2196
2196
res = req.get_response(self.api)
2197
2197
self.assertEquals(res.status_int, 403)
2199
def test_add_public_image_unauthorized(self):
2200
rules = {"add_image": [], "publicize_image": [["false:false"]]}
2201
self.set_policy_rules(rules)
2202
fixture_headers = {'x-image-meta-store': 'file',
2203
'x-image-meta-is-public': 'true',
2204
'x-image-meta-disk-format': 'vhd',
2205
'x-image-meta-container-format': 'ovf',
2206
'x-image-meta-name': 'fake image #3'}
2208
req = webob.Request.blank("/images")
2210
for k, v in fixture_headers.iteritems():
2213
req.headers['Content-Type'] = 'application/octet-stream'
2214
req.body = "chunk00000remainder"
2215
res = req.get_response(self.api)
2216
self.assertEquals(res.status_int, 403)
2199
2218
def _do_test_post_image_content_missing_format(self, missing):
2200
2219
"""Tests creation of an image with missing format"""
2201
2220
fixture_headers = {'x-image-meta-store': 'file',
2405
2424
"Did not find required property in headers. "
2406
2425
"Got headers: %r" % res.headers)
2427
def test_publicize_image_unauthorized(self):
2428
"""Create a non-public image then fail to make public"""
2429
rules = {"add_image": [], "publicize_image": [["false:false"]]}
2430
self.set_policy_rules(rules)
2432
fixture_headers = {'x-image-meta-store': 'file',
2433
'x-image-meta-disk-format': 'vhd',
2434
'x-image-meta-is-public': 'false',
2435
'x-image-meta-container-format': 'ovf',
2436
'x-image-meta-name': 'fake image #3'}
2438
req = webob.Request.blank("/images")
2440
for k, v in fixture_headers.iteritems():
2442
res = req.get_response(self.api)
2443
self.assertEquals(res.status_int, httplib.CREATED)
2445
res_body = json.loads(res.body)['image']
2446
req = webob.Request.blank("/images/%s" % res_body['id'])
2448
req.headers['x-image-meta-is-public'] = 'true'
2449
res = req.get_response(self.api)
2450
self.assertEquals(res.status_int, 403)
2408
2452
def test_get_index_sort_name_asc(self):
2410
2454
Tests that the /images registry API returns list of
3055
3099
self.serializer.image_send_notification(17, 19, image_meta, req)
3057
3101
self.assertTrue(called['notified'])
3104
class TestContextMiddleware(base.IsolatedUnitTest):
3105
def _build_request(self, roles=None):
3106
req = webob.Request.blank('/')
3107
req.headers['x-auth-token'] = 'token1'
3108
req.headers['x-identity-status'] = 'Confirmed'
3109
req.headers['x-user-id'] = 'user1'
3110
req.headers['x-tenant-id'] = 'tenant1'
3111
_roles = roles or ['role1', 'role2']
3112
req.headers['x-roles'] = ','.join(_roles)
3115
def _build_middleware(self, **extra_config):
3116
for k, v in extra_config.items():
3117
setattr(self.conf, k, v)
3118
return context.ContextMiddleware(None, self.conf)
3120
def test_header_parsing(self):
3121
req = self._build_request()
3122
self._build_middleware().process_request(req)
3123
self.assertEqual(req.context.auth_tok, 'token1')
3124
self.assertEqual(req.context.user, 'user1')
3125
self.assertEqual(req.context.tenant, 'tenant1')
3126
self.assertEqual(req.context.roles, ['role1', 'role2'])
3128
def test_is_admin_flag(self):
3129
# is_admin check should look for 'admin' role by default
3130
req = self._build_request(roles=['admin', 'role2'])
3131
self._build_middleware().process_request(req)
3132
self.assertTrue(req.context.is_admin)
3134
# without the 'admin' role, is_admin shoud be False
3135
req = self._build_request()
3136
self._build_middleware().process_request(req)
3137
self.assertFalse(req.context.is_admin)
3139
# if we change the admin_role attribute, we should be able to use it
3140
req = self._build_request()
3141
self._build_middleware(admin_role='role1').process_request(req)
3142
self.assertTrue(req.context.is_admin)