diff options
| author | unicell <unicell@gmail.com> | 2012-08-18 14:23:01 +0800 |
|---|---|---|
| committer | unicell <unicell@gmail.com> | 2012-08-19 00:31:23 +0800 |
| commit | c6be78deb6a3a7cbf092efdfb54f561ce689605f (patch) | |
| tree | faec33ed92d186a6e927d0dd1201b922a6dce0b2 /nova/tests | |
| parent | a10be151ad9f62bb916498c8dae42e4b54dfc779 (diff) | |
Remove hard-coded 'admin' role checking and use policy instead
bug 1037786
This change removed hard-coded 'admin' role checking, and use policy check to
decide is_admin at the time of context construction. And also set
default admin role to 'admin', in policy template, to keep backward
compatibility.
Change-Id: I56b45bfdfba1b8e1391bde7fec3d4cf26c66324c
Diffstat (limited to 'nova/tests')
| -rw-r--r-- | nova/tests/policy.json | 1 | ||||
| -rw-r--r-- | nova/tests/test_context.py | 6 | ||||
| -rw-r--r-- | nova/tests/test_policy.py | 5 |
3 files changed, 12 insertions, 0 deletions
diff --git a/nova/tests/policy.json b/nova/tests/policy.json index 6fa0cf4b3..a2d948323 100644 --- a/nova/tests/policy.json +++ b/nova/tests/policy.json @@ -1,4 +1,5 @@ { + "admin": [["role:admin"], ["role:administrator"]], "compute:create": [], "compute:create:attach_network": [], "compute:create:attach_volume": [], diff --git a/nova/tests/test_context.py b/nova/tests/test_context.py index 977095910..0915bf157 100644 --- a/nova/tests/test_context.py +++ b/nova/tests/test_context.py @@ -26,6 +26,12 @@ class ContextTestCase(test.TestCase): roles=['admin', 'weasel']) self.assertEquals(ctxt.is_admin, True) + def test_request_context_sets_is_admin_by_role(self): + ctxt = context.RequestContext('111', + '222', + roles=['administrator']) + self.assertEquals(ctxt.is_admin, True) + def test_request_context_sets_is_admin_upcase(self): ctxt = context.RequestContext('111', '222', diff --git a/nova/tests/test_policy.py b/nova/tests/test_policy.py index 41282005a..a85d3e25c 100644 --- a/nova/tests/test_policy.py +++ b/nova/tests/test_policy.py @@ -49,6 +49,11 @@ class PolicyFileTestCase(test.TestCase): tmpfilename = os.path.join(tmpdir, 'policy') self.flags(policy_file=tmpfilename) + # NOTE(uni): context construction invokes policy check to determin + # is_admin or not. As a side-effect, policy reset is needed here + # to flush existing policy cache. + policy.reset() + action = "example:test" with open(tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": []}""") |