]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 2665b75)
tests: don't rely on configuration files outside tests directory
authorIhar Hrachyshka <ihrachys@redhat.com>
Wed, 18 Mar 2015 13:21:57 +0000 (14:21 +0100)
committerIhar Hrachyshka <ihrachys@redhat.com>
Mon, 30 Mar 2015 15:20:06 +0000 (17:20 +0200)
etc/... may be non existent in some build environments. It's also pip
does not install those files under site-packages neutron module, so
paths relative to python files don't work.

So instead of using relative paths to etc/... contents, maintain our own
version of configuration files. It means we need to maintain tests only
policy.json file too, in addition to neutron.conf.test and
api-paste.ini.test.

Ideally, we would make etc/policy.json copied under site-packages in
addition to /etc/neutron/. In that way, we would not maintain a copy of
policy.json file in two places.

Though it seems that setuputils does not have a good way to install
files under site-packages that would consider all the differences
between python environments (specifically, different prefixes used in
different systems).

Note: it's not *absolutely* needed to update the test policy.json file
on each next policy update, though it will be needed in cases when we
want to test policy changes in unit tests. So adding a check to make
sure files are identical.

This partially reverts commit 1404f33b50452d4c0e0ef8c748011ce80303c2fd.

Conflicts:
neutron/policy.py

Related-Bug: #1433146
Change-Id: If1f5ebd981cf06558d5102524211799676068889

neutron/tests/base.py patch | blob | history
neutron/tests/etc/policy.json [new file with mode: 0644] patch | blob
tools/misc-sanity-checks.sh patch | blob | history

diff --git a/neutron/tests/base.py b/neutron/tests/base.py
index 63e5e68e199d86d5c1ad24d04c9464905a0249f5..b3956588100e3973459d0ec99545c3a5775ec665 100644 (file)
--- a/neutron/tests/base.py
+++ b/neutron/tests/base.py
@@ -48,12 +48,12 @@ CONF = cfg.CONF
 CONF.import_opt('state_path', 'neutron.common.config')
 LOG_FORMAT = "%(asctime)s %(levelname)8s [%(name)s] %(message)s"
 
-ROOT_DIR = os.path.join(os.path.dirname(__file__), '..', '..')
-TEST_ROOT_DIR = os.path.dirname(__file__)
+ROOTDIR = os.path.dirname(__file__)
+ETCDIR = os.path.join(ROOTDIR, 'etc')
 
 
-def etcdir(filename, root=TEST_ROOT_DIR):
-    return os.path.join(root, 'etc', filename)
+def etcdir(*p):
+    return os.path.join(ETCDIR, *p)
 
 
 def fake_use_fatal_exceptions(*args):
@@ -214,12 +214,8 @@ class BaseTestCase(DietTestCase):
         """Create the default configurations."""
         # neutron.conf.test includes rpc_backend which needs to be cleaned up
         if args is None:
-            args = ['--config-file', etcdir('neutron.conf.test')]
-        # this is needed to add ROOT_DIR to the list of paths that oslo.config
-        # will try to traverse when searching for a new config file (it's
-        # needed so that policy module can locate policy_file)
-        args += ['--config-file', etcdir('neutron.conf', root=ROOT_DIR)]
-
+            args = []
+        args += ['--config-file', etcdir('neutron.conf.test')]
         if conf is None:
             config.init(args=args)
         else:
diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json
new file mode 100644 (file)
index 0000000..ae46bc2
--- /dev/null
+++ b/neutron/tests/etc/policy.json
@@ -0,0 +1,154 @@
+{
+    "context_is_admin":  "role:admin",
+    "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
+    "context_is_advsvc":  "role:advsvc",
+    "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
+    "admin_only": "rule:context_is_admin",
+    "regular_user": "",
+    "shared": "field:networks:shared=True",
+    "shared_firewalls": "field:firewalls:shared=True",
+    "shared_firewall_policies": "field:firewall_policies:shared=True",
+    "shared_subnetpools": "field:subnetpools:shared=True",
+    "external": "field:networks:router:external=True",
+    "default": "rule:admin_or_owner",
+
+    "create_subnet": "rule:admin_or_network_owner",
+    "get_subnet": "rule:admin_or_owner or rule:shared",
+    "update_subnet": "rule:admin_or_network_owner",
+    "delete_subnet": "rule:admin_or_network_owner",
+
+    "create_subnetpool": "",
+    "create_subnetpool:shared": "rule:admin_only",
+    "get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
+    "update_subnetpool": "rule:admin_or_owner",
+    "delete_subnetpool": "rule:admin_or_owner",
+
+    "create_network": "",
+    "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
+    "get_network:router:external": "rule:regular_user",
+    "get_network:segments": "rule:admin_only",
+    "get_network:provider:network_type": "rule:admin_only",
+    "get_network:provider:physical_network": "rule:admin_only",
+    "get_network:provider:segmentation_id": "rule:admin_only",
+    "get_network:queue_id": "rule:admin_only",
+    "create_network:shared": "rule:admin_only",
+    "create_network:router:external": "rule:admin_only",
+    "create_network:segments": "rule:admin_only",
+    "create_network:provider:network_type": "rule:admin_only",
+    "create_network:provider:physical_network": "rule:admin_only",
+    "create_network:provider:segmentation_id": "rule:admin_only",
+    "update_network": "rule:admin_or_owner",
+    "update_network:segments": "rule:admin_only",
+    "update_network:shared": "rule:admin_only",
+    "update_network:provider:network_type": "rule:admin_only",
+    "update_network:provider:physical_network": "rule:admin_only",
+    "update_network:provider:segmentation_id": "rule:admin_only",
+    "update_network:router:external": "rule:admin_only",
+    "delete_network": "rule:admin_or_owner",
+
+    "create_port": "",
+    "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "create_port:binding:host_id": "rule:admin_only",
+    "create_port:binding:profile": "rule:admin_only",
+    "create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "get_port": "rule:admin_or_owner or rule:context_is_advsvc",
+    "get_port:queue_id": "rule:admin_only",
+    "get_port:binding:vif_type": "rule:admin_only",
+    "get_port:binding:vif_details": "rule:admin_only",
+    "get_port:binding:host_id": "rule:admin_only",
+    "get_port:binding:profile": "rule:admin_only",
+    "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
+    "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
+    "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "update_port:binding:host_id": "rule:admin_only",
+    "update_port:binding:profile": "rule:admin_only",
+    "update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
+
+    "get_router:ha": "rule:admin_only",
+    "create_router": "rule:regular_user",
+    "create_router:external_gateway_info:enable_snat": "rule:admin_only",
+    "create_router:distributed": "rule:admin_only",
+    "create_router:ha": "rule:admin_only",
+    "get_router": "rule:admin_or_owner",
+    "get_router:distributed": "rule:admin_only",
+    "update_router:external_gateway_info:enable_snat": "rule:admin_only",
+    "update_router:distributed": "rule:admin_only",
+    "update_router:ha": "rule:admin_only",
+    "delete_router": "rule:admin_or_owner",
+
+    "add_router_interface": "rule:admin_or_owner",
+    "remove_router_interface": "rule:admin_or_owner",
+
+    "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
+    "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
+
+    "create_firewall": "",
+    "get_firewall": "rule:admin_or_owner",
+    "create_firewall:shared": "rule:admin_only",
+    "get_firewall:shared": "rule:admin_only",
+    "update_firewall": "rule:admin_or_owner",
+    "update_firewall:shared": "rule:admin_only",
+    "delete_firewall": "rule:admin_or_owner",
+
+    "create_firewall_policy": "",
+    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
+    "create_firewall_policy:shared": "rule:admin_or_owner",
+    "update_firewall_policy": "rule:admin_or_owner",
+    "delete_firewall_policy": "rule:admin_or_owner",
+
+    "create_firewall_rule": "",
+    "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
+    "update_firewall_rule": "rule:admin_or_owner",
+    "delete_firewall_rule": "rule:admin_or_owner",
+
+    "create_qos_queue": "rule:admin_only",
+    "get_qos_queue": "rule:admin_only",
+
+    "update_agent": "rule:admin_only",
+    "delete_agent": "rule:admin_only",
+    "get_agent": "rule:admin_only",
+
+    "create_dhcp-network": "rule:admin_only",
+    "delete_dhcp-network": "rule:admin_only",
+    "get_dhcp-networks": "rule:admin_only",
+    "create_l3-router": "rule:admin_only",
+    "delete_l3-router": "rule:admin_only",
+    "get_l3-routers": "rule:admin_only",
+    "get_dhcp-agents": "rule:admin_only",
+    "get_l3-agents": "rule:admin_only",
+    "get_loadbalancer-agent": "rule:admin_only",
+    "get_loadbalancer-pools": "rule:admin_only",
+    "get_agent-loadbalancers": "rule:admin_only",
+    "get_loadbalancer-hosting-agent": "rule:admin_only",
+
+    "create_floatingip": "rule:regular_user",
+    "create_floatingip:floating_ip_address": "rule:admin_only",
+    "update_floatingip": "rule:admin_or_owner",
+    "delete_floatingip": "rule:admin_or_owner",
+    "get_floatingip": "rule:admin_or_owner",
+
+    "create_network_profile": "rule:admin_only",
+    "update_network_profile": "rule:admin_only",
+    "delete_network_profile": "rule:admin_only",
+    "get_network_profiles": "",
+    "get_network_profile": "",
+    "update_policy_profiles": "rule:admin_only",
+    "get_policy_profiles": "",
+    "get_policy_profile": "",
+
+    "create_metering_label": "rule:admin_only",
+    "delete_metering_label": "rule:admin_only",
+    "get_metering_label": "rule:admin_only",
+
+    "create_metering_label_rule": "rule:admin_only",
+    "delete_metering_label_rule": "rule:admin_only",
+    "get_metering_label_rule": "rule:admin_only",
+
+    "get_service_provider": "rule:regular_user",
+    "get_lsn": "rule:admin_only",
+    "create_lsn": "rule:admin_only"
+}
diff --git a/tools/misc-sanity-checks.sh b/tools/misc-sanity-checks.sh
index bc4d2eb01755996e883edc54f0d9b810980e139d..eeac227ed982229ed08b842e57e0bfe2dbc3101b 100644 (file)
--- a/tools/misc-sanity-checks.sh
+++ b/tools/misc-sanity-checks.sh
@@ -61,10 +61,23 @@ check_pot_files_errors () {
     fi
 }
 
+
+check_identical_policy_files () {
+    # For unit tests, we maintain their own policy.json file to make test suite
+    # independent of whether it's executed from the neutron source tree or from
+    # site-packages installation path. We don't want two copies of the same
+    # file to diverge, so checking that they are identical
+    diff etc/policy.json neutron/tests/etc/policy.json 2>&1 > /dev/null
+    if [ "$?" -ne 0 ]; then
+        echo "policy.json files must be identical!" >>$FAILURES
+    fi
+}
+
 # Add your checks here...
 check_opinionated_shell
 check_no_symlinks_allowed
 check_pot_files_errors
+check_identical_policy_files
 
 # Fail, if there are emitted failures
 if [ -f $FAILURES ]; then