Skip to content

Commit 5c0f0ba

Browse files
Zuulopenstack-gerrit
authored andcommitted
Merge "Fix tests for oslo.policy new defaults enable by default"
2 parents a4032b9 + 240347f commit 5c0f0ba

File tree

13 files changed

+56
-79
lines changed

13 files changed

+56
-79
lines changed

octavia/common/policy.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -137,9 +137,8 @@ def check_is_admin(self, context):
137137
try:
138138
result = self.enforce('context_is_admin', credentials, credentials)
139139
except oslo_policy.InvalidScope as e:
140-
# This will happen if the token being used is not system scoped
141-
# which is required for the admin roles when scope checking is
142-
# enabled.
140+
# This will happen if the token being used is system scoped
141+
# when scope checking is enabled.
143142
LOG.warning(str(e))
144143
return False
145144
return result

octavia/policies/base.py

Lines changed: 1 addition & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -41,20 +41,6 @@
4141

4242
# OpenStack wide scoped rules
4343

44-
# System scoped Administrator
45-
policy.RuleDefault(
46-
name='system-admin',
47-
check_str='role:admin and '
48-
'system_scope:all',
49-
scope_types=[constants.RBAC_SCOPE_PROJECT]),
50-
51-
# System scoped Reader
52-
policy.RuleDefault(
53-
name='system-reader',
54-
check_str='role:reader and '
55-
'system_scope:all',
56-
scope_types=[constants.RBAC_SCOPE_PROJECT]),
57-
5844
# Project scoped Member
5945
policy.RuleDefault(
6046
name='project-member',
@@ -85,13 +71,10 @@
8571
# role:load-balancer_admin
8672
# User is considered an admin for all load-balancer APIs including
8773
# resources owned by others.
88-
# role:admin and system_scope:all
89-
# User is admin to all service APIs, including Octavia.
9074

9175
policy.RuleDefault(
9276
name='context_is_admin',
9377
check_str='role:load-balancer_admin or '
94-
'rule:system-admin or '
9578
'role:admin',
9679
deprecated_rule=deprecated_context_is_admin,
9780
scope_types=[constants.RBAC_SCOPE_PROJECT]),
@@ -115,8 +98,7 @@
11598

11699
policy.RuleDefault(
117100
name='load-balancer:global_observer',
118-
check_str='role:load-balancer_global_observer or '
119-
'rule:system-reader',
101+
check_str='role:load-balancer_global_observer',
120102
scope_types=[constants.RBAC_SCOPE_PROJECT]),
121103

122104
policy.RuleDefault(
@@ -132,7 +114,6 @@
132114
name='load-balancer:admin',
133115
check_str='is_admin:True or '
134116
'role:load-balancer_admin or '
135-
'rule:system-admin or '
136117
'role:admin',
137118
scope_types=[constants.RBAC_SCOPE_PROJECT]),
138119

octavia/tests/functional/api/v2/test_availability_zones.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -214,7 +214,7 @@ def test_get_authorized(self):
214214
'is_admin_project': True,
215215
'service_project_domain_id': None,
216216
'service_project_id': None,
217-
'roles': ['load-balancer_member'],
217+
'roles': ['load-balancer_member', 'member'],
218218
'user_id': None,
219219
'is_admin': False,
220220
'service_user_domain_id': None,

octavia/tests/functional/api/v2/test_flavors.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -214,7 +214,7 @@ def test_get_authorized(self):
214214
'is_admin_project': True,
215215
'service_project_domain_id': None,
216216
'service_project_id': None,
217-
'roles': ['load-balancer_member'],
217+
'roles': ['load-balancer_member', 'member'],
218218
'user_id': None,
219219
'is_admin': False,
220220
'service_user_domain_id': None,
@@ -308,7 +308,7 @@ def test_get_all_authorized(self):
308308
'is_admin_project': True,
309309
'service_project_domain_id': None,
310310
'service_project_id': None,
311-
'roles': ['load-balancer_member'],
311+
'roles': ['load-balancer_member', 'member'],
312312
'user_id': None,
313313
'is_admin': False,
314314
'service_user_domain_id': None,

octavia/tests/functional/api/v2/test_health_monitor.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ def test_get_authorized(self):
137137
'is_admin_project': True,
138138
'service_project_domain_id': None,
139139
'service_project_id': None,
140-
'roles': ['load-balancer_member'],
140+
'roles': ['load-balancer_member', 'member'],
141141
'user_id': None,
142142
'is_admin': False,
143143
'service_user_domain_id': None,
@@ -293,7 +293,7 @@ def test_get_all_non_admin(self):
293293
'is_admin_project': True,
294294
'service_project_domain_id': None,
295295
'service_project_id': None,
296-
'roles': ['load-balancer_member'],
296+
'roles': ['load-balancer_member', 'member'],
297297
'user_id': None,
298298
'is_admin': False,
299299
'service_user_domain_id': None,
@@ -1258,7 +1258,7 @@ def test_create_authorized(self):
12581258
'is_admin_project': True,
12591259
'service_project_domain_id': None,
12601260
'service_project_id': None,
1261-
'roles': ['load-balancer_member'],
1261+
'roles': ['load-balancer_member', 'member'],
12621262
'user_id': None,
12631263
'is_admin': False,
12641264
'service_user_domain_id': None,
@@ -1714,7 +1714,7 @@ def test_update_authorized(self):
17141714
'is_admin_project': True,
17151715
'service_project_domain_id': None,
17161716
'service_project_id': None,
1717-
'roles': ['load-balancer_member'],
1717+
'roles': ['load-balancer_member', 'member'],
17181718
'user_id': None,
17191719
'is_admin': False,
17201720
'service_user_domain_id': None,
@@ -2064,7 +2064,7 @@ def test_delete_authorized(self):
20642064
'is_admin_project': True,
20652065
'service_project_domain_id': None,
20662066
'service_project_id': None,
2067-
'roles': ['load-balancer_member'],
2067+
'roles': ['load-balancer_member', 'member'],
20682068
'user_id': None,
20692069
'is_admin': False,
20702070
'service_user_domain_id': None,

octavia/tests/functional/api/v2/test_l7policy.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ def test_get_authorized(self):
7676
'is_admin_project': True,
7777
'service_project_domain_id': None,
7878
'service_project_id': None,
79-
'roles': ['load-balancer_member'],
79+
'roles': ['load-balancer_member', 'member'],
8080
'user_id': None,
8181
'is_admin': False,
8282
'service_user_domain_id': None,
@@ -209,7 +209,7 @@ def test_get_all_non_admin(self):
209209
'is_admin_project': True,
210210
'service_project_domain_id': None,
211211
'service_project_id': None,
212-
'roles': ['load-balancer_member'],
212+
'roles': ['load-balancer_member', 'member'],
213213
'user_id': None,
214214
'is_admin': False,
215215
'service_user_domain_id': None,
@@ -685,7 +685,7 @@ def test_create_policy_authorized(self):
685685
'is_admin_project': True,
686686
'service_project_domain_id': None,
687687
'service_project_id': None,
688-
'roles': ['load-balancer_member'],
688+
'roles': ['load-balancer_member', 'member'],
689689
'user_id': None,
690690
'is_admin': False,
691691
'service_user_domain_id': None,
@@ -919,7 +919,7 @@ def test_update_authorized(self):
919919
'is_admin_project': True,
920920
'service_project_domain_id': None,
921921
'service_project_id': None,
922-
'roles': ['load-balancer_member'],
922+
'roles': ['load-balancer_member', 'member'],
923923
'user_id': None,
924924
'is_admin': False,
925925
'service_user_domain_id': None,
@@ -1165,7 +1165,7 @@ def test_delete_authorized(self):
11651165
'is_admin_project': True,
11661166
'service_project_domain_id': None,
11671167
'service_project_id': None,
1168-
'roles': ['load-balancer_member'],
1168+
'roles': ['load-balancer_member', 'member'],
11691169
'user_id': None,
11701170
'is_admin': False,
11711171
'service_user_domain_id': None,

octavia/tests/functional/api/v2/test_l7rule.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ def test_get_authorized(self):
7676
'is_admin_project': True,
7777
'service_project_domain_id': None,
7878
'service_project_id': None,
79-
'roles': ['load-balancer_member'],
79+
'roles': ['load-balancer_member', 'member'],
8080
'user_id': None,
8181
'is_admin': False,
8282
'service_user_domain_id': None,
@@ -175,7 +175,7 @@ def test_get_all_authorized(self):
175175
'is_admin_project': True,
176176
'service_project_domain_id': None,
177177
'service_project_id': None,
178-
'roles': ['load-balancer_member'],
178+
'roles': ['load-balancer_member', 'member'],
179179
'user_id': None,
180180
'is_admin': False,
181181
'service_user_domain_id': None,
@@ -542,7 +542,7 @@ def test_create_rule_authorized(self):
542542
'is_admin_project': True,
543543
'service_project_domain_id': None,
544544
'service_project_id': None,
545-
'roles': ['load-balancer_member'],
545+
'roles': ['load-balancer_member', 'member'],
546546
'user_id': None,
547547
'is_admin': False,
548548
'service_user_domain_id': None,
@@ -921,7 +921,7 @@ def test_update_authorized(self):
921921
'is_admin_project': True,
922922
'service_project_domain_id': None,
923923
'service_project_id': None,
924-
'roles': ['load-balancer_member'],
924+
'roles': ['load-balancer_member', 'member'],
925925
'user_id': None,
926926
'is_admin': False,
927927
'service_user_domain_id': None,
@@ -1125,7 +1125,7 @@ def test_delete_authorized(self):
11251125
'is_admin_project': True,
11261126
'service_project_domain_id': None,
11271127
'service_project_id': None,
1128-
'roles': ['load-balancer_member'],
1128+
'roles': ['load-balancer_member', 'member'],
11291129
'user_id': None,
11301130
'is_admin': False,
11311131
'service_user_domain_id': None,

octavia/tests/functional/api/v2/test_listener.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ def test_get_all_non_admin(self):
112112
'is_admin_project': True,
113113
'service_project_domain_id': None,
114114
'service_project_id': None,
115-
'roles': ['load-balancer_member'],
115+
'roles': ['load-balancer_member', 'member'],
116116
'user_id': None,
117117
'is_admin': False,
118118
'service_user_domain_id': None,
@@ -558,7 +558,7 @@ def test_get_authorized(self):
558558
'is_admin_project': True,
559559
'service_project_domain_id': None,
560560
'service_project_id': None,
561-
'roles': ['load-balancer_member'],
561+
'roles': ['load-balancer_member', 'member'],
562562
'user_id': None,
563563
'is_admin': False,
564564
'service_user_domain_id': None,
@@ -976,7 +976,7 @@ def test_create_authorized(self, **optionals):
976976
'is_admin_project': True,
977977
'service_project_domain_id': None,
978978
'service_project_id': None,
979-
'roles': ['load-balancer_member'],
979+
'roles': ['load-balancer_member', 'member'],
980980
'user_id': None,
981981
'is_admin': False,
982982
'service_user_domain_id': None,
@@ -2106,7 +2106,7 @@ def test_update_authorized(self):
21062106
'is_admin_project': True,
21072107
'service_project_domain_id': None,
21082108
'service_project_id': None,
2109-
'roles': ['load-balancer_member'],
2109+
'roles': ['load-balancer_member', 'member'],
21102110
'user_id': None,
21112111
'is_admin': False,
21122112
'service_user_domain_id': None,
@@ -2267,7 +2267,7 @@ def test_delete_authorized(self):
22672267
'is_admin_project': True,
22682268
'service_project_domain_id': None,
22692269
'service_project_id': None,
2270-
'roles': ['load-balancer_member'],
2270+
'roles': ['load-balancer_member', 'member'],
22712271
'user_id': None,
22722272
'is_admin': False,
22732273
'service_user_domain_id': None,
@@ -2926,7 +2926,7 @@ def test_statistics_authorized(self):
29262926
'is_admin_project': True,
29272927
'service_project_domain_id': None,
29282928
'service_project_id': None,
2929-
'roles': ['load-balancer_member'],
2929+
'roles': ['load-balancer_member', 'member'],
29302930
'user_id': None,
29312931
'is_admin': False,
29322932
'service_user_domain_id': None,

octavia/tests/functional/api/v2/test_load_balancer.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -995,7 +995,7 @@ def test_create_authorized(self, **optionals):
995995
'is_admin_project': True,
996996
'service_project_domain_id': None,
997997
'service_project_id': None,
998-
'roles': ['load-balancer_member'],
998+
'roles': ['load-balancer_member', 'member'],
999999
'user_id': None,
10001000
'is_admin': False,
10011001
'service_user_domain_id': None,
@@ -1306,7 +1306,7 @@ def test_get_all_non_admin(self):
13061306
'is_admin_project': True,
13071307
'service_project_domain_id': None,
13081308
'service_project_id': None,
1309-
'roles': ['load-balancer_member'],
1309+
'roles': ['load-balancer_member', 'member'],
13101310
'user_id': None,
13111311
'is_admin': False,
13121312
'service_user_domain_id': None,
@@ -1892,7 +1892,7 @@ def test_get_authorized(self):
18921892
'is_admin_project': True,
18931893
'service_project_domain_id': None,
18941894
'service_project_id': None,
1895-
'roles': ['load-balancer_member'],
1895+
'roles': ['load-balancer_member', 'member'],
18961896
'user_id': None,
18971897
'is_admin': False,
18981898
'service_user_domain_id': None,
@@ -2092,7 +2092,7 @@ def test_update_authorized(self):
20922092
'is_admin_project': True,
20932093
'service_project_domain_id': None,
20942094
'service_project_id': None,
2095-
'roles': ['load-balancer_member'],
2095+
'roles': ['load-balancer_member', 'member'],
20962096
'user_id': None,
20972097
'is_admin': False,
20982098
'service_user_domain_id': None,
@@ -2276,7 +2276,7 @@ def test_delete_authorized(self):
22762276
'is_admin_project': True,
22772277
'service_project_domain_id': None,
22782278
'service_project_id': None,
2279-
'roles': ['load-balancer_member'],
2279+
'roles': ['load-balancer_member', 'member'],
22802280
'user_id': None,
22812281
'is_admin': False,
22822282
'service_user_domain_id': None,
@@ -4008,7 +4008,7 @@ def test_statuses_authorized(self):
40084008
'is_admin_project': True,
40094009
'service_project_domain_id': None,
40104010
'service_project_id': None,
4011-
'roles': ['load-balancer_member'],
4011+
'roles': ['load-balancer_member', 'member'],
40124012
'user_id': None,
40134013
'is_admin': False,
40144014
'service_user_domain_id': None,
@@ -4111,7 +4111,7 @@ def test_statistics_authorized(self):
41114111
'is_admin_project': True,
41124112
'service_project_domain_id': None,
41134113
'service_project_id': None,
4114-
'roles': ['load-balancer_member'],
4114+
'roles': ['load-balancer_member', 'member'],
41154115
'user_id': None,
41164116
'is_admin': False,
41174117
'service_user_domain_id': None,

octavia/tests/functional/api/v2/test_member.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@ def test_get_authorized(self):
8989
'is_admin_project': True,
9090
'service_project_domain_id': None,
9191
'service_project_id': None,
92-
'roles': ['load-balancer_member'],
92+
'roles': ['load-balancer_member', 'member'],
9393
'user_id': None,
9494
'is_admin': False,
9595
'service_user_domain_id': None,
@@ -194,7 +194,7 @@ def test_get_all_authorized(self):
194194
'is_admin_project': True,
195195
'service_project_domain_id': None,
196196
'service_project_id': None,
197-
'roles': ['load-balancer_member'],
197+
'roles': ['load-balancer_member', 'member'],
198198
'user_id': None,
199199
'is_admin': False,
200200
'service_user_domain_id': None,
@@ -529,7 +529,7 @@ def test_create_authorized(self):
529529
'is_admin_project': True,
530530
'service_project_domain_id': None,
531531
'service_project_id': None,
532-
'roles': ['load-balancer_member'],
532+
'roles': ['load-balancer_member', 'member'],
533533
'user_id': None,
534534
'is_admin': False,
535535
'service_user_domain_id': None,
@@ -1178,7 +1178,7 @@ def test_update_authorized(self):
11781178
'is_admin_project': True,
11791179
'service_project_domain_id': None,
11801180
'service_project_id': None,
1181-
'roles': ['load-balancer_member'],
1181+
'roles': ['load-balancer_member', 'member'],
11821182
'user_id': None,
11831183
'is_admin': False,
11841184
'service_user_domain_id': None,
@@ -1360,7 +1360,7 @@ def test_delete_authorized(self):
13601360
'is_admin_project': True,
13611361
'service_project_domain_id': None,
13621362
'service_project_id': None,
1363-
'roles': ['load-balancer_member'],
1363+
'roles': ['load-balancer_member', 'member'],
13641364
'user_id': None,
13651365
'is_admin': False,
13661366
'service_user_domain_id': None,

0 commit comments

Comments
 (0)