API: Add default policy for image endpoint
This patch amend I2ef1865e21b99f3bed3a5b7c53816cfe808a2fc2 to add default policy for image endpoint and also test cases. Change-Id: Idb9c866865242b5965da8acd9750854abb4f617a
This commit is contained in:
parent
ea963601a5
commit
09be7521cc
@ -19,5 +19,8 @@
|
|||||||
"container:execute": "rule:admin_or_user",
|
"container:execute": "rule:admin_or_user",
|
||||||
"container:kill": "rule:admin_or_user",
|
"container:kill": "rule:admin_or_user",
|
||||||
|
|
||||||
|
"image:create": "rule:default",
|
||||||
|
"image:get_all": "rule:default",
|
||||||
|
|
||||||
"magnum-service:get_all": "rule:admin_api"
|
"magnum-service:get_all": "rule:admin_api"
|
||||||
}
|
}
|
||||||
|
@ -117,3 +117,28 @@ class TestImageController(api_base.FunctionalTest):
|
|||||||
self.assertEqual(1, len(actual_images))
|
self.assertEqual(1, len(actual_images))
|
||||||
self.assertEqual(test_image['uuid'],
|
self.assertEqual(test_image['uuid'],
|
||||||
actual_images[0].get('uuid'))
|
actual_images[0].get('uuid'))
|
||||||
|
|
||||||
|
|
||||||
|
class TestImageEnforcement(api_base.FunctionalTest):
|
||||||
|
|
||||||
|
def _common_policy_check(self, rule, func, *arg, **kwarg):
|
||||||
|
self.policy.set_rules({rule: 'project_id:non_fake'})
|
||||||
|
response = func(*arg, **kwarg)
|
||||||
|
self.assertEqual(403, response.status_int)
|
||||||
|
self.assertEqual('application/json', response.content_type)
|
||||||
|
self.assertTrue(
|
||||||
|
"Policy doesn't allow %s to be performed." % rule,
|
||||||
|
response.json['errors'][0]['detail'])
|
||||||
|
|
||||||
|
def test_policy_disallow_get_all(self):
|
||||||
|
self._common_policy_check(
|
||||||
|
'image:get_all', self.get_json, '/images/',
|
||||||
|
expect_errors=True)
|
||||||
|
|
||||||
|
def test_policy_disallow_create(self):
|
||||||
|
params = ('{"repo": "foo"}')
|
||||||
|
self._common_policy_check(
|
||||||
|
'image:create', self.app.post, '/v1/images/',
|
||||||
|
params=params,
|
||||||
|
content_type='application/json',
|
||||||
|
expect_errors=True)
|
||||||
|
Loading…
Reference in New Issue
Block a user