diff options
| author | Brian Waldon <bcwaldon@gmail.com> | 2012-01-12 13:00:45 -0800 |
|---|---|---|
| committer | Brian Waldon <bcwaldon@gmail.com> | 2012-01-15 19:39:08 -0800 |
| commit | ebc06cf9de086ff6a2001d20fc10f05360a0aa7c (patch) | |
| tree | bdc1c61cff29b13d0a3e2abbf725cee3726e871e /nova/tests | |
| parent | 46f90f7cb79a01104376919c56e70a6324fe89af (diff) | |
Add policy checks to Volume.API
Change-Id: If4b37c1041a10c3c0697724281aadb9a17b51373
Diffstat (limited to 'nova/tests')
| -rw-r--r-- | nova/tests/policy.json | 24 | ||||
| -rw-r--r-- | nova/tests/test_volume.py | 45 |
2 files changed, 68 insertions, 1 deletions
diff --git a/nova/tests/policy.json b/nova/tests/policy.json index 7dae81a48..c96908fff 100644 --- a/nova/tests/policy.json +++ b/nova/tests/policy.json @@ -66,5 +66,27 @@ "compute:delete": [], "compute:soft_delete": [], "compute:force_delete": [], - "compute:restore": [] + "compute:restore": [], + + + "volume:create": [], + "volume:get": [], + "volume:get_all": [], + "volume:get_volume_metadata": [], + "volume:delete": [], + "volume:update": [], + "volume:delete_volume_metadata": [], + "volume:update_volume_metadata": [], + + "volume:attach": [], + "volume:detach": [], + "volume:check_attach": [], + "volume:check_detach": [], + "volume:initialize_connection": [], + "volume:terminate_connection": [], + + "volume:create_snapshot": [], + "volume:delete_snapshot": [], + "volume:get_snapshot": [], + "volume:get_all_snapshots": [] } diff --git a/nova/tests/test_volume.py b/nova/tests/test_volume.py index aeefcd020..fec394984 100644 --- a/nova/tests/test_volume.py +++ b/nova/tests/test_volume.py @@ -27,6 +27,7 @@ from nova import exception from nova import db from nova import flags from nova import log as logging +import nova.policy from nova import rpc from nova import test from nova import utils @@ -399,3 +400,47 @@ class ISCSITestCase(DriverTestCase): self.mox.UnsetStubs() self._detach_volume(volume_id_list) + + +class VolumePolicyTestCase(test.TestCase): + + def setUp(self): + super(VolumePolicyTestCase, self).setUp() + + nova.policy.reset() + nova.policy.init() + + self.context = context.get_admin_context() + self.volume_api = nova.volume.api.API() + + def tearDown(self): + super(VolumePolicyTestCase, self).tearDown() + nova.policy.reset() + + def _set_rules(self, rules): + nova.common.policy.set_brain(nova.common.policy.HttpBrain(rules)) + + def test_check_policy(self): + self.mox.StubOutWithMock(nova.policy, 'enforce') + target = { + 'project_id': self.context.project_id, + 'user_id': self.context.user_id, + } + nova.policy.enforce(self.context, 'volume:attach', target) + self.mox.ReplayAll() + nova.volume.api.check_policy(self.context, 'attach') + self.mox.UnsetStubs() + self.mox.VerifyAll() + + def test_check_policy_with_target(self): + self.mox.StubOutWithMock(nova.policy, 'enforce') + target = { + 'project_id': self.context.project_id, + 'user_id': self.context.user_id, + 'id': 2, + } + nova.policy.enforce(self.context, 'volume:attach', target) + self.mox.ReplayAll() + nova.volume.api.check_policy(self.context, 'attach', {'id': 2}) + self.mox.UnsetStubs() + self.mox.VerifyAll() |