From a52f3af266e0443e26eaed248cde7ecdc6e37515 Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Mon, 10 Jul 2017 20:10:47 +0000 Subject: [PATCH] Remove neutron-fwaas specific policies Drops unit tests related to fwaas policies. Tests related to get_firewall_policy/rule are also unnecessary. They have been migrated to neutron-fwaas already. Closes-Bug: #1703347 Depends-On: I6dc6b2295a605444c918e44949f4b1485177e82e Change-Id: Ie866f140fd4e5537ff0d757304ab5279f0cf0a79 --- etc/policy.json | 3 --- neutron/tests/etc/policy.json | 3 --- neutron/tests/unit/test_policy.py | 39 ------------------------------- 3 files changed, 45 deletions(-) diff --git a/etc/policy.json b/etc/policy.json index e1e36bb1ec7..4b5c4790dc9 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -118,9 +118,6 @@ "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", - "insert_rule": "rule:admin_or_owner", - "remove_rule": "rule:admin_or_owner", - "create_qos_queue": "rule:admin_only", "get_qos_queue": "rule:admin_only", diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json index e1e36bb1ec7..4b5c4790dc9 100644 --- a/neutron/tests/etc/policy.json +++ b/neutron/tests/etc/policy.json @@ -118,9 +118,6 @@ "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", - "insert_rule": "rule:admin_or_owner", - "remove_rule": "rule:admin_or_owner", - "create_qos_queue": "rule:admin_only", "get_qos_queue": "rule:admin_only", diff --git a/neutron/tests/unit/test_policy.py b/neutron/tests/unit/test_policy.py index 311701cf151..de7a1bc7b2c 100644 --- a/neutron/tests/unit/test_policy.py +++ b/neutron/tests/unit/test_policy.py @@ -259,37 +259,10 @@ class NeutronPolicyTestCase(base.BaseTestCase): "create_fake_resource:attr:sub_attr_2": "rule:admin_only", "create_fake_policy:": "rule:admin_or_owner", - "get_firewall_policy": "rule:admin_or_owner or " - "rule:shared", - "get_firewall_rule": "rule:admin_or_owner or " - "rule:shared", - - "insert_rule": "rule:admin_or_owner", - "remove_rule": "rule:admin_or_owner", } rules_dict.update(**kwargs) self.rules = oslo_policy.Rules.from_dict(rules_dict) - def test_firewall_policy_insert_rule_with_admin_context(self): - action = "insert_rule" - target = {} - result = policy.check(context.get_admin_context(), action, target) - self.assertTrue(result) - - def test_firewall_policy_insert_rule_with_owner(self): - action = "insert_rule" - target = {"tenant_id": "own_tenant"} - user_context = context.Context('', "own_tenant", roles=['user']) - result = policy.check(user_context, action, target) - self.assertTrue(result) - - def test_firewall_policy_remove_rule_without_admin_or_owner(self): - action = "remove_rule" - target = {"firewall_rule_id": "rule_id", "tenant_id": "tenantA"} - user_context = context.Context('', "another_tenant", roles=['user']) - result = policy.check(user_context, action, target) - self.assertFalse(result) - def _test_action_on_attr(self, context, action, obj, attr, value, exception=None, **kwargs): action = "%s_%s" % (action, obj) @@ -465,18 +438,6 @@ class NeutronPolicyTestCase(base.BaseTestCase): result = policy.enforce(self.context, action, target) self.assertTrue(result) - def test_enforce_firewall_policy_shared(self): - action = "get_firewall_policy" - target = {'shared': True, 'tenant_id': 'somebody_else'} - result = policy.enforce(self.context, action, target) - self.assertTrue(result) - - def test_enforce_firewall_rule_shared(self): - action = "get_firewall_rule" - target = {'shared': True, 'tenant_id': 'somebody_else'} - result = policy.enforce(self.context, action, target) - self.assertTrue(result) - def test_enforce_tenant_id_check(self): # Trigger a policy with rule admin_or_owner action = "create_network"