API: Add default policy for image endpoint

This patch amend I2ef1865e21b99f3bed3a5b7c53816cfe808a2fc2 to add
default policy for image endpoint and also test cases.

Change-Id: Idb9c866865242b5965da8acd9750854abb4f617a
This commit is contained in:
Eli Qiao 2016-10-19 17:01:39 +08:00
parent ea963601a5
commit 09be7521cc
2 changed files with 28 additions and 0 deletions

View File

@ -19,5 +19,8 @@
"container:execute": "rule:admin_or_user", "container:execute": "rule:admin_or_user",
"container:kill": "rule:admin_or_user", "container:kill": "rule:admin_or_user",
"image:create": "rule:default",
"image:get_all": "rule:default",
"magnum-service:get_all": "rule:admin_api" "magnum-service:get_all": "rule:admin_api"
} }

View File

@ -117,3 +117,28 @@ class TestImageController(api_base.FunctionalTest):
self.assertEqual(1, len(actual_images)) self.assertEqual(1, len(actual_images))
self.assertEqual(test_image['uuid'], self.assertEqual(test_image['uuid'],
actual_images[0].get('uuid')) actual_images[0].get('uuid'))
class TestImageEnforcement(api_base.FunctionalTest):
def _common_policy_check(self, rule, func, *arg, **kwarg):
self.policy.set_rules({rule: 'project_id:non_fake'})
response = func(*arg, **kwarg)
self.assertEqual(403, response.status_int)
self.assertEqual('application/json', response.content_type)
self.assertTrue(
"Policy doesn't allow %s to be performed." % rule,
response.json['errors'][0]['detail'])
def test_policy_disallow_get_all(self):
self._common_policy_check(
'image:get_all', self.get_json, '/images/',
expect_errors=True)
def test_policy_disallow_create(self):
params = ('{"repo": "foo"}')
self._common_policy_check(
'image:create', self.app.post, '/v1/images/',
params=params,
content_type='application/json',
expect_errors=True)