openstack/neutron
Code Issues Proposed changes
Files
63f8a39d75feb4d2bfb38e82a29593375d156153
neutron/neutron/tests/unit/conf/policies/base.py
Slawek Kaplonski 0e09bf8ce1 Don't enforce scopes in the API policies UT temporary 
There is bug in oslo_policy [1] that caused issues with enforcing
scopes properly for rules which inherits from the oslo_policy.BaseCheck
class (many of Neutron rules are done like that).
Now when fix [2] will be merged in oslo_policy we will need to change
expected exception type in some of the policies UT from
PolicyNotAuthorized to InvalidScope.
For now, to make it working with both old and new oslo_policy, let's
disable enforcing scopes in those UT. It will be enabled again when new
oslo_policy will be fixed and we will us it in Neutron.

[1] https://launchpad.net/bugs/1923503
[2] https://review.opendev.org/c/openstack/oslo.policy/+/804980

Related-Bug: #1923503
Change-Id: I5c64eb9315b37379b0899c9d35f2f0d96f9c1579
2021-11-04 10:10:41 +00:00

72 lines
2.8 KiB
Python
Raw Blame History

# Copyright (c) 2021 Red Hat Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from neutron_lib import context
from oslo_config import cfg
from oslo_utils import uuidutils
from neutron.tests import base as tests_base
class PolicyBaseTestCase(tests_base.BaseTestCase):
def setUp(self):
# NOTE(slaweq): Enforcing new policies has to be done before calling
# super() as in BaseTestCase policies are initialized and config
# options has to be set properly at that point already.
# That tests are testing only new default policies.
cfg.CONF.set_override(
'enforce_new_defaults', True, group='oslo_policy')
# TODO(slaweq): Remove that override once fix
# https://review.opendev.org/c/openstack/oslo.policy/+/804980 will be
# merged and released in oslo_policy
cfg.CONF.set_override(
'enforce_scope', False, group='oslo_policy')
super(PolicyBaseTestCase, self).setUp()
self.project_id = uuidutils.generate_uuid()
self.system_user_id = uuidutils.generate_uuid()
self.user_id = uuidutils.generate_uuid()
self._prepare_system_scope_personas()
self._prepare_project_scope_personas()
self.alt_project_id = uuidutils.generate_uuid()
def _prepare_system_scope_personas(self):
self.system_admin_ctx = context.Context(
user_id=self.system_user_id,
roles=['admin', 'member', 'reader'],
system_scope='all')
self.system_member_ctx = context.Context(
user_id=self.system_user_id,
roles=['member', 'reader'],
system_scope='all')
self.system_reader_ctx = context.Context(
user_id=self.system_user_id,
roles=['reader'],
system_scope='all')
def _prepare_project_scope_personas(self):
self.project_admin_ctx = context.Context(
user_id=self.user_id,
roles=['admin', 'member', 'reader'],
project_id=self.project_id)
self.project_member_ctx = context.Context(
user_id=self.user_id,
roles=['member', 'reader'],
project_id=self.project_id)
self.project_reader_ctx = context.Context(
user_id=self.user_id,
roles=['reader'],
project_id=self.project_id)
View Git Blame Copy Permalink