Fix AccessPolicy update with added resources
This adds a test exposing bug #1286307 and moves the check for resources being present from AccessPolicy's handle_create to check_create_complete. This defers the check to a later point where the referenced resources are present. Change-Id: I47573812a3f80f3ae5b858cca486ec5826f606fd Closes-Bug: #1286307
This commit is contained in:
parent
ffe0af0e94
commit
b509812ea7
|
@ -318,14 +318,19 @@ class AccessPolicy(resource.Resource):
|
|||
}
|
||||
|
||||
def handle_create(self):
|
||||
pass
|
||||
|
||||
def validate(self):
|
||||
"""Make sure all the AllowedResources are present."""
|
||||
super(AccessPolicy, self).validate()
|
||||
|
||||
resources = self.properties[self.ALLOWED_RESOURCES]
|
||||
# All of the provided resource names must exist in this stack
|
||||
for resource in resources:
|
||||
if resource not in self.stack:
|
||||
logger.error(_("AccessPolicy resource %s not in stack") %
|
||||
resource)
|
||||
raise exception.ResourceNotFound(resource_name=resource,
|
||||
stack_name=self.stack.name)
|
||||
msg = _("AccessPolicy resource %s not in stack") % resource
|
||||
logger.error(msg)
|
||||
raise exception.StackValidationFailed(message=msg)
|
||||
|
||||
def access_allowed(self, resource_name):
|
||||
return resource_name in self.properties[self.ALLOWED_RESOURCES]
|
||||
|
|
|
@ -1025,6 +1025,41 @@ class StackTest(HeatTestCase):
|
|||
self.stack.update(newstack)
|
||||
self.assertIsNotNone(self.stack.updated_time)
|
||||
|
||||
@utils.stack_delete_after
|
||||
def test_access_policy_update(self):
|
||||
tmpl = {'Resources': {
|
||||
'R1': {'Type': 'GenericResourceType'},
|
||||
'Policy': {
|
||||
'Type': 'OS::Heat::AccessPolicy',
|
||||
'Properties': {
|
||||
'AllowedResources': ['R1'],
|
||||
},
|
||||
}}}
|
||||
|
||||
self.stack = parser.Stack(self.ctx, 'update_stack_access_policy_test',
|
||||
template.Template(tmpl))
|
||||
self.stack.store()
|
||||
self.stack.create()
|
||||
self.assertEqual((parser.Stack.CREATE, parser.Stack.COMPLETE),
|
||||
self.stack.state)
|
||||
|
||||
tmpl2 = {'Resources': {
|
||||
'R1': {'Type': 'GenericResourceType'},
|
||||
'R2': {'Type': 'GenericResourceType'},
|
||||
'Policy': {
|
||||
'Type': 'OS::Heat::AccessPolicy',
|
||||
'Properties': {
|
||||
'AllowedResources': ['R1', 'R2'],
|
||||
},
|
||||
}}}
|
||||
|
||||
updated_stack = parser.Stack(self.ctx, 'updated_stack',
|
||||
template.Template(tmpl2))
|
||||
|
||||
self.stack.update(updated_stack)
|
||||
self.assertEqual((parser.Stack.UPDATE, parser.Stack.COMPLETE),
|
||||
self.stack.state)
|
||||
|
||||
@utils.stack_delete_after
|
||||
def test_delete(self):
|
||||
self.stack = parser.Stack(self.ctx, 'delete_test',
|
||||
|
|
|
@ -426,10 +426,7 @@ class AccessPolicyTest(UserPolicyTestCase):
|
|||
'NoExistResource']
|
||||
stack = utils.parse_stack(t)
|
||||
|
||||
rsrc = user.AccessPolicy(resource_name,
|
||||
t['Resources'][resource_name],
|
||||
stack)
|
||||
self.assertRaises(exception.ResourceNotFound, rsrc.handle_create)
|
||||
self.assertRaises(exception.StackValidationFailed, stack.validate)
|
||||
|
||||
def test_accesspolicy_update(self):
|
||||
t = template_format.parse(user_policy_template)
|
||||
|
|
Loading…
Reference in New Issue