From 71ad4a316b5bd5e3928515fdf9116b6fef2a48aa Mon Sep 17 00:00:00 2001 From: Anton Arefiev Date: Mon, 7 Sep 2015 18:59:14 +0300 Subject: [PATCH] Remove policy 'admin' rule support Rule 'admin_api' was needed to keep backward compatibility with Juno, since policy doesn't support it, we can delete it. Change-Id: Ie5442711e2a4ed44438a5fe19c2c5d99e16715bc --- ironic/api/hooks.py | 6 +---- ironic/tests/api/test_hooks.py | 43 ---------------------------------- 2 files changed, 1 insertion(+), 48 deletions(-) diff --git a/ironic/api/hooks.py b/ironic/api/hooks.py index 90c1a2f963..69adad359d 100644 --- a/ironic/api/hooks.py +++ b/ironic/api/hooks.py @@ -79,11 +79,7 @@ class ContextHook(hooks.PecanHook): 'roles': headers.get('X-Roles', '').split(','), } - # NOTE(adam_g): We also check the previous 'admin' rule to ensure - # compat with default juno policy.json. This double check may be - # removed in Liberty. - is_admin = (policy.enforce('admin_api', creds, creds) or - policy.enforce('admin', creds, creds)) + is_admin = policy.enforce('admin_api', creds, creds) is_public_api = state.request.environ.get('is_public_api', False) show_password = policy.enforce('show_password', creds, creds) diff --git a/ironic/tests/api/test_hooks.py b/ironic/tests/api/test_hooks.py index 7dce863762..6233d93ed2 100644 --- a/ironic/tests/api/test_hooks.py +++ b/ironic/tests/api/test_hooks.py @@ -248,49 +248,6 @@ class TestContextHook(base.FunctionalTest): roles=headers['X-Roles'].split(',')) -class TestContextHookCompatJuno(TestContextHook): - def setUp(self): - super(TestContextHookCompatJuno, self).setUp() - self.policy = self.useFixture( - policy_fixture.PolicyFixture(compat='juno')) - - # override two cases because Juno has no "show_password" policy - @mock.patch.object(context, 'RequestContext') - def test_context_hook_admin(self, mock_ctx): - headers = fake_headers(admin=True) - reqstate = FakeRequestState(headers=headers) - context_hook = hooks.ContextHook(None) - context_hook.before(reqstate) - mock_ctx.assert_called_with( - auth_token=headers['X-Auth-Token'], - user=headers['X-User'], - tenant=headers['X-Tenant'], - domain_id=headers['X-User-Domain-Id'], - domain_name=headers['X-User-Domain-Name'], - is_public_api=False, - show_password=False, - is_admin=True, - roles=headers['X-Roles'].split(',')) - - @mock.patch.object(context, 'RequestContext') - def test_context_hook_public_api(self, mock_ctx): - headers = fake_headers(admin=True) - env = {'is_public_api': True} - reqstate = FakeRequestState(headers=headers, environ=env) - context_hook = hooks.ContextHook(None) - context_hook.before(reqstate) - mock_ctx.assert_called_with( - auth_token=headers['X-Auth-Token'], - user=headers['X-User'], - tenant=headers['X-Tenant'], - domain_id=headers['X-User-Domain-Id'], - domain_name=headers['X-User-Domain-Name'], - is_public_api=True, - show_password=False, - is_admin=True, - roles=headers['X-Roles'].split(',')) - - class TestTrustedCallHook(base.FunctionalTest): def test_trusted_call_hook_not_admin(self): headers = fake_headers(admin=False)