diff options
| -rw-r--r-- | etc/nova/policy.json | 16 | ||||
| -rw-r--r-- | nova/network/api.py | 63 | ||||
| -rw-r--r-- | nova/network/manager.py | 68 | ||||
| -rw-r--r-- | nova/tests/fake_policy.py | 15 | ||||
| -rw-r--r-- | nova/tests/network/test_api.py | 28 | ||||
| -rw-r--r-- | nova/tests/network/test_manager.py | 25 |
6 files changed, 112 insertions, 103 deletions
diff --git a/etc/nova/policy.json b/etc/nova/policy.json index d94ec7192..97ae89a38 100644 --- a/etc/nova/policy.json +++ b/etc/nova/policy.json @@ -102,15 +102,20 @@ "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - "network:get_all_networks": "", - "network:get_network": "", - "network:delete_network": "", - "network:disassociate_network": "", + "network:get_all": "", + "network:get": "", + "network:create": "", + "network:delete": "", + "network:associate": "", + "network:disassociate": "", "network:get_vifs_by_instance": "", "network:allocate_for_instance": "", "network:deallocate_for_instance": "", "network:validate_networks": "", "network:get_instance_uuids_by_ip_filter": "", + "network:get_instance_id_by_floating_address": "", + "network:setup_networks_on_host": "", + "network:get_backdoor_port": "", "network:get_floating_ip": "", "network:get_floating_ip_pools": "", @@ -121,6 +126,9 @@ "network:deallocate_floating_ip": "", "network:associate_floating_ip": "", "network:disassociate_floating_ip": "", + "network:release_floating_ip": "", + "network:migrate_instance_start": "", + "network:migrate_instance_finish": "", "network:get_fixed_ip": "", "network:get_fixed_ip_by_address": "", diff --git a/nova/network/api.py b/nova/network/api.py index 5e3762e89..59172d9ec 100644 --- a/nova/network/api.py +++ b/nova/network/api.py @@ -25,6 +25,7 @@ from nova import exception from nova.network import model as network_model from nova.network import rpcapi as network_rpcapi from nova.openstack.common import log as logging +from nova import policy LOG = logging.getLogger(__name__) @@ -73,6 +74,27 @@ def update_instance_cache_with_nw_info(api, context, instance, LOG.exception(_('Failed storing info cache'), instance=instance) +def wrap_check_policy(func): + """Check policy corresponding to the wrapped methods prior to execution.""" + + @functools.wraps(func) + def wrapped(self, context, *args, **kwargs): + action = func.__name__ + check_policy(context, action) + return func(self, context, *args, **kwargs) + + return wrapped + + +def check_policy(context, action): + target = { + 'project_id': context.project_id, + 'user_id': context.user_id, + } + _action = 'network:%s' % action + policy.enforce(context, _action, target) + + class API(base.Base): """API for doing networking via the nova-network network manager. @@ -86,58 +108,75 @@ class API(base.Base): self.network_rpcapi = network_rpcapi.NetworkAPI() super(API, self).__init__(**kwargs) + @wrap_check_policy def get_all(self, context): return self.network_rpcapi.get_all_networks(context) + @wrap_check_policy def get(self, context, network_uuid): return self.network_rpcapi.get_network(context, network_uuid) + @wrap_check_policy def create(self, context, **kwargs): return self.network_rpcapi.create_networks(context, **kwargs) + @wrap_check_policy def delete(self, context, network_uuid): return self.network_rpcapi.delete_network(context, network_uuid, None) + @wrap_check_policy def disassociate(self, context, network_uuid): return self.network_rpcapi.disassociate_network(context, network_uuid) + @wrap_check_policy def get_fixed_ip(self, context, id): return self.network_rpcapi.get_fixed_ip(context, id) + @wrap_check_policy def get_fixed_ip_by_address(self, context, address): return self.network_rpcapi.get_fixed_ip_by_address(context, address) + @wrap_check_policy def get_floating_ip(self, context, id): return self.network_rpcapi.get_floating_ip(context, id) + @wrap_check_policy def get_floating_ip_pools(self, context): return self.network_rpcapi.get_floating_ip_pools(context) + @wrap_check_policy def get_floating_ip_by_address(self, context, address): return self.network_rpcapi.get_floating_ip_by_address(context, address) + @wrap_check_policy def get_floating_ips_by_project(self, context): return self.network_rpcapi.get_floating_ips_by_project(context) + @wrap_check_policy def get_floating_ips_by_fixed_address(self, context, fixed_address): return self.network_rpcapi.get_floating_ips_by_fixed_address(context, fixed_address) + @wrap_check_policy def get_backdoor_port(self, context, host): return self.network_rpcapi.get_backdoor_port(context, host) + @wrap_check_policy def get_instance_id_by_floating_address(self, context, address): # NOTE(tr3buchet): i hate this return self.network_rpcapi.get_instance_id_by_floating_address(context, address) + @wrap_check_policy def get_vifs_by_instance(self, context, instance): return self.network_rpcapi.get_vifs_by_instance(context, instance['id']) + @wrap_check_policy def get_vif_by_mac_address(self, context, mac_address): return self.network_rpcapi.get_vif_by_mac_address(context, mac_address) + @wrap_check_policy def allocate_floating_ip(self, context, pool=None): """Adds (allocates) a floating ip to a project from a pool.""" # NOTE(vish): We don't know which network host should get the ip @@ -147,12 +186,14 @@ class API(base.Base): return self.network_rpcapi.allocate_floating_ip(context, context.project_id, pool, False) + @wrap_check_policy def release_floating_ip(self, context, address, affect_auto_assigned=False): """Removes (deallocates) a floating ip with address from a project.""" return self.network_rpcapi.deallocate_floating_ip(context, address, affect_auto_assigned) + @wrap_check_policy @refresh_cache def associate_floating_ip(self, context, instance, floating_address, fixed_address, @@ -175,6 +216,7 @@ class API(base.Base): # purge cached nw info for the original instance update_instance_cache_with_nw_info(self, context, orig_instance) + @wrap_check_policy @refresh_cache def disassociate_floating_ip(self, context, instance, address, affect_auto_assigned=False): @@ -182,6 +224,7 @@ class API(base.Base): self.network_rpcapi.disassociate_floating_ip(context, address, affect_auto_assigned) + @wrap_check_policy @refresh_cache def allocate_for_instance(self, context, instance, vpn, requested_networks, macs=None): @@ -207,6 +250,7 @@ class API(base.Base): return network_model.NetworkInfo.hydrate(nw_info) + @wrap_check_policy def deallocate_for_instance(self, context, instance): """Deallocates all network structures related to instance.""" @@ -216,6 +260,7 @@ class API(base.Base): args['host'] = instance['host'] self.network_rpcapi.deallocate_for_instance(context, **args) + @wrap_check_policy @refresh_cache def add_fixed_ip_to_instance(self, context, instance, network_id): """Adds a fixed ip to instance from specified network.""" @@ -224,6 +269,7 @@ class API(base.Base): 'network_id': network_id} self.network_rpcapi.add_fixed_ip_to_instance(context, **args) + @wrap_check_policy @refresh_cache def remove_fixed_ip_from_instance(self, context, instance, address): """Removes a fixed ip from instance from specified network.""" @@ -233,11 +279,13 @@ class API(base.Base): 'address': address} self.network_rpcapi.remove_fixed_ip_from_instance(context, **args) + @wrap_check_policy def add_network_to_project(self, context, project_id, network_uuid=None): """Force adds another network to a project.""" self.network_rpcapi.add_network_to_project(context, project_id, network_uuid) + @wrap_check_policy def associate(self, context, network_uuid, host=_sentinel, project=_sentinel): """Associate or disassociate host or project to network.""" @@ -248,6 +296,7 @@ class API(base.Base): associations['project'] = project self.network_rpcapi.associate(context, network_uuid, associations) + @wrap_check_policy def get_instance_nw_info(self, context, instance, update_cache=True): """Returns all network info related to an instance.""" result = self._get_instance_nw_info(context, instance) @@ -267,6 +316,7 @@ class API(base.Base): return network_model.NetworkInfo.hydrate(nw_info) + @wrap_check_policy def validate_networks(self, context, requested_networks): """validate the networks passed at the time of creating the server @@ -274,6 +324,7 @@ class API(base.Base): return self.network_rpcapi.validate_networks(context, requested_networks) + @wrap_check_policy def get_instance_uuids_by_ip_filter(self, context, filters): """Returns a list of dicts in the form of {'instance_uuid': uuid, 'ip': ip} that matched the ip_filter @@ -281,12 +332,14 @@ class API(base.Base): return self.network_rpcapi.get_instance_uuids_by_ip_filter(context, filters) + @wrap_check_policy def get_dns_domains(self, context): """Returns a list of available dns domains. These can be used to create DNS entries for floating ips. """ return self.network_rpcapi.get_dns_domains(context) + @wrap_check_policy def add_dns_entry(self, context, address, name, dns_type, domain): """Create specified DNS entry for address.""" args = {'address': address, @@ -295,6 +348,7 @@ class API(base.Base): 'domain': domain} return self.network_rpcapi.add_dns_entry(context, **args) + @wrap_check_policy def modify_dns_entry(self, context, name, address, domain): """Create specified DNS entry for address.""" args = {'address': address, @@ -302,35 +356,42 @@ class API(base.Base): 'domain': domain} return self.network_rpcapi.modify_dns_entry(context, **args) + @wrap_check_policy def delete_dns_entry(self, context, name, domain): """Delete the specified dns entry.""" args = {'name': name, 'domain': domain} return self.network_rpcapi.delete_dns_entry(context, **args) + @wrap_check_policy def delete_dns_domain(self, context, domain): """Delete the specified dns domain.""" return self.network_rpcapi.delete_dns_domain(context, domain=domain) + @wrap_check_policy def get_dns_entries_by_address(self, context, address, domain): """Get entries for address and domain.""" args = {'address': address, 'domain': domain} return self.network_rpcapi.get_dns_entries_by_address(context, **args) + @wrap_check_policy def get_dns_entries_by_name(self, context, name, domain): """Get entries for name and domain.""" args = {'name': name, 'domain': domain} return self.network_rpcapi.get_dns_entries_by_name(context, **args) + @wrap_check_policy def create_private_dns_domain(self, context, domain, availability_zone): """Create a private DNS domain with nova availability zone.""" args = {'domain': domain, 'av_zone': availability_zone} return self.network_rpcapi.create_private_dns_domain(context, **args) + @wrap_check_policy def create_public_dns_domain(self, context, domain, project=None): """Create a public DNS domain with optional nova project.""" args = {'domain': domain, 'project': project} return self.network_rpcapi.create_public_dns_domain(context, **args) + @wrap_check_policy def setup_networks_on_host(self, context, instance, host=None, teardown=False): """Setup or teardown the network structures on hosts related to @@ -360,6 +421,7 @@ class API(base.Base): instance['uuid']) return [floating_ip['address'] for floating_ip in floating_ips] + @wrap_check_policy def migrate_instance_start(self, context, instance, migration): """Start to migrate the network of an instance.""" args = dict( @@ -378,6 +440,7 @@ class API(base.Base): self.network_rpcapi.migrate_instance_start(context, **args) + @wrap_check_policy def migrate_instance_finish(self, context, instance, migration): """Finish migrating the network of an instance.""" args = dict( diff --git a/nova/network/manager.py b/nova/network/manager.py index 96f17a855..897472d08 100644 --- a/nova/network/manager.py +++ b/nova/network/manager.py @@ -44,7 +44,6 @@ topologies. All of the network commands are issued to a subclass of """ import datetime -import functools import itertools import math import re @@ -73,7 +72,6 @@ from nova.openstack.common.notifier import api as notifier from nova.openstack.common.rpc import common as rpc_common from nova.openstack.common import timeutils from nova.openstack.common import uuidutils -import nova.policy from nova import quota from nova import servicegroup from nova import utils @@ -277,27 +275,6 @@ class RPCAllocateFixedIP(object): self.network_rpcapi.deallocate_fixed_ip(context, address, host) -def wrap_check_policy(func): - """Check policy corresponding to the wrapped methods prior to execution.""" - - @functools.wraps(func) - def wrapped(self, context, *args, **kwargs): - action = func.__name__ - check_policy(context, action) - return func(self, context, *args, **kwargs) - - return wrapped - - -def check_policy(context, action): - target = { - 'project_id': context.project_id, - 'user_id': context.user_id, - } - _action = 'network:%s' % action - nova.policy.enforce(context, _action, target) - - class FloatingIP(object): """Mixin class for adding floating IP functionality to a manager.""" @@ -332,7 +309,6 @@ class FloatingIP(object): LOG.debug(_('Interface %(interface)s not found'), locals()) raise exception.NoFloatingIpInterface(interface=interface) - @wrap_check_policy def allocate_for_instance(self, context, **kwargs): """Handles allocating the floating IP resources for an instance. @@ -373,7 +349,6 @@ class FloatingIP(object): return nw_info - @wrap_check_policy def deallocate_for_instance(self, context, **kwargs): """Handles deallocating floating IP resources for an instance. @@ -436,7 +411,6 @@ class FloatingIP(object): 'project': context.project_id}) raise exception.NotAuthorized() - @wrap_check_policy def allocate_floating_ip(self, context, project_id, auto_assigned=False, pool=None): """Gets a floating ip from the pool.""" @@ -476,7 +450,6 @@ class FloatingIP(object): return floating_ip @rpc_common.client_exceptions(exception.FloatingIpNotFoundForAddress) - @wrap_check_policy def deallocate_floating_ip(self, context, address, affect_auto_assigned=False): """Returns a floating ip to the pool.""" @@ -523,7 +496,6 @@ class FloatingIP(object): QUOTAS.commit(context, reservations) @rpc_common.client_exceptions(exception.FloatingIpNotFoundForAddress) - @wrap_check_policy def associate_floating_ip(self, context, floating_address, fixed_address, affect_auto_assigned=False): """Associates a floating ip with a fixed ip. @@ -614,7 +586,6 @@ class FloatingIP(object): do_associate() @rpc_common.client_exceptions(exception.FloatingIpNotFoundForAddress) - @wrap_check_policy def disassociate_floating_ip(self, context, address, affect_auto_assigned=False): """Disassociates a floating ip from its fixed ip. @@ -700,38 +671,32 @@ class FloatingIP(object): do_disassociate() @rpc_common.client_exceptions(exception.FloatingIpNotFound) - @wrap_check_policy def get_floating_ip(self, context, id): """Returns a floating IP as a dict.""" return dict(self.db.floating_ip_get(context, id).iteritems()) - @wrap_check_policy def get_floating_pools(self, context): """Returns list of floating pools.""" # NOTE(maurosr) This method should be removed in future, replaced by # get_floating_ip_pools. See bug #1091668 return self.get_floating_ip_pools(context) - @wrap_check_policy def get_floating_ip_pools(self, context): """Returns list of floating ip pools.""" pools = self.db.floating_ip_get_pools(context) return [dict(pool.iteritems()) for pool in pools] - @wrap_check_policy def get_floating_ip_by_address(self, context, address): """Returns a floating IP as a dict.""" return dict(self.db.floating_ip_get_by_address(context, address).iteritems()) - @wrap_check_policy def get_floating_ips_by_project(self, context): """Returns the floating IPs allocated to a project.""" ips = self.db.floating_ip_get_all_by_project(context, context.project_id) return [dict(ip.iteritems()) for ip in ips] - @wrap_check_policy def get_floating_ips_by_fixed_address(self, context, fixed_address): """Returns the floating IPs associated with a fixed_address.""" floating_ips = self.db.floating_ip_get_by_fixed_address(context, @@ -745,7 +710,6 @@ class FloatingIP(object): return True return False if floating_ip.get('fixed_ip_id') else True - @wrap_check_policy def migrate_instance_start(self, context, instance_uuid, floating_addresses, rxtx_factor=None, project_id=None, @@ -780,7 +744,6 @@ class FloatingIP(object): floating_ip['address'], {'host': None}) - @wrap_check_policy def migrate_instance_finish(self, context, instance_uuid, floating_addresses, host=None, rxtx_factor=None, project_id=None, @@ -831,7 +794,6 @@ class FloatingIP(object): 'project': project} return this_domain - @wrap_check_policy def get_dns_domains(self, context): domains = [] @@ -854,17 +816,14 @@ class FloatingIP(object): return domains - @wrap_check_policy def add_dns_entry(self, context, address, name, dns_type, domain): self.floating_dns_manager.create_entry(name, address, dns_type, domain) - @wrap_check_policy def modify_dns_entry(self, context, address, name, domain): self.floating_dns_manager.modify_address(name, address, domain) - @wrap_check_policy def delete_dns_entry(self, context, name, domain): self.floating_dns_manager.delete_entry(name, domain) @@ -877,17 +836,14 @@ class FloatingIP(object): for name in names: self.delete_dns_entry(context, name, domain['domain']) - @wrap_check_policy def get_dns_entries_by_address(self, context, address, domain): return self.floating_dns_manager.get_entries_by_address(address, domain) - @wrap_check_policy def get_dns_entries_by_name(self, context, name, domain): return self.floating_dns_manager.get_entries_by_name(name, domain) - @wrap_check_policy def create_private_dns_domain(self, context, domain, av_zone): self.db.dnsdomain_register_for_zone(context, domain, av_zone) try: @@ -897,7 +853,6 @@ class FloatingIP(object): 'changing zone to |%(av_zone)s|.'), {'domain': domain, 'av_zone': av_zone}) - @wrap_check_policy def create_public_dns_domain(self, context, domain, project): self.db.dnsdomain_register_for_project(context, domain, project) try: @@ -907,7 +862,6 @@ class FloatingIP(object): 'changing project to |%(project)s|.'), {'domain': domain, 'project': project}) - @wrap_check_policy def delete_dns_domain(self, context, domain): self.db.dnsdomain_unregister(context, domain) self.floating_dns_manager.delete_domain(domain) @@ -1066,7 +1020,6 @@ class NetworkManager(manager.SchedulerDependentManager): # floating ips MUST override this or use the Mixin return [] - @wrap_check_policy def get_instance_uuids_by_ip_filter(self, context, filters): fixed_ip_filter = filters.get('fixed_ip') ip_filter = re.compile(str(filters.get('ip'))) @@ -1136,7 +1089,6 @@ class NetworkManager(manager.SchedulerDependentManager): return [network for network in networks if not network['vlan']] - @wrap_check_policy def allocate_for_instance(self, context, **kwargs): """Handles allocating the various network resources for an instance. @@ -1169,7 +1121,6 @@ class NetworkManager(manager.SchedulerDependentManager): return self.get_instance_nw_info(context, instance_id, instance_uuid, rxtx_factor, host) - @wrap_check_policy def deallocate_for_instance(self, context, **kwargs): """Handles deallocating various network resources for an instance. @@ -1205,7 +1156,6 @@ class NetworkManager(manager.SchedulerDependentManager): self.db.virtual_interface_delete_by_instance(read_deleted_context, instance['uuid']) - @wrap_check_policy def get_instance_nw_info(self, context, instance_id, instance_uuid, rxtx_factor, host, **kwargs): """Creates network info list for instance. @@ -1388,7 +1338,6 @@ class NetworkManager(manager.SchedulerDependentManager): instance_uuid) raise exception.VirtualInterfaceMacAddressException() - @wrap_check_policy def add_fixed_ip_to_instance(self, context, instance_id, host, network_id): """Adds a fixed ip to an instance from specified network.""" if uuidutils.is_uuid_like(network_id): @@ -1401,7 +1350,6 @@ class NetworkManager(manager.SchedulerDependentManager): """Return backdoor port for eventlet_backdoor.""" return self.backdoor_port - @wrap_check_policy def remove_fixed_ip_from_instance(self, context, instance_id, host, address): """Removes a fixed ip from an instance from specified network.""" @@ -1776,7 +1724,6 @@ class NetworkManager(manager.SchedulerDependentManager): self._create_fixed_ips(context, network['id'], fixed_cidr) return networks - @wrap_check_policy def delete_network(self, context, fixed_range, uuid, require_disassociated=True): @@ -1881,7 +1828,6 @@ class NetworkManager(manager.SchedulerDependentManager): """Sets up network on this host.""" raise NotImplementedError() - @wrap_check_policy def validate_networks(self, context, networks): """check if the networks exists and host is set to each network. @@ -1920,7 +1866,6 @@ class NetworkManager(manager.SchedulerDependentManager): return self.db.network_get_all_by_uuids(context, network_uuids, project_only="allow_none") - @wrap_check_policy def get_vifs_by_instance(self, context, instance_id): """Returns the vifs associated with an instance.""" instance = self.db.instance_get(context, instance_id) @@ -1936,12 +1881,10 @@ class NetworkManager(manager.SchedulerDependentManager): else: return fixed_ip['instance_uuid'] - @wrap_check_policy def get_network(self, context, network_uuid): network = self.db.network_get_by_uuid(context.elevated(), network_uuid) return jsonutils.to_primitive(network) - @wrap_check_policy def get_all_networks(self, context): try: networks = self.db.network_get_all(context) @@ -1949,18 +1892,15 @@ class NetworkManager(manager.SchedulerDependentManager): return [] return [jsonutils.to_primitive(network) for network in networks] - @wrap_check_policy def disassociate_network(self, context, network_uuid): network = self.get_network(context, network_uuid) self.db.network_disassociate(context, network['id']) - @wrap_check_policy def get_fixed_ip(self, context, id): """Return a fixed ip.""" fixed = self.db.fixed_ip_get(context, id) return jsonutils.to_primitive(fixed) - @wrap_check_policy def get_fixed_ip_by_address(self, context, address): fixed = self.db.fixed_ip_get_by_address(context, address) return jsonutils.to_primitive(fixed) @@ -2064,34 +2004,28 @@ class FlatManager(NetworkManager): # We were throwing an exception, but this was messing up horizon. # Timing makes it difficult to implement floating ips here, in Essex. - @wrap_check_policy def get_floating_ip(self, context, id): """Returns a floating IP as a dict.""" return None - @wrap_check_policy def get_floating_pools(self, context): """Returns list of floating pools.""" # NOTE(maurosr) This method should be removed in future, replaced by # get_floating_ip_pools. See bug #1091668 return {} - @wrap_check_policy def get_floating_ip_pools(self, context): """Returns list of floating ip pools.""" return {} - @wrap_check_policy def get_floating_ip_by_address(self, context, address): """Returns a floating IP as a dict.""" return None - @wrap_check_policy def get_floating_ips_by_project(self, context): """Returns the floating IPs allocated to a project.""" return [] - @wrap_check_policy def get_floating_ips_by_fixed_address(self, context, fixed_address): """Returns the floating IPs associated with a fixed_address.""" return [] @@ -2248,7 +2182,6 @@ class VlanManager(RPCAllocateFixedIP, FloatingIP, NetworkManager): self._setup_network_on_host(context, network) return address - @wrap_check_policy def add_network_to_project(self, context, project_id, network_uuid=None): """Force adds another network to a project.""" if network_uuid is not None: @@ -2257,7 +2190,6 @@ class VlanManager(RPCAllocateFixedIP, FloatingIP, NetworkManager): network_id = None self.db.network_associate(context, project_id, network_id, force=True) - @wrap_check_policy def associate(self, context, network_uuid, associations): """Associate or disassociate host or project to network.""" network_id = self.get_network(context, network_uuid)['id'] diff --git a/nova/tests/fake_policy.py b/nova/tests/fake_policy.py index d8780744d..dbf620196 100644 --- a/nova/tests/fake_policy.py +++ b/nova/tests/fake_policy.py @@ -195,16 +195,20 @@ policy_data = """ "volume_extension:types_extra_specs": "", - "network:get_all_networks": "", - "network:get_network": "", - "network:create_networks": "", - "network:delete_network": "", - "network:disassociate_network": "", + "network:get_all": "", + "network:get": "", + "network:create": "", + "network:delete": "", + "network:associate": "", + "network:disassociate": "", "network:get_vifs_by_instance": "", "network:allocate_for_instance": "", "network:deallocate_for_instance": "", "network:validate_networks": "", "network:get_instance_uuids_by_ip_filter": "", + "network:get_instance_id_by_floating_address": "", + "network:setup_networks_on_host": "", + "network:get_backdoor_port": "", "network:get_floating_ip": "", "network:get_floating_ip_pools": "", @@ -215,6 +219,7 @@ policy_data = """ "network:deallocate_floating_ip": "", "network:associate_floating_ip": "", "network:disassociate_floating_ip": "", + "network:release_floating_ip": "", "network:migrate_instance_start": "", "network:migrate_instance_finish": "", diff --git a/nova/tests/network/test_api.py b/nova/tests/network/test_api.py index 959c5a472..a0179ff94 100644 --- a/nova/tests/network/test_api.py +++ b/nova/tests/network/test_api.py @@ -25,14 +25,40 @@ import mox from nova import context from nova import exception from nova import network +from nova.network import api from nova.network import rpcapi as network_rpcapi from nova.openstack.common import rpc +from nova import policy from nova import test FAKE_UUID = 'a47ae74e-ab08-547f-9eee-ffd23fc46c16' +class NetworkPolicyTestCase(test.TestCase): + def setUp(self): + super(NetworkPolicyTestCase, self).setUp() + + policy.reset() + policy.init() + + self.context = context.get_admin_context() + + def tearDown(self): + super(NetworkPolicyTestCase, self).tearDown() + policy.reset() + + def test_check_policy(self): + self.mox.StubOutWithMock(policy, 'enforce') + target = { + 'project_id': self.context.project_id, + 'user_id': self.context.user_id, + } + policy.enforce(self.context, 'network:get_all', target) + self.mox.ReplayAll() + api.check_policy(self.context, 'get_all') + + class ApiTestCase(test.TestCase): def setUp(self): super(ApiTestCase, self).setUp() @@ -57,7 +83,7 @@ class ApiTestCase(test.TestCase): instance = dict(id='id', uuid='uuid', project_id='project_id', host='host', instance_type={'rxtx_factor': 0}) self.network_api.allocate_for_instance( - 'context', instance, 'vpn', 'requested_networks', macs=macs) + self.context, instance, 'vpn', 'requested_networks', macs=macs) def _do_test_associate_floating_ip(self, orig_instance_uuid): """Test post-association logic.""" diff --git a/nova/tests/network/test_manager.py b/nova/tests/network/test_manager.py index 9ccdffab5..94f297fe9 100644 --- a/nova/tests/network/test_manager.py +++ b/nova/tests/network/test_manager.py @@ -33,7 +33,6 @@ from nova.openstack.common import importutils from nova.openstack.common import log as logging from nova.openstack.common import rpc from nova.openstack.common.rpc import common as rpc_common -import nova.policy from nova import test from nova.tests import fake_ldap from nova.tests import fake_network @@ -2093,30 +2092,6 @@ class FloatingIPTestCase(test.TestCase): self.context, 'fake-id') -class NetworkPolicyTestCase(test.TestCase): - def setUp(self): - super(NetworkPolicyTestCase, self).setUp() - - nova.policy.reset() - nova.policy.init() - - self.context = context.get_admin_context() - - def tearDown(self): - super(NetworkPolicyTestCase, self).tearDown() - nova.policy.reset() - - def test_check_policy(self): - self.mox.StubOutWithMock(nova.policy, 'enforce') - target = { - 'project_id': self.context.project_id, - 'user_id': self.context.user_id, - } - nova.policy.enforce(self.context, 'network:get_all', target) - self.mox.ReplayAll() - network_manager.check_policy(self.context, 'get_all') - - class InstanceDNSTestCase(test.TestCase): """Tests nova.network.manager instance DNS.""" def setUp(self): |