openstack/neutron
Code Issues Proposed changes

Merge "Remove neutron-fwaas specific policies"

Browse Source
This commit is contained in:
Jenkins 2017-07-26 08:49:43 +00:00 committed by Gerrit Code Review
commit 8538db828a
3 changed files with 0 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/policy.json
View File

@ -118,9 +118,6 @@
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
"create_qos_queue": "rule:admin_only", "create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only", "get_qos_queue": "rule:admin_only",

3
neutron/tests/etc/policy.json
View File

@ -118,9 +118,6 @@
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
"create_qos_queue": "rule:admin_only", "create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only", "get_qos_queue": "rule:admin_only",

39
neutron/tests/unit/test_policy.py
View File

@ -259,37 +259,10 @@ class NeutronPolicyTestCase(base.BaseTestCase):
"create_fake_resource:attr:sub_attr_2": "rule:admin_only", "create_fake_resource:attr:sub_attr_2": "rule:admin_only",
"create_fake_policy:": "rule:admin_or_owner", "create_fake_policy:": "rule:admin_or_owner",
"get_firewall_policy": "rule:admin_or_owner or "
"rule:shared",
"get_firewall_rule": "rule:admin_or_owner or "
"rule:shared",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
} }
rules_dict.update(**kwargs) rules_dict.update(**kwargs)
self.rules = oslo_policy.Rules.from_dict(rules_dict) self.rules = oslo_policy.Rules.from_dict(rules_dict)
def test_firewall_policy_insert_rule_with_admin_context(self):
action = "insert_rule"
target = {}
result = policy.check(context.get_admin_context(), action, target)
self.assertTrue(result)
def test_firewall_policy_insert_rule_with_owner(self):
action = "insert_rule"
target = {"tenant_id": "own_tenant"}
user_context = context.Context('', "own_tenant", roles=['user'])
result = policy.check(user_context, action, target)
self.assertTrue(result)
def test_firewall_policy_remove_rule_without_admin_or_owner(self):
action = "remove_rule"
target = {"firewall_rule_id": "rule_id", "tenant_id": "tenantA"}
user_context = context.Context('', "another_tenant", roles=['user'])
result = policy.check(user_context, action, target)
self.assertFalse(result)
def _test_action_on_attr(self, context, action, obj, attr, value, def _test_action_on_attr(self, context, action, obj, attr, value,
exception=None, **kwargs): exception=None, **kwargs):
action = "%s_%s" % (action, obj) action = "%s_%s" % (action, obj)
@ -465,18 +438,6 @@ class NeutronPolicyTestCase(base.BaseTestCase):
result = policy.enforce(self.context, action, target) result = policy.enforce(self.context, action, target)
self.assertTrue(result) self.assertTrue(result)
def test_enforce_firewall_policy_shared(self):
action = "get_firewall_policy"
target = {'shared': True, 'tenant_id': 'somebody_else'}
result = policy.enforce(self.context, action, target)
self.assertTrue(result)
def test_enforce_firewall_rule_shared(self):
action = "get_firewall_rule"
target = {'shared': True, 'tenant_id': 'somebody_else'}
result = policy.enforce(self.context, action, target)
self.assertTrue(result)
def test_enforce_tenant_id_check(self): def test_enforce_tenant_id_check(self):
# Trigger a policy with rule admin_or_owner # Trigger a policy with rule admin_or_owner
action = "create_network" action = "create_network"