6 files changed, 77 insertions, 47 deletions
diff --git a/nova/test.py b/nova/test.py
index e1fd5efe0..1e9945bbc 100644
--- a/nova/test.py
+++ b/nova/test.py
@@ -46,6 +46,7 @@ from nova.openstack.common import timeutils
 from nova import service
 from nova import tests
 from nova.tests import fake_flags
+from nova.tests import policy_fixture
 from nova.tests import utils
 
 
@@ -157,6 +158,7 @@ class TestCase(testtools.TestCase):
         self._services = []
         self._modules = {}
         self.useFixture(EnvironmentVariable('http_proxy'))
+        self.policy = self.useFixture(policy_fixture.PolicyFixture())
 
     def tearDown(self):
         """Runs after each test method to tear down test environment."""
diff --git a/nova/tests/compute/test_compute.py b/nova/tests/compute/test_compute.py
index c4be414da..76d0129c6 100644
--- a/nova/tests/compute/test_compute.py
+++ b/nova/tests/compute/test_compute.py
@@ -48,7 +48,6 @@ from nova.openstack.common import jsonutils
 from nova.openstack.common import log as logging
 from nova.openstack.common.notifier import api as notifier_api
 from nova.openstack.common.notifier import test_notifier
-from nova.openstack.common import policy as common_policy
 from nova.openstack.common import rpc
 from nova.openstack.common.rpc import common as rpc_common
 from nova.openstack.common import timeutils
@@ -5324,20 +5323,9 @@ class ComputePolicyTestCase(BaseTestCase):
 
     def setUp(self):
         super(ComputePolicyTestCase, self).setUp()
-        nova.policy.reset()
-        nova.policy.init()
 
         self.compute_api = compute.API()
 
-    def tearDown(self):
-        super(ComputePolicyTestCase, self).tearDown()
-        nova.policy.reset()
-
-    def _set_rules(self, rules):
-        common_policy.set_rules(common_policy.Rules(
-                dict((k, common_policy.parse_rule(v))
-                     for k, v in rules.items())))
-
     def test_actions_are_prefixed(self):
         self.mox.StubOutWithMock(nova.policy, 'enforce')
         nova.policy.enforce(self.context, 'compute:reboot', {})
@@ -5349,20 +5337,20 @@ class ComputePolicyTestCase(BaseTestCase):
 
         # force delete to fail
         rules = {"compute:delete": [["false:false"]]}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.delete, self.context, instance)
 
         # reset rules to allow deletion
         rules = {"compute:delete": []}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.compute_api.delete(self.context, instance)
 
     def test_create_fail(self):
         rules = {"compute:create": [["false:false"]]}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.create, self.context, '1', '1')
@@ -5373,7 +5361,7 @@ class ComputePolicyTestCase(BaseTestCase):
             "compute:create:attach_network": [["false:false"]],
             "compute:create:attach_volume": [],
         }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.create, self.context, '1', '1',
@@ -5386,7 +5374,7 @@ class ComputePolicyTestCase(BaseTestCase):
             "compute:create:attach_network": [],
             "compute:create:attach_volume": [["false:false"]],
         }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.create, self.context, '1', '1',
@@ -5399,7 +5387,7 @@ class ComputePolicyTestCase(BaseTestCase):
         rules = {
             "compute:get": [["false:false"]],
         }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.get, self.context, instance['uuid'])
@@ -5408,7 +5396,7 @@ class ComputePolicyTestCase(BaseTestCase):
         rules = {
             "compute:get_all": [["false:false"]],
         }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.get_all, self.context)
@@ -5421,7 +5409,7 @@ class ComputePolicyTestCase(BaseTestCase):
         rules = {
             "compute:get_instance_faults": [["false:false"]],
         }
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.get_instance_faults,
@@ -5430,7 +5418,7 @@ class ComputePolicyTestCase(BaseTestCase):
     def test_force_host_fail(self):
         rules = {"compute:create": [],
                  "compute:create:forced_host": [["role:fake"]]}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.assertRaises(exception.PolicyNotAuthorized,
                           self.compute_api.create, self.context, None, '1',
@@ -5439,7 +5427,7 @@ class ComputePolicyTestCase(BaseTestCase):
     def test_force_host_pass(self):
         rules = {"compute:create": [],
                  "compute:create:forced_host": []}
-        self._set_rules(rules)
+        self.policy.set_rules(rules)
 
         self.compute_api.create(self.context, None, '1',
                                 availability_zone='1:1')
diff --git a/nova/tests/policy.json b/nova/tests/fake_policy.py
index 517ba2a55..b3ae0fa17 100644
--- a/nova/tests/policy.json
+++ b/nova/tests/fake_policy.py
@@ -1,3 +1,21 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+policy_data = """
 {
     "admin_api": "role:admin",
 
@@ -205,3 +223,4 @@
     "network:create_public_dns_domain": "",
     "network:delete_dns_domain": ""
 }
+"""
diff --git a/nova/tests/network/test_manager.py b/nova/tests/network/test_manager.py
index 93ed8f310..b3ba161c6 100644
--- a/nova/tests/network/test_manager.py
+++ b/nova/tests/network/test_manager.py
@@ -1928,9 +1928,6 @@ class NetworkPolicyTestCase(test.TestCase):
         super(NetworkPolicyTestCase, self).tearDown()
         nova.policy.reset()
 
-    def _set_rules(self, rules):
-        nova.common.policy.set_brain(nova.common.policy.HttpBrain(rules))
-
     def test_check_policy(self):
         self.mox.StubOutWithMock(nova.policy, 'enforce')
         target = {
diff --git a/nova/tests/policy_fixture.py b/nova/tests/policy_fixture.py
new file mode 100644
index 000000000..282a28b44
--- /dev/null
+++ b/nova/tests/policy_fixture.py
@@ -0,0 +1,44 @@
+# Copyright 2012 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import os
+
+import fixtures
+
+from nova.openstack.common import cfg
+from nova.openstack.common import policy as common_policy
+import nova.policy
+from nova.tests import fake_policy
+
+CONF = cfg.CONF
+
+
+class PolicyFixture(fixtures.Fixture):
+
+    def setUp(self):
+        super(PolicyFixture, self).setUp()
+        self.policy_dir = self.useFixture(fixtures.TempDir())
+        self.policy_file_name = os.path.join(self.policy_dir.path,
+                                             'policy.json')
+        with open(self.policy_file_name, 'w') as policy_file:
+            policy_file.write(fake_policy.policy_data)
+        CONF.set_override('policy_file', self.policy_file_name)
+        nova.policy.reset()
+        nova.policy.init()
+        self.addCleanup(nova.policy.reset)
+
+    def set_rules(self, rules):
+        common_policy.set_rules(common_policy.Rules(
+                dict((k, common_policy.parse_rule(v))
+                     for k, v in rules.items())))
diff --git a/nova/tests/test_policy.py b/nova/tests/test_policy.py
index f90854f08..ba11c07f9 100644
--- a/nova/tests/test_policy.py
+++ b/nova/tests/test_policy.py
@@ -32,17 +32,13 @@ from nova import utils
 class PolicyFileTestCase(test.TestCase):
     def setUp(self):
         super(PolicyFileTestCase, self).setUp()
-        policy.reset()
         self.context = context.RequestContext('fake', 'fake')
         self.target = {}
 
-    def tearDown(self):
-        super(PolicyFileTestCase, self).tearDown()
-        policy.reset()
-
     def test_modified_policy_reloads(self):
         with utils.tempdir() as tmpdir:
             tmpfilename = os.path.join(tmpdir, 'policy')
+
             self.flags(policy_file=tmpfilename)
 
             # NOTE(uni): context construction invokes policy check to determin
@@ -66,9 +62,6 @@ class PolicyFileTestCase(test.TestCase):
 class PolicyTestCase(test.TestCase):
     def setUp(self):
         super(PolicyTestCase, self).setUp()
-        policy.reset()
-        # NOTE(vish): preload rules to circumvent reloading from file
-        policy.init()
         rules = {
             "true": '@',
             "example:allowed": '@',
@@ -81,17 +74,10 @@ class PolicyTestCase(test.TestCase):
             "example:lowercase_admin": "role:admin or role:sysadmin",
             "example:uppercase_admin": "role:ADMIN or role:sysadmin",
         }
-        # NOTE(vish): then overload underlying brain
-        common_policy.set_rules(common_policy.Rules(
-                dict((k, common_policy.parse_rule(v))
-                     for k, v in rules.items())))
+        self.policy.set_rules(rules)
         self.context = context.RequestContext('fake', 'fake', roles=['member'])
         self.target = {}
 
-    def tearDown(self):
-        policy.reset()
-        super(PolicyTestCase, self).tearDown()
-
     def test_enforce_nonexistent_action_throws(self):
         action = "example:noexist"
         self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
@@ -165,8 +151,6 @@ class DefaultPolicyTestCase(test.TestCase):
 
     def setUp(self):
         super(DefaultPolicyTestCase, self).setUp()
-        policy.reset()
-        policy.init()
 
         self.rules = {
             "default": '',
@@ -183,10 +167,6 @@ class DefaultPolicyTestCase(test.TestCase):
                  for k, v in self.rules.items()), default_rule)
         common_policy.set_rules(rules)
 
-    def tearDown(self):
-        super(DefaultPolicyTestCase, self).tearDown()
-        policy.reset()
-
     def test_policy_called(self):
         self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                 self.context, "example:exist", {})