openstack/neutron
Code Issues Proposed changes

Add missed actions into policy.json

Browse Source 
This patch adds following actions into policy.json.

  1. v2.0/fw/firewall_policies/{firewall_policy_id}/insert_rule
  2. v2.0/fw/firewall_policies/{firewall_policy_id}/remove_rule

Closes-Bug: #1439383
Change-Id: I8051a97852f0f1f21bf266c16a477a5e2fd32062
This commit is contained in:
Yushiro FURUKAWA 2015-04-07 10:56:55 +09:00
parent 48c336e450
commit f1b4dfd52b
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/policy.json
View File

@ -102,6 +102,9 @@
"update_firewall_policy": "rule:admin_or_owner", "update_firewall_policy": "rule:admin_or_owner",
"delete_firewall_policy": "rule:admin_or_owner", "delete_firewall_policy": "rule:admin_or_owner",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
"create_firewall_rule": "", "create_firewall_rule": "",
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
"update_firewall_rule": "rule:admin_or_owner", "update_firewall_rule": "rule:admin_or_owner",

3
neutron/tests/etc/policy.json
View File

@ -102,6 +102,9 @@
"update_firewall_policy": "rule:admin_or_owner", "update_firewall_policy": "rule:admin_or_owner",
"delete_firewall_policy": "rule:admin_or_owner", "delete_firewall_policy": "rule:admin_or_owner",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
"create_firewall_rule": "", "create_firewall_rule": "",
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
"update_firewall_rule": "rule:admin_or_owner", "update_firewall_rule": "rule:admin_or_owner",

25
neutron/tests/unit/test_policy.py
View File

@ -253,7 +253,10 @@ class NeutronPolicyTestCase(base.BaseTestCase):
"get_firewall_policy": "rule:admin_or_owner or " "get_firewall_policy": "rule:admin_or_owner or "
"rule:shared", "rule:shared",
"get_firewall_rule": "rule:admin_or_owner or " "get_firewall_rule": "rule:admin_or_owner or "
"rule:shared" "rule:shared",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
}.items()) }.items())
def remove_fake_resource(): def remove_fake_resource():
@ -272,6 +275,26 @@ class NeutronPolicyTestCase(base.BaseTestCase):
fake_manager_instance = fake_manager.return_value fake_manager_instance = fake_manager.return_value
fake_manager_instance.plugin = plugin_klass() fake_manager_instance.plugin = plugin_klass()
def test_firewall_policy_insert_rule_with_admin_context(self):
action = "insert_rule"
target = {}
result = policy.check(context.get_admin_context(), action, target)
self.assertTrue(result)
def test_firewall_policy_insert_rule_with_owner(self):
action = "insert_rule"
target = {"tenant_id": "own_tenant"}
user_context = context.Context('', "own_tenant", roles=['user'])
result = policy.check(user_context, action, target)
self.assertTrue(result)
def test_firewall_policy_remove_rule_without_admin_or_owner(self):
action = "remove_rule"
target = {"firewall_rule_id": "rule_id", "tenant_id": "tenantA"}
user_context = context.Context('', "another_tenant", roles=['user'])
result = policy.check(user_context, action, target)
self.assertFalse(result)
def _test_action_on_attr(self, context, action, obj, attr, value, def _test_action_on_attr(self, context, action, obj, attr, value,
exception=None, **kwargs): exception=None, **kwargs):
action = "%s_%s" % (action, obj) action = "%s_%s" % (action, obj)