diff options
Diffstat (limited to 'nova/tests/api/ec2/test_cloud.py')
-rw-r--r-- | nova/tests/api/ec2/test_cloud.py | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/nova/tests/api/ec2/test_cloud.py b/nova/tests/api/ec2/test_cloud.py index f34195ea3c..0abd0252d8 100644 --- a/nova/tests/api/ec2/test_cloud.py +++ b/nova/tests/api/ec2/test_cloud.py @@ -21,6 +21,7 @@ import copy import datetime import functools import iso8601 +import mock import os import string import tempfile @@ -481,6 +482,34 @@ class CloudTestCase(test.TestCase): delete = self.cloud.delete_security_group self.assertRaises(exception.MissingParameter, delete, self.context) + def test_delete_security_group_policy_not_allowed(self): + rules = common_policy.Rules( + {'compute_extension:security_groups': + common_policy.parse_rule('project_id:%(project_id)s')}) + common_policy.set_rules(rules) + + with mock.patch.object(self.cloud.security_group_api, + 'get') as get: + get.return_value = {'project_id': 'invalid'} + + self.assertRaises(exception.PolicyNotAuthorized, + self.cloud.delete_security_group, self.context, + 'fake-name', 'fake-id') + + def test_authorize_security_group_ingress_policy_not_allowed(self): + rules = common_policy.Rules( + {'compute_extension:security_groups': + common_policy.parse_rule('project_id:%(project_id)s')}) + common_policy.set_rules(rules) + + with mock.patch.object(self.cloud.security_group_api, + 'get') as get: + get.return_value = {'project_id': 'invalid'} + + self.assertRaises(exception.PolicyNotAuthorized, + self.cloud.authorize_security_group_ingress, self.context, + 'fake-name', 'fake-id') + def test_authorize_security_group_ingress(self): kwargs = {'project_id': self.context.project_id, 'name': 'test'} sec = db.security_group_create(self.context, kwargs) @@ -585,6 +614,20 @@ class CloudTestCase(test.TestCase): db.security_group_destroy(self.context, sec2['id']) db.security_group_destroy(self.context, sec1['id']) + def test_revoke_security_group_ingress_policy_not_allowed(self): + rules = common_policy.Rules( + {'compute_extension:security_groups': + common_policy.parse_rule('project_id:%(project_id)s')}) + common_policy.set_rules(rules) + + with mock.patch.object(self.cloud.security_group_api, + 'get') as get: + get.return_value = {'project_id': 'invalid'} + + self.assertRaises(exception.PolicyNotAuthorized, + self.cloud.revoke_security_group_ingress, self.context, + 'fake-name', 'fake-id') + def test_revoke_security_group_ingress(self): kwargs = {'project_id': self.context.project_id, 'name': 'test'} sec = db.security_group_create(self.context, kwargs) |