Merge "Remove neutron-fwaas specific policies"
This commit is contained in:
commit
8538db828a
@ -118,9 +118,6 @@
|
||||
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
||||
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
||||
|
||||
"insert_rule": "rule:admin_or_owner",
|
||||
"remove_rule": "rule:admin_or_owner",
|
||||
|
||||
"create_qos_queue": "rule:admin_only",
|
||||
"get_qos_queue": "rule:admin_only",
|
||||
|
||||
|
@ -118,9 +118,6 @@
|
||||
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
||||
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
||||
|
||||
"insert_rule": "rule:admin_or_owner",
|
||||
"remove_rule": "rule:admin_or_owner",
|
||||
|
||||
"create_qos_queue": "rule:admin_only",
|
||||
"get_qos_queue": "rule:admin_only",
|
||||
|
||||
|
@ -259,37 +259,10 @@ class NeutronPolicyTestCase(base.BaseTestCase):
|
||||
"create_fake_resource:attr:sub_attr_2": "rule:admin_only",
|
||||
|
||||
"create_fake_policy:": "rule:admin_or_owner",
|
||||
"get_firewall_policy": "rule:admin_or_owner or "
|
||||
"rule:shared",
|
||||
"get_firewall_rule": "rule:admin_or_owner or "
|
||||
"rule:shared",
|
||||
|
||||
"insert_rule": "rule:admin_or_owner",
|
||||
"remove_rule": "rule:admin_or_owner",
|
||||
}
|
||||
rules_dict.update(**kwargs)
|
||||
self.rules = oslo_policy.Rules.from_dict(rules_dict)
|
||||
|
||||
def test_firewall_policy_insert_rule_with_admin_context(self):
|
||||
action = "insert_rule"
|
||||
target = {}
|
||||
result = policy.check(context.get_admin_context(), action, target)
|
||||
self.assertTrue(result)
|
||||
|
||||
def test_firewall_policy_insert_rule_with_owner(self):
|
||||
action = "insert_rule"
|
||||
target = {"tenant_id": "own_tenant"}
|
||||
user_context = context.Context('', "own_tenant", roles=['user'])
|
||||
result = policy.check(user_context, action, target)
|
||||
self.assertTrue(result)
|
||||
|
||||
def test_firewall_policy_remove_rule_without_admin_or_owner(self):
|
||||
action = "remove_rule"
|
||||
target = {"firewall_rule_id": "rule_id", "tenant_id": "tenantA"}
|
||||
user_context = context.Context('', "another_tenant", roles=['user'])
|
||||
result = policy.check(user_context, action, target)
|
||||
self.assertFalse(result)
|
||||
|
||||
def _test_action_on_attr(self, context, action, obj, attr, value,
|
||||
exception=None, **kwargs):
|
||||
action = "%s_%s" % (action, obj)
|
||||
@ -465,18 +438,6 @@ class NeutronPolicyTestCase(base.BaseTestCase):
|
||||
result = policy.enforce(self.context, action, target)
|
||||
self.assertTrue(result)
|
||||
|
||||
def test_enforce_firewall_policy_shared(self):
|
||||
action = "get_firewall_policy"
|
||||
target = {'shared': True, 'tenant_id': 'somebody_else'}
|
||||
result = policy.enforce(self.context, action, target)
|
||||
self.assertTrue(result)
|
||||
|
||||
def test_enforce_firewall_rule_shared(self):
|
||||
action = "get_firewall_rule"
|
||||
target = {'shared': True, 'tenant_id': 'somebody_else'}
|
||||
result = policy.enforce(self.context, action, target)
|
||||
self.assertTrue(result)
|
||||
|
||||
def test_enforce_tenant_id_check(self):
|
||||
# Trigger a policy with rule admin_or_owner
|
||||
action = "create_network"
|
||||
|
Loading…
Reference in New Issue
Block a user