params)
         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.index, req)
 
-    def test_get_servers_unknown_or_admin_options1(self):
-        """Test getting servers by admin-only or unknown options.
-        This tests when admin_api is off.  Make sure the admin and
-        unknown options are stripped before they get to
-        compute_api.get_all()
+    def test_get_servers_admin_filters_as_user(self):
+        """Test getting servers by admin-only or unknown options when
+        context is not admin. Make sure the admin and unknown options
+        are stripped before they get to compute_api.get_all()
         """
-
-        self.flags(allow_admin_api=False)
-
-        server_uuid = str(utils.gen_uuid())
-
-        def fake_get_all(compute_self, context, search_opts=None):
-            self.assertNotEqual(search_opts, None)
-            # Allowed by user
-            self.assertTrue('name' in search_opts)
-            self.assertTrue('status' in search_opts)
-            # Allowed only by admins with admin API on
-            self.assertFalse('ip' in search_opts)
-            self.assertFalse('unknown_option' in search_opts)
-            return [fakes.stub_instance(100, uuid=server_uuid)]
-
-        self.stubs.Set(nova.compute.API, 'get_all', fake_get_all)
-
-        query_str = "name=foo&ip=10.*&status=active&unknown_option=meow"
-        req = fakes.HTTPRequest.blank('/v2/fake/servers?%s' % query_str,
-                                      use_admin_context=True)
-        res = self.controller.index(req)
-
-        servers = res['servers']
-        self.assertEqual(len(servers), 1)
-        self.assertEqual(servers[0]['id'], server_uuid)
-
-    def test_get_servers_unknown_or_admin_options2(self):
-        """Test getting servers by admin-only or unknown options.
-        This tests when admin_api is on, but context is a user.
-        Make sure the admin and unknown options are stripped before
-        they get to compute_api.get_all()
-        """
-
-        self.flags(allow_admin_api=True)
-
         server_uuid = str(utils.gen_uuid())
 
         def fake_get_all(compute_self, context, search_opts=None):
@@ -1035,14 +994,10 @@ class ServersControllerTest(test.TestCase):
         self.assertEqual(len(servers), 1)
         self.assertEqual(servers[0]['id'], server_uuid)
 
-    def test_get_servers_unknown_or_admin_options3(self):
-        """Test getting servers by admin-only or unknown options.
-        This tests when admin_api is on and context is admin.
-        All options should be passed through to compute_api.get_all()
+    def test_get_servers_admin_options_as_admin(self):
+        """Test getting servers by admin-only or unknown options when
+        context is admin. All options should be passed
         """
-
-        self.flags(allow_admin_api=True)
-
         server_uuid = str(utils.gen_uuid())
 
         def fake_get_all(compute_self, context, search_opts=None):
@@ -1069,8 +1024,6 @@ class ServersControllerTest(test.TestCase):
         """Test getting servers by ip with admin_api enabled and
         admin context
         """
-        self.flags(allow_admin_api=True)
-
         server_uuid = str(utils.gen_uuid())
 
         def fake_get_all(compute_self, context, search_opts=None):
@@ -1092,8 +1045,6 @@ class ServersControllerTest(test.TestCase):
         """Test getting servers by ip6 with admin_api enabled and
         admin context
         """
-        self.flags(allow_admin_api=True)
-
         server_uuid = str(utils.gen_uuid())
 
         def fake_get_all(compute_self, context, search_opts=None):
diff --git a/nova/tests/policy.json b/nova/tests/policy.json
index 807de6921..ff30cd43d 100644
--- a/nova/tests/policy.json
+++ b/nova/tests/policy.json
@@ -69,6 +69,38 @@
     "compute:restore": [],
 
 
+    "compute_extension:accounts": [],
+    "compute_extension:admin_actions": [],
+    "compute_extension:cloudpipe": [],
+    "compute_extension:console_output": [],
+    "compute_extension:consoles": [],
+    "compute_extension:createserverext": [],
+    "compute_extension:deferred_delete": [],
+    "compute_extension:disk_config": [],
+    "compute_extension:extended_status": [],
+    "compute_extension:flavorextraspecs": [],
+    "compute_extension:floating_ip_dns": [],
+    "compute_extension:floating_ip_pools": [],
+    "compute_extension:floating_ips": [],
+    "compute_extension:hosts": [],
+    "compute_extension:keypairs": [],
+    "compute_extension:multinic": [],
+    "compute_extension:networks": [],
+    "compute_extension:quotas": [],
+    "compute_extension:rescue": [],
+    "compute_extension:security_groups": [],
+    "compute_extension:server_action_list": [],
+    "compute_extension:server_diagnostics": [],
+    "compute_extension:simple_tenant_usage": [],
+    "compute_extension:users": [],
+    "compute_extension:virtual_interfaces": [],
+    "compute_extension:virtual_storage_arrays": [],
+    "compute_extension:volumes": [],
+    "compute_extension:volumetypes": [],
+    "compute_extension:zones": [],
+
+
+
     "volume:create": [],
     "volume:get": [],
     "volume:get_all": [],
author	Jenkins <jenkins@review.openstack.org>	2012-01-24 19:32:49 +0000
committer	Gerrit Code Review <review@openstack.org>	2012-01-24 19:32:49 +0000
commit	8dfd968e83cbcdc0796caa44289144d38a6a5ce8 (patch)
tree	e0e2e571a9aae49fc71736ad034d8fb6ed31b0b0 /nova/tests
parent	c88771d8202f9c1c3f7a7260dea200d902b3c3aa (diff)
parent	9cb5f547dc6f3242edf393928dbc14b7cbfbbdd4 (diff)