x/vmware-nsx
Code Issues Proposed changes

Merge "Allow sharing of firewall rules and policies in policy.json"

Browse Source
This commit is contained in:
Jenkins 2013-09-26 21:44:39 +00:00 committed by Gerrit Code Review
commit fd595bfbc2
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/policy.json
View File

@ -5,6 +5,7 @@
"admin_only": "rule:context_is_admin", "admin_only": "rule:context_is_admin",
"regular_user": "", "regular_user": "",
"shared": "field:networks:shared=True", "shared": "field:networks:shared=True",
"shared_firewalls": "field:firewalls:shared=True",
"external": "field:networks:router:external=True", "external": "field:networks:router:external=True",
"default": "rule:admin_or_owner", "default": "rule:admin_or_owner",
@ -71,13 +72,13 @@
"delete_firewall": "rule:admin_or_owner", "delete_firewall": "rule:admin_or_owner",
"create_firewall_policy": "", "create_firewall_policy": "",
"get_firewall_policy": "rule:admin_or_owner", "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
"create_firewall_policy:shared": "rule:admin_or_owner", "create_firewall_policy:shared": "rule:admin_or_owner",
"update_firewall_policy": "rule:admin_or_owner", "update_firewall_policy": "rule:admin_or_owner",
"delete_firewall_policy": "rule:admin_or_owner", "delete_firewall_policy": "rule:admin_or_owner",
"create_firewall_rule": "", "create_firewall_rule": "",
"get_firewall_rule": "rule:admin_or_owner", "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
"create_firewall_rule:shared": "rule:admin_or_owner", "create_firewall_rule:shared": "rule:admin_or_owner",
"get_firewall_rule:shared": "rule:admin_or_owner", "get_firewall_rule:shared": "rule:admin_or_owner",
"update_firewall_rule": "rule:admin_or_owner", "update_firewall_rule": "rule:admin_or_owner",

19
neutron/tests/unit/test_policy.py
View File

@ -250,7 +250,12 @@ class NeutronPolicyTestCase(base.BaseTestCase):
"create_something": "rule:admin_or_owner", "create_something": "rule:admin_or_owner",
"create_something:attr": "rule:admin_or_owner", "create_something:attr": "rule:admin_or_owner",
"create_something:attr:sub_attr_1": "rule:admin_or_owner", "create_something:attr:sub_attr_1": "rule:admin_or_owner",
"create_something:attr:sub_attr_2": "rule:admin_only" "create_something:attr:sub_attr_2": "rule:admin_only",
"get_firewall_policy": "rule:admin_or_owner or "
"rule:shared",
"get_firewall_rule": "rule:admin_or_owner or "
"rule:shared"
}.items()) }.items())
def fakepolicyinit(): def fakepolicyinit():
@ -390,6 +395,18 @@ class NeutronPolicyTestCase(base.BaseTestCase):
result = policy.enforce(self.context, action, target) result = policy.enforce(self.context, action, target)
self.assertTrue(result) self.assertTrue(result)
def test_enforce_firewall_policy_shared(self):
action = "get_firewall_policy"
target = {'shared': True, 'tenant_id': 'somebody_else'}
result = policy.enforce(self.context, action, target)
self.assertTrue(result)
def test_enforce_firewall_rule_shared(self):
action = "get_firewall_rule"
target = {'shared': True, 'tenant_id': 'somebody_else'}
result = policy.enforce(self.context, action, target)
self.assertTrue(result)
def test_enforce_tenant_id_check(self): def test_enforce_tenant_id_check(self):
# Trigger a policy with rule admin_or_owner # Trigger a policy with rule admin_or_owner
action = "create_network" action = "create_network"