openstack
/
heat
Code Issues Proposed changes

Fix missing policy enforcement in CFN API 

Currently the CreateStack and UpdateStack actions aren't correctly
enforcing the policy, so add calls to _enforce which fixes that,
and rework the test to illustrate the issue.

Change-Id: Ia5c2e65512ab9d1c163171f8617c081ab96745e5
Closes-Bug: #1256049
This commit is contained in:
Steven Hardy 2013-11-28 16:55:50 +00:00 committed by Jeremy Stanley
parent 3fc572eb9c
commit 944c8b13b1
2 changed files with 90 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
heat/api/cfn/v1/stacks.py
View File

@ -267,9 +267,11 @@ class StackController(object):
)
def create(self, req):
self._enforce(req, 'CreateStack')
return self.create_or_update(req, self.CREATE_STACK)
def update(self, req):
self._enforce(req, 'UpdateStack')
return self.create_or_update(req, self.UPDATE_STACK)
def create_or_update(self, req, action=None):

158
heat/tests/test_api_cfn_v1.py
View File

@ -37,6 +37,28 @@ class CfnStackControllerTest(HeatTestCase):
the endpoint processing API requests after they are routed
'''
def setUp(self):
super(CfnStackControllerTest, self).setUp()
opts = [
cfg.StrOpt('config_dir', default=policy_path),
cfg.StrOpt('config_file', default='foo'),
cfg.StrOpt('project', default='heat'),
]
cfg.CONF.register_opts(opts)
cfg.CONF.set_default('host', 'host')
self.topic = rpc_api.ENGINE_TOPIC
self.api_version = '1.0'
# Create WSGI controller instance
class DummyConfig():
bind_port = 8000
cfgopts = DummyConfig()
self.controller = stacks.StackController(options=cfgopts)
self.controller.policy.enforcer.policy_path = (policy_path +
'deny_stack_user.json')
self.addCleanup(self.m.VerifyAll)
def _dummy_GET_request(self, params={}):
# Mangle the params dict into a query string
qs = "&".join(["=".join([k, str(params[k])]) for k in params])
@ -45,6 +67,16 @@ class CfnStackControllerTest(HeatTestCase):
req.context = utils.dummy_context()
return req
def _stub_enforce(self, req, action, allowed=True):
self.m.StubOutWithMock(policy.Enforcer, 'enforce')
if allowed:
policy.Enforcer.enforce(req.context, action, {}
).AndReturn(True)
else:
policy.Enforcer.enforce(req.context, action, {}
).AndRaise(heat_exception.Forbidden)
self.m.ReplayAll()
# The tests
def test_stackid_addprefix(self):
self.m.ReplayAll()
@ -61,27 +93,21 @@ class CfnStackControllerTest(HeatTestCase):
expected = {'StackName': 'Foo',
'StackId': 'arn:openstack:heat::t:stacks/Foo/123'}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_enforce_default(self):
self.m.ReplayAll()
def test_enforce_ok(self):
params = {'Action': 'ListStacks'}
dummy_req = self._dummy_GET_request(params)
self.controller.policy.policy_path = None
self._stub_enforce(dummy_req, 'ListStacks')
response = self.controller._enforce(dummy_req, 'ListStacks')
self.assertEqual(response, None)
self.m.VerifyAll()
def test_enforce_denied(self):
self.m.ReplayAll()
params = {'Action': 'ListStacks'}
dummy_req = self._dummy_GET_request(params)
dummy_req.context.roles = ['heat_stack_user']
self.controller.policy.policy_path = (policy_path +
'deny_stack_user.json')
self._stub_enforce(dummy_req, 'ListStacks', False)
self.assertRaises(exception.HeatAccessDeniedError,
self.controller._enforce, dummy_req, 'ListStacks')
self.m.VerifyAll()
def test_enforce_ise(self):
params = {'Action': 'ListStacks'}
@ -93,16 +119,14 @@ class CfnStackControllerTest(HeatTestCase):
).AndRaise(AttributeError)
self.m.ReplayAll()
self.controller.policy.policy_path = (policy_path +
'deny_stack_user.json')
self.assertRaises(exception.HeatInternalFailureError,
self.controller._enforce, dummy_req, 'ListStacks')
self.m.VerifyAll()
def test_list(self):
# Format a dummy GET request to pass into the WSGI handler
params = {'Action': 'ListStacks'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ListStacks')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = [{u'stack_identity': {u'tenant': u't',
@ -143,6 +167,7 @@ class CfnStackControllerTest(HeatTestCase):
def test_list_rmt_aterr(self):
params = {'Action': 'ListStacks'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ListStacks')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -165,6 +190,7 @@ class CfnStackControllerTest(HeatTestCase):
def test_list_rmt_interr(self):
params = {'Action': 'ListStacks'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ListStacks')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -189,6 +215,7 @@ class CfnStackControllerTest(HeatTestCase):
identity = dict(identifier.HeatIdentifier('t', stack_name, '6'))
params = {'Action': 'DescribeStacks', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStacks')
# Stub out the RPC call to the engine with a pre-canned response
# Note the engine returns a load of keys we don't actually use
@ -270,7 +297,6 @@ class CfnStackControllerTest(HeatTestCase):
'LastUpdatedTime': u'2012-07-09T09:13:11Z'}]}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_describe_arn(self):
# Format a dummy GET request to pass into the WSGI handler
@ -280,6 +306,7 @@ class CfnStackControllerTest(HeatTestCase):
params = {'Action': 'DescribeStacks',
'StackName': stack_identifier.arn()}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStacks')
# Stub out the RPC call to the engine with a pre-canned response
# Note the engine returns a load of keys we don't actually use
@ -355,7 +382,6 @@ class CfnStackControllerTest(HeatTestCase):
'LastUpdatedTime': u'2012-07-09T09:13:11Z'}]}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_describe_arn_invalidtenant(self):
# Format a dummy GET request to pass into the WSGI handler
@ -365,6 +391,7 @@ class CfnStackControllerTest(HeatTestCase):
params = {'Action': 'DescribeStacks',
'StackName': stack_identifier.arn()}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStacks')
self.m.StubOutWithMock(rpc, 'call')
rpc.call(dummy_req.context, self.topic,
@ -379,13 +406,13 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.describe(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_describe_aterr(self):
stack_name = "wordpress"
identity = dict(identifier.HeatIdentifier('t', stack_name, '6'))
params = {'Action': 'DescribeStacks', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStacks')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -407,12 +434,12 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.describe(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_describe_bad_name(self):
stack_name = "wibble"
params = {'Action': 'DescribeStacks', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStacks')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -429,7 +456,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.describe(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_get_template_int_body(self):
'''Test the internal _get_template function.'''
@ -455,6 +481,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30', 'disable_rollback': 'true'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = {u'tenant': u't',
@ -486,7 +513,6 @@ class CfnStackControllerTest(HeatTestCase):
}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_create_rollback(self):
# Format a dummy request
@ -502,6 +528,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = {u'tenant': u't',
@ -533,7 +560,6 @@ class CfnStackControllerTest(HeatTestCase):
}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_create_onfailure_true(self):
# Format a dummy request
@ -549,6 +575,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30', 'disable_rollback': 'true'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = {u'tenant': u't',
@ -580,7 +607,6 @@ class CfnStackControllerTest(HeatTestCase):
}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_create_onfailure_false_delete(self):
# Format a dummy request
@ -596,6 +622,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = {u'tenant': u't',
@ -627,7 +654,6 @@ class CfnStackControllerTest(HeatTestCase):
}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_create_onfailure_false_rollback(self):
# Format a dummy request
@ -643,6 +669,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = {u'tenant': u't',
@ -674,7 +701,6 @@ class CfnStackControllerTest(HeatTestCase):
}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_create_onfailure_err(self):
# Format a dummy request
@ -691,6 +717,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
self.assertRaises(exception.HeatInvalidParameterCombinationError,
self.controller.create, dummy_req)
@ -700,6 +727,7 @@ class CfnStackControllerTest(HeatTestCase):
stack_name = "wordpress"
params = {'Action': 'CreateStack', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
result = self.controller.create(dummy_req)
self.assertEqual(type(result), exception.HeatMissingParameterError)
@ -711,6 +739,7 @@ class CfnStackControllerTest(HeatTestCase):
params = {'Action': 'CreateStack', 'StackName': stack_name,
'TemplateBody': '%s' % json_template}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
result = self.controller.create(dummy_req)
self.assertEqual(type(result),
@ -730,10 +759,14 @@ class CfnStackControllerTest(HeatTestCase):
engine_args = {'timeout_mins': u'30'}
dummy_req = self._dummy_GET_request(params)
self.m.StubOutWithMock(policy.Enforcer, 'enforce')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
self.m.StubOutWithMock(rpc, 'call')
policy.Enforcer.enforce(dummy_req.context, 'CreateStack', {}
).AndReturn(True)
rpc.call(dummy_req.context, self.topic,
{'namespace': None,
'method': 'create_stack',
@ -744,6 +777,9 @@ class CfnStackControllerTest(HeatTestCase):
'args': engine_args},
'version': self.api_version}, None
).AndRaise(AttributeError())
policy.Enforcer.enforce(dummy_req.context, 'CreateStack', {}
).AndReturn(True)
rpc.call(dummy_req.context, self.topic,
{'namespace': None,
'method': 'create_stack',
@ -754,6 +790,9 @@ class CfnStackControllerTest(HeatTestCase):
'args': engine_args},
'version': self.api_version}, None
).AndRaise(heat_exception.UnknownUserParameter())
policy.Enforcer.enforce(dummy_req.context, 'CreateStack', {}
).AndReturn(True)
rpc.call(dummy_req.context, self.topic,
{'namespace': None,
'method': 'create_stack',
@ -782,8 +821,6 @@ class CfnStackControllerTest(HeatTestCase):
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_create_err_exists(self):
# Format a dummy request
stack_name = "wordpress"
@ -797,6 +834,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -819,7 +857,6 @@ class CfnStackControllerTest(HeatTestCase):
self.assertEqual(type(result),
exception.AlreadyExistsError)
self.m.VerifyAll()
def test_create_err_engine(self):
# Format a dummy request
@ -834,6 +871,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {'timeout_mins': u'30'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'CreateStack')
# Stub out the RPC call to the engine with a pre-canned response
self.m.StubOutWithMock(rpc, 'call')
@ -856,7 +894,6 @@ class CfnStackControllerTest(HeatTestCase):
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_update(self):
# Format a dummy request
@ -870,6 +907,7 @@ class CfnStackControllerTest(HeatTestCase):
engine_parms = {u'InstanceType': u'm1.xlarge'}
engine_args = {}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'UpdateStack')
# Stub out the RPC call to the engine with a pre-canned response
identity = dict(identifier.HeatIdentifier('t', stack_name, '1'))
@ -905,7 +943,6 @@ class CfnStackControllerTest(HeatTestCase):
}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_update_bad_name(self):
stack_name = "wibble"
@ -916,6 +953,7 @@ class CfnStackControllerTest(HeatTestCase):
'Parameters.member.1.ParameterKey': 'InstanceType',
'Parameters.member.1.ParameterValue': 'm1.xlarge'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'UpdateStack')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -932,7 +970,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.update(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_create_or_update_err(self):
result = self.controller.create_or_update(req={}, action="dsdgfdf")
@ -945,6 +982,7 @@ class CfnStackControllerTest(HeatTestCase):
template = {u'Foo': u'bar'}
params = {'Action': 'GetTemplate', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'GetTemplate')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = template
@ -970,7 +1008,6 @@ class CfnStackControllerTest(HeatTestCase):
{'TemplateBody': template}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_get_template_err_rpcerr(self):
stack_name = "wordpress"
@ -978,6 +1015,7 @@ class CfnStackControllerTest(HeatTestCase):
template = {u'Foo': u'bar'}
params = {'Action': 'GetTemplate', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'GetTemplate')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -1000,12 +1038,12 @@ class CfnStackControllerTest(HeatTestCase):
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_get_template_bad_name(self):
stack_name = "wibble"
params = {'Action': 'GetTemplate', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'GetTemplate')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -1022,7 +1060,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.get_template(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_get_template_err_none(self):
stack_name = "wordpress"
@ -1030,6 +1067,7 @@ class CfnStackControllerTest(HeatTestCase):
template = {u'Foo': u'bar'}
params = {'Action': 'GetTemplate', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'GetTemplate')
# Stub out the RPC call to the engine to return None
# this test the "no such stack" error path
@ -1053,13 +1091,13 @@ class CfnStackControllerTest(HeatTestCase):
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_validate_err_no_template(self):
# Format a dummy request with a missing template field
stack_name = "wordpress"
params = {'Action': 'ValidateTemplate'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ValidateTemplate')
result = self.controller.validate_template(dummy_req)
self.assertEqual(type(result), exception.HeatMissingParameterError)
@ -1070,6 +1108,7 @@ class CfnStackControllerTest(HeatTestCase):
params = {'Action': 'ValidateTemplate',
'TemplateBody': '%s' % json_template}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ValidateTemplate')
result = self.controller.validate_template(dummy_req)
self.assertEqual(type(result),
@ -1090,6 +1129,7 @@ class CfnStackControllerTest(HeatTestCase):
response = {'Error': 'Resources must contain Resource. '
'Found a [string] instead'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ValidateTemplate')
# Stub out the RPC call to the engine with a pre-canned response
self.m.StubOutWithMock(rpc, 'call')
@ -1107,7 +1147,6 @@ class CfnStackControllerTest(HeatTestCase):
'Resources must contain Resource. '
'Found a [string] instead'}}
self.assertEqual(expected, response)
self.m.VerifyAll()
def test_delete(self):
# Format a dummy request
@ -1115,6 +1154,7 @@ class CfnStackControllerTest(HeatTestCase):
identity = dict(identifier.HeatIdentifier('t', stack_name, '1'))
params = {'Action': 'DeleteStack', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DeleteStack')
# Stub out the RPC call to the engine with a pre-canned response
self.m.StubOutWithMock(rpc, 'call')
@ -1137,13 +1177,13 @@ class CfnStackControllerTest(HeatTestCase):
expected = {'DeleteStackResponse': {'DeleteStackResult': ''}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_delete_err_rpcerr(self):
stack_name = "wordpress"
identity = dict(identifier.HeatIdentifier('t', stack_name, '1'))
params = {'Action': 'DeleteStack', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DeleteStack')
# Stub out the RPC call to the engine with a pre-canned response
self.m.StubOutWithMock(rpc, 'call')
@ -1168,12 +1208,12 @@ class CfnStackControllerTest(HeatTestCase):
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_delete_bad_name(self):
stack_name = "wibble"
params = {'Action': 'DeleteStack', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DeleteStack')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -1190,7 +1230,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.delete(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_events_list(self):
# Format a dummy request
@ -1198,6 +1237,7 @@ class CfnStackControllerTest(HeatTestCase):
identity = dict(identifier.HeatIdentifier('t', stack_name, '6'))
params = {'Action': 'DescribeStackEvents', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackEvents')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = [{u'stack_name': u'wordpress',
@ -1251,13 +1291,13 @@ class CfnStackControllerTest(HeatTestCase):
'LogicalResourceId': u'WikiDatabase'}]}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_events_list_err_rpcerr(self):
stack_name = "wordpress"
identity = dict(identifier.HeatIdentifier('t', stack_name, '6'))
params = {'Action': 'DescribeStackEvents', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackEvents')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -1279,12 +1319,12 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.events_list(dummy_req)
self.assertEqual(type(result), exception.HeatInternalFailureError)
self.m.VerifyAll()
def test_events_list_bad_name(self):
stack_name = "wibble"
params = {'Action': 'DescribeStackEvents', 'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackEvents')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -1301,7 +1341,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.events_list(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_describe_stack_resource(self):
# Format a dummy request
@ -1311,6 +1350,7 @@ class CfnStackControllerTest(HeatTestCase):
'StackName': stack_name,
'LogicalResourceId': "WikiDatabase"}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResource')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = {u'description': u'',
@ -1371,7 +1411,6 @@ class CfnStackControllerTest(HeatTestCase):
'LogicalResourceId': u'WikiDatabase'}}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_describe_stack_resource_nonexistent_stack(self):
# Format a dummy request
@ -1381,6 +1420,7 @@ class CfnStackControllerTest(HeatTestCase):
'StackName': stack_name,
'LogicalResourceId': "WikiDatabase"}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResource')
# Stub out the RPC call to the engine with a pre-canned response
self.m.StubOutWithMock(rpc, 'call')
@ -1396,7 +1436,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.describe_stack_resource(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_describe_stack_resource_nonexistent(self):
# Format a dummy request
@ -1406,6 +1445,7 @@ class CfnStackControllerTest(HeatTestCase):
'StackName': stack_name,
'LogicalResourceId': "wibble"}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResource')
# Stub out the RPC call to the engine with a pre-canned response
self.m.StubOutWithMock(rpc, 'call')
@ -1430,7 +1470,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.describe_stack_resource(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_describe_stack_resources(self):
# Format a dummy request
@ -1440,6 +1479,7 @@ class CfnStackControllerTest(HeatTestCase):
'StackName': stack_name,
'LogicalResourceId': "WikiDatabase"}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResources')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = [{u'description': u'',
@ -1499,7 +1539,6 @@ class CfnStackControllerTest(HeatTestCase):
'LogicalResourceId': u'WikiDatabase'}]}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_describe_stack_resources_bad_name(self):
stack_name = "wibble"
@ -1507,6 +1546,7 @@ class CfnStackControllerTest(HeatTestCase):
'StackName': stack_name,
'LogicalResourceId': "WikiDatabase"}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResources')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -1523,7 +1563,6 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.describe_stack_resources(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_describe_stack_resources_physical(self):
# Format a dummy request
@ -1533,6 +1572,7 @@ class CfnStackControllerTest(HeatTestCase):
'LogicalResourceId': "WikiDatabase",
'PhysicalResourceId': 'a3455d8c-9f88-404d-a85b-5315293e67de'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResources')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = [{u'description': u'',
@ -1593,7 +1633,6 @@ class CfnStackControllerTest(HeatTestCase):
'LogicalResourceId': u'WikiDatabase'}]}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_describe_stack_resources_physical_not_found(self):
# Format a dummy request
@ -1603,6 +1642,7 @@ class CfnStackControllerTest(HeatTestCase):
'LogicalResourceId': "WikiDatabase",
'PhysicalResourceId': 'aaaaaaaa-9f88-404d-cccc-ffffffffffff'}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResources')
# Stub out the RPC call to the engine with a pre-canned response
self.m.StubOutWithMock(rpc, 'call')
@ -1621,7 +1661,6 @@ class CfnStackControllerTest(HeatTestCase):
self.assertEqual(type(response),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def test_describe_stack_resources_err_inval(self):
# Format a dummy request containing both StackName and
@ -1632,10 +1671,10 @@ class CfnStackControllerTest(HeatTestCase):
'StackName': stack_name,
'PhysicalResourceId': "123456"}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'DescribeStackResources')
ret = self.controller.describe_stack_resources(dummy_req)
self.assertEqual(type(ret),
exception.HeatInvalidParameterCombinationError)
self.m.VerifyAll()
def test_list_stack_resources(self):
# Format a dummy request
@ -1644,6 +1683,7 @@ class CfnStackControllerTest(HeatTestCase):
params = {'Action': 'ListStackResources',
'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ListStackResources')
# Stub out the RPC call to the engine with a pre-canned response
engine_resp = [{u'resource_identity':
@ -1692,13 +1732,13 @@ class CfnStackControllerTest(HeatTestCase):
'LogicalResourceId': u'WikiDatabase'}]}}}
self.assertEqual(response, expected)
self.m.VerifyAll()
def test_list_stack_resources_bad_name(self):
stack_name = "wibble"
params = {'Action': 'ListStackResources',
'StackName': stack_name}
dummy_req = self._dummy_GET_request(params)
self._stub_enforce(dummy_req, 'ListStackResources')
# Insert an engine RPC error and ensure we map correctly to the
# heat exception type
@ -1715,25 +1755,3 @@ class CfnStackControllerTest(HeatTestCase):
result = self.controller.list_stack_resources(dummy_req)
self.assertEqual(type(result),
exception.HeatInvalidParameterValueError)
self.m.VerifyAll()
def setUp(self):
super(CfnStackControllerTest, self).setUp()
opts = [
cfg.StrOpt('config_dir', default=policy_path),
cfg.StrOpt('config_file', default='foo'),
cfg.StrOpt('project', default='heat'),
]
cfg.CONF.register_opts(opts)
cfg.CONF.set_default('host', 'host')
self.topic = rpc_api.ENGINE_TOPIC
self.api_version = '1.0'
# Create WSGI controller instance
class DummyConfig():
bind_port = 8000
cfgopts = DummyConfig()
self.controller = stacks.StackController(options=cfgopts)
self.controller.policy.enforcer.policy_path = (policy_path +
'deny_stack_user.json')