diff --git a/etc/policy.json b/etc/policy.json index ee7134067ad..c59e0750012 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -118,9 +118,6 @@ "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", - "insert_rule": "rule:admin_or_owner", - "remove_rule": "rule:admin_or_owner", - "create_qos_queue": "rule:admin_only", "get_qos_queue": "rule:admin_only", diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json index ee7134067ad..c59e0750012 100644 --- a/neutron/tests/etc/policy.json +++ b/neutron/tests/etc/policy.json @@ -118,9 +118,6 @@ "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", - "insert_rule": "rule:admin_or_owner", - "remove_rule": "rule:admin_or_owner", - "create_qos_queue": "rule:admin_only", "get_qos_queue": "rule:admin_only", diff --git a/neutron/tests/unit/test_policy.py b/neutron/tests/unit/test_policy.py index 311701cf151..de7a1bc7b2c 100644 --- a/neutron/tests/unit/test_policy.py +++ b/neutron/tests/unit/test_policy.py @@ -259,37 +259,10 @@ class NeutronPolicyTestCase(base.BaseTestCase): "create_fake_resource:attr:sub_attr_2": "rule:admin_only", "create_fake_policy:": "rule:admin_or_owner", - "get_firewall_policy": "rule:admin_or_owner or " - "rule:shared", - "get_firewall_rule": "rule:admin_or_owner or " - "rule:shared", - - "insert_rule": "rule:admin_or_owner", - "remove_rule": "rule:admin_or_owner", } rules_dict.update(**kwargs) self.rules = oslo_policy.Rules.from_dict(rules_dict) - def test_firewall_policy_insert_rule_with_admin_context(self): - action = "insert_rule" - target = {} - result = policy.check(context.get_admin_context(), action, target) - self.assertTrue(result) - - def test_firewall_policy_insert_rule_with_owner(self): - action = "insert_rule" - target = {"tenant_id": "own_tenant"} - user_context = context.Context('', "own_tenant", roles=['user']) - result = policy.check(user_context, action, target) - self.assertTrue(result) - - def test_firewall_policy_remove_rule_without_admin_or_owner(self): - action = "remove_rule" - target = {"firewall_rule_id": "rule_id", "tenant_id": "tenantA"} - user_context = context.Context('', "another_tenant", roles=['user']) - result = policy.check(user_context, action, target) - self.assertFalse(result) - def _test_action_on_attr(self, context, action, obj, attr, value, exception=None, **kwargs): action = "%s_%s" % (action, obj) @@ -465,18 +438,6 @@ class NeutronPolicyTestCase(base.BaseTestCase): result = policy.enforce(self.context, action, target) self.assertTrue(result) - def test_enforce_firewall_policy_shared(self): - action = "get_firewall_policy" - target = {'shared': True, 'tenant_id': 'somebody_else'} - result = policy.enforce(self.context, action, target) - self.assertTrue(result) - - def test_enforce_firewall_rule_shared(self): - action = "get_firewall_rule" - target = {'shared': True, 'tenant_id': 'somebody_else'} - result = policy.enforce(self.context, action, target) - self.assertTrue(result) - def test_enforce_tenant_id_check(self): # Trigger a policy with rule admin_or_owner action = "create_network"