Merge "Correct the check_str and pass actual target in FIP pools policy"

2020-08-13 22:21:55 +00:00 · 2020-08-13 22:21:55 +00:00 · 2e2e8a0420
parent e85792726d f1d4d9762c
commit 2e2e8a0420
4 changed files with 10 additions and 3 deletions
--- a/nova/api/openstack/compute/floating_ip_pools.py
+++ b/nova/api/openstack/compute/floating_ip_pools.py
@ -44,6 +44,6 @@ class FloatingIPPoolsController(wsgi.Controller):
    def index(self, req):
        """Return a list of pools."""
        context = req.environ['nova.context']
-        context.can(fip_policies.BASE_POLICY_NAME)
+        context.can(fip_policies.BASE_POLICY_NAME, target={})
        pools = self.network_api.get_floating_ip_pools(context)
        return _translate_floating_ip_pools_view(pools)
--- a/nova/policies/floating_ip_pools.py
+++ b/nova/policies/floating_ip_pools.py
@ -24,7 +24,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ip-pools'
 floating_ip_pools_policies = [
    policy.DocumentedRuleDefault(
        name=BASE_POLICY_NAME,
-        check_str=base.RULE_ADMIN_OR_OWNER,
+        check_str=base.RULE_ANY,
        description="List floating IP pools. This API is deprecated.",
        operations=[
            {
--- a/nova/tests/unit/policies/test_floating_ip_pools.py
+++ b/nova/tests/unit/policies/test_floating_ip_pools.py
@ -65,3 +65,10 @@ class FloatingIPPoolsScopeTypePolicyTest(FloatingIPPoolsPolicyTest):
    def setUp(self):
        super(FloatingIPPoolsScopeTypePolicyTest, self).setUp()
        self.flags(enforce_scope=True, group="oslo_policy")
+
+
+class FloatingIPPoolsNoLegacyPolicyTest(FloatingIPPoolsScopeTypePolicyTest):
+    """Test Floating IP Pools APIs policies with system scope enabled,
+    and no more deprecated rules.
+    """
+    without_deprecated_rules = True
--- a/nova/tests/unit/test_policy.py
+++ b/nova/tests/unit/test_policy.py
@ -427,7 +427,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
 "os_compute_api:os-flavor-access",
 "os_compute_api:os-flavor-extra-specs:index",
 "os_compute_api:os-flavor-extra-specs:show",
-"os_compute_api:os-floating-ip-pools",
 "os_compute_api:os-floating-ips",
 "os_compute_api:os-multinic:add",
 "os_compute_api:os-multinic:remove",
@ -465,6 +464,7 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
 "os_compute_api:os-quota-sets:defaults",
 "os_compute_api:os-availability-zone:list",
 "os_compute_api:limits",
+"os_compute_api:os-floating-ip-pools",
 )

        self.system_reader_rules = (