1
From 9231a132f79f8427d410a8ef165b674578addac3 Mon Sep 17 00:00:00 2001
2
From: Ihar Hrachyshka <ihrachys@redhat.com>
3
Date: Wed, 18 Mar 2015 14:21:57 +0100
4
Subject: [PATCH] tests: don't rely on configuration files outside tests
7
etc/... may be non existent in some build environments. It's also pip
8
does not install those files under site-packages neutron module, so
9
paths relative to python files don't work.
11
So instead of using relative paths to etc/... contents, maintain our own
12
version of configuration files. It means we need to maintain tests only
13
policy.json file too, in addition to neutron.conf.test and
16
Ideally, we would make etc/policy.json copied under site-packages in
17
addition to /etc/neutron/. In that way, we would not maintain a copy of
18
policy.json file in two places.
20
Though it seems that setuputils does not have a good way to install
21
files under site-packages that would consider all the differences
22
between python environments (specifically, different prefixes used in
25
Note: it's not *absolutely* needed to update the test policy.json file
26
on each next policy update, though it will be needed in cases when we
27
want to test policy changes in unit tests. So adding a check to make
28
sure files are identical.
30
This partially reverts commit 1404f33b50452d4c0e0ef8c748011ce80303c2fd.
36
Change-Id: If1f5ebd981cf06558d5102524211799676068889
38
neutron/tests/base.py | 13 ++--
39
neutron/tests/etc/policy.json | 147 ++++++++++++++++++++++++++++++++++++++++++
40
tools/misc-sanity-checks.sh | 13 ++++
41
3 files changed, 164 insertions(+), 9 deletions(-)
42
create mode 100644 neutron/tests/etc/policy.json
44
diff --git a/neutron/tests/base.py b/neutron/tests/base.py
45
index 6886af9..d8bc0ce 100644
46
--- a/neutron/tests/base.py
47
+++ b/neutron/tests/base.py
48
@@ -42,12 +42,12 @@ CONF = cfg.CONF
49
CONF.import_opt('state_path', 'neutron.common.config')
50
LOG_FORMAT = sub_base.LOG_FORMAT
52
-ROOT_DIR = os.path.join(os.path.dirname(__file__), '..', '..')
53
-TEST_ROOT_DIR = os.path.dirname(__file__)
54
+ROOTDIR = os.path.dirname(__file__)
55
+ETCDIR = os.path.join(ROOTDIR, 'etc')
58
-def etcdir(filename, root=TEST_ROOT_DIR):
59
- return os.path.join(root, 'etc', filename)
61
+ return os.path.join(ETCDIR, *p)
64
def fake_use_fatal_exceptions(*args):
65
@@ -69,11 +69,6 @@ class BaseTestCase(sub_base.SubBaseTestCase):
66
# neutron.conf.test includes rpc_backend which needs to be cleaned up
68
args = ['--config-file', etcdir('neutron.conf.test')]
69
- # this is needed to add ROOT_DIR to the list of paths that oslo.config
70
- # will try to traverse when searching for a new config file (it's
71
- # needed so that policy module can locate policy_file)
72
- args += ['--config-file', etcdir('neutron.conf', root=ROOT_DIR)]
75
config.init(args=args)
77
diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json
79
index 0000000..4fc6c1c
81
+++ b/neutron/tests/etc/policy.json
84
+ "context_is_admin": "role:admin",
85
+ "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
86
+ "context_is_advsvc": "role:advsvc",
87
+ "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
88
+ "admin_only": "rule:context_is_admin",
90
+ "shared": "field:networks:shared=True",
91
+ "shared_firewalls": "field:firewalls:shared=True",
92
+ "shared_firewall_policies": "field:firewall_policies:shared=True",
93
+ "external": "field:networks:router:external=True",
94
+ "default": "rule:admin_or_owner",
96
+ "create_subnet": "rule:admin_or_network_owner",
97
+ "get_subnet": "rule:admin_or_owner or rule:shared",
98
+ "update_subnet": "rule:admin_or_network_owner",
99
+ "delete_subnet": "rule:admin_or_network_owner",
101
+ "create_network": "",
102
+ "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
103
+ "get_network:router:external": "rule:regular_user",
104
+ "get_network:segments": "rule:admin_only",
105
+ "get_network:provider:network_type": "rule:admin_only",
106
+ "get_network:provider:physical_network": "rule:admin_only",
107
+ "get_network:provider:segmentation_id": "rule:admin_only",
108
+ "get_network:queue_id": "rule:admin_only",
109
+ "create_network:shared": "rule:admin_only",
110
+ "create_network:router:external": "rule:admin_only",
111
+ "create_network:segments": "rule:admin_only",
112
+ "create_network:provider:network_type": "rule:admin_only",
113
+ "create_network:provider:physical_network": "rule:admin_only",
114
+ "create_network:provider:segmentation_id": "rule:admin_only",
115
+ "update_network": "rule:admin_or_owner",
116
+ "update_network:segments": "rule:admin_only",
117
+ "update_network:shared": "rule:admin_only",
118
+ "update_network:provider:network_type": "rule:admin_only",
119
+ "update_network:provider:physical_network": "rule:admin_only",
120
+ "update_network:provider:segmentation_id": "rule:admin_only",
121
+ "update_network:router:external": "rule:admin_only",
122
+ "delete_network": "rule:admin_or_owner",
125
+ "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
126
+ "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
127
+ "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
128
+ "create_port:binding:host_id": "rule:admin_only",
129
+ "create_port:binding:profile": "rule:admin_only",
130
+ "create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
131
+ "get_port": "rule:admin_or_owner or rule:context_is_advsvc",
132
+ "get_port:queue_id": "rule:admin_only",
133
+ "get_port:binding:vif_type": "rule:admin_only",
134
+ "get_port:binding:vif_details": "rule:admin_only",
135
+ "get_port:binding:host_id": "rule:admin_only",
136
+ "get_port:binding:profile": "rule:admin_only",
137
+ "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
138
+ "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
139
+ "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
140
+ "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
141
+ "update_port:binding:host_id": "rule:admin_only",
142
+ "update_port:binding:profile": "rule:admin_only",
143
+ "update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
144
+ "delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
146
+ "get_router:ha": "rule:admin_only",
147
+ "create_router": "rule:regular_user",
148
+ "create_router:external_gateway_info:enable_snat": "rule:admin_only",
149
+ "create_router:distributed": "rule:admin_only",
150
+ "create_router:ha": "rule:admin_only",
151
+ "get_router": "rule:admin_or_owner",
152
+ "get_router:distributed": "rule:admin_only",
153
+ "update_router:external_gateway_info:enable_snat": "rule:admin_only",
154
+ "update_router:distributed": "rule:admin_only",
155
+ "update_router:ha": "rule:admin_only",
156
+ "delete_router": "rule:admin_or_owner",
158
+ "add_router_interface": "rule:admin_or_owner",
159
+ "remove_router_interface": "rule:admin_or_owner",
161
+ "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
162
+ "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
164
+ "create_firewall": "",
165
+ "get_firewall": "rule:admin_or_owner",
166
+ "create_firewall:shared": "rule:admin_only",
167
+ "get_firewall:shared": "rule:admin_only",
168
+ "update_firewall": "rule:admin_or_owner",
169
+ "update_firewall:shared": "rule:admin_only",
170
+ "delete_firewall": "rule:admin_or_owner",
172
+ "create_firewall_policy": "",
173
+ "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
174
+ "create_firewall_policy:shared": "rule:admin_or_owner",
175
+ "update_firewall_policy": "rule:admin_or_owner",
176
+ "delete_firewall_policy": "rule:admin_or_owner",
178
+ "create_firewall_rule": "",
179
+ "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
180
+ "update_firewall_rule": "rule:admin_or_owner",
181
+ "delete_firewall_rule": "rule:admin_or_owner",
183
+ "create_qos_queue": "rule:admin_only",
184
+ "get_qos_queue": "rule:admin_only",
186
+ "update_agent": "rule:admin_only",
187
+ "delete_agent": "rule:admin_only",
188
+ "get_agent": "rule:admin_only",
190
+ "create_dhcp-network": "rule:admin_only",
191
+ "delete_dhcp-network": "rule:admin_only",
192
+ "get_dhcp-networks": "rule:admin_only",
193
+ "create_l3-router": "rule:admin_only",
194
+ "delete_l3-router": "rule:admin_only",
195
+ "get_l3-routers": "rule:admin_only",
196
+ "get_dhcp-agents": "rule:admin_only",
197
+ "get_l3-agents": "rule:admin_only",
198
+ "get_loadbalancer-agent": "rule:admin_only",
199
+ "get_loadbalancer-pools": "rule:admin_only",
200
+ "get_agent-loadbalancers": "rule:admin_only",
201
+ "get_loadbalancer-hosting-agent": "rule:admin_only",
203
+ "create_floatingip": "rule:regular_user",
204
+ "create_floatingip:floating_ip_address": "rule:admin_only",
205
+ "update_floatingip": "rule:admin_or_owner",
206
+ "delete_floatingip": "rule:admin_or_owner",
207
+ "get_floatingip": "rule:admin_or_owner",
209
+ "create_network_profile": "rule:admin_only",
210
+ "update_network_profile": "rule:admin_only",
211
+ "delete_network_profile": "rule:admin_only",
212
+ "get_network_profiles": "",
213
+ "get_network_profile": "",
214
+ "update_policy_profiles": "rule:admin_only",
215
+ "get_policy_profiles": "",
216
+ "get_policy_profile": "",
218
+ "create_metering_label": "rule:admin_only",
219
+ "delete_metering_label": "rule:admin_only",
220
+ "get_metering_label": "rule:admin_only",
222
+ "create_metering_label_rule": "rule:admin_only",
223
+ "delete_metering_label_rule": "rule:admin_only",
224
+ "get_metering_label_rule": "rule:admin_only",
226
+ "get_service_provider": "rule:regular_user",
227
+ "get_lsn": "rule:admin_only",
228
+ "create_lsn": "rule:admin_only"
230
diff --git a/tools/misc-sanity-checks.sh b/tools/misc-sanity-checks.sh
231
index bc4d2eb..eeac227 100644
232
--- a/tools/misc-sanity-checks.sh
233
+++ b/tools/misc-sanity-checks.sh
234
@@ -61,10 +61,23 @@ check_pot_files_errors () {
239
+check_identical_policy_files () {
240
+ # For unit tests, we maintain their own policy.json file to make test suite
241
+ # independent of whether it's executed from the neutron source tree or from
242
+ # site-packages installation path. We don't want two copies of the same
243
+ # file to diverge, so checking that they are identical
244
+ diff etc/policy.json neutron/tests/etc/policy.json 2>&1 > /dev/null
245
+ if [ "$?" -ne 0 ]; then
246
+ echo "policy.json files must be identical!" >>$FAILURES
250
# Add your checks here...
251
check_opinionated_shell
252
check_no_symlinks_allowed
253
check_pot_files_errors
254
+check_identical_policy_files
256
# Fail, if there are emitted failures
257
if [ -f $FAILURES ]; then