Merge "Remove policy 'admin' rule support"

ironic/api/hooks.py

@@ -79,11 +79,7 @@ class ContextHook(hooks.PecanHook):
             'roles': headers.get('X-Roles', '').split(','),
         }
 
-        # NOTE(adam_g): We also check the previous 'admin' rule to ensure
-        # compat with default juno policy.json.  This double check may be
-        # removed in Liberty.
-        is_admin = (policy.enforce('admin_api', creds, creds) or
-                    policy.enforce('admin', creds, creds))
+        is_admin = policy.enforce('admin_api', creds, creds)
         is_public_api = state.request.environ.get('is_public_api', False)
         show_password = policy.enforce('show_password', creds, creds)
 

ironic/tests/api/test_hooks.py

@@ -248,49 +248,6 @@ class TestContextHook(base.FunctionalTest):
             roles=headers['X-Roles'].split(','))
 
 
-class TestContextHookCompatJuno(TestContextHook):
-    def setUp(self):
-        super(TestContextHookCompatJuno, self).setUp()
-        self.policy = self.useFixture(
-            policy_fixture.PolicyFixture(compat='juno'))
-
-    # override two cases because Juno has no "show_password" policy
-    @mock.patch.object(context, 'RequestContext')
-    def test_context_hook_admin(self, mock_ctx):
-        headers = fake_headers(admin=True)
-        reqstate = FakeRequestState(headers=headers)
-        context_hook = hooks.ContextHook(None)
-        context_hook.before(reqstate)
-        mock_ctx.assert_called_with(
-            auth_token=headers['X-Auth-Token'],
-            user=headers['X-User'],
-            tenant=headers['X-Tenant'],
-            domain_id=headers['X-User-Domain-Id'],
-            domain_name=headers['X-User-Domain-Name'],
-            is_public_api=False,
-            show_password=False,
-            is_admin=True,
-            roles=headers['X-Roles'].split(','))
-
-    @mock.patch.object(context, 'RequestContext')
-    def test_context_hook_public_api(self, mock_ctx):
-        headers = fake_headers(admin=True)
-        env = {'is_public_api': True}
-        reqstate = FakeRequestState(headers=headers, environ=env)
-        context_hook = hooks.ContextHook(None)
-        context_hook.before(reqstate)
-        mock_ctx.assert_called_with(
-            auth_token=headers['X-Auth-Token'],
-            user=headers['X-User'],
-            tenant=headers['X-Tenant'],
-            domain_id=headers['X-User-Domain-Id'],
-            domain_name=headers['X-User-Domain-Name'],
-            is_public_api=True,
-            show_password=False,
-            is_admin=True,
-            roles=headers['X-Roles'].split(','))
-
-
 class TestTrustedCallHook(base.FunctionalTest):
     def test_trusted_call_hook_not_admin(self):
         headers = fake_headers(admin=False)