Fix AccessPolicy update with added resources

This adds a test exposing bug #1286307 and moves the check for resources being present from AccessPolicy's handle_create to check_create_complete. This defers the check to a later point where the referenced resources are present. Change-Id: I47573812a3f80f3ae5b858cca486ec5826f606fd Closes-Bug: #1286307
2014-03-06 09:23:08 -05:00 · 2014-03-06 09:23:08 -05:00 · b509812ea7
parent ffe0af0e94
commit b509812ea7
3 changed files with 45 additions and 8 deletions
--- a/heat/engine/resources/user.py
+++ b/heat/engine/resources/user.py
@ -318,14 +318,19 @@ class AccessPolicy(resource.Resource):
    }

    def handle_create(self):
+        pass
+
+    def validate(self):
+        """Make sure all the AllowedResources are present."""
+        super(AccessPolicy, self).validate()
+
        resources = self.properties[self.ALLOWED_RESOURCES]
        # All of the provided resource names must exist in this stack
        for resource in resources:
            if resource not in self.stack:
-                logger.error(_("AccessPolicy resource %s not in stack") %
-                             resource)
-                raise exception.ResourceNotFound(resource_name=resource,
-                                                 stack_name=self.stack.name)
+                msg = _("AccessPolicy resource %s not in stack") % resource
+                logger.error(msg)
+                raise exception.StackValidationFailed(message=msg)

    def access_allowed(self, resource_name):
        return resource_name in self.properties[self.ALLOWED_RESOURCES]
--- a/heat/tests/test_parser.py
+++ b/heat/tests/test_parser.py
@ -1025,6 +1025,41 @@ class StackTest(HeatTestCase):
        self.stack.update(newstack)
        self.assertIsNotNone(self.stack.updated_time)

+    @utils.stack_delete_after
+    def test_access_policy_update(self):
+        tmpl = {'Resources': {
+                'R1': {'Type': 'GenericResourceType'},
+                'Policy': {
+                    'Type': 'OS::Heat::AccessPolicy',
+                    'Properties': {
+                        'AllowedResources': ['R1'],
+                    },
+                }}}
+
+        self.stack = parser.Stack(self.ctx, 'update_stack_access_policy_test',
+                                  template.Template(tmpl))
+        self.stack.store()
+        self.stack.create()
+        self.assertEqual((parser.Stack.CREATE, parser.Stack.COMPLETE),
+                         self.stack.state)
+
+        tmpl2 = {'Resources': {
+                 'R1': {'Type': 'GenericResourceType'},
+                 'R2': {'Type': 'GenericResourceType'},
+                 'Policy': {
+                     'Type': 'OS::Heat::AccessPolicy',
+                     'Properties': {
+                         'AllowedResources': ['R1', 'R2'],
+                     },
+                 }}}
+
+        updated_stack = parser.Stack(self.ctx, 'updated_stack',
+                                     template.Template(tmpl2))
+
+        self.stack.update(updated_stack)
+        self.assertEqual((parser.Stack.UPDATE, parser.Stack.COMPLETE),
+                         self.stack.state)
+
    @utils.stack_delete_after
    def test_delete(self):
        self.stack = parser.Stack(self.ctx, 'delete_test',
--- a/heat/tests/test_user.py
+++ b/heat/tests/test_user.py
@ -426,10 +426,7 @@ class AccessPolicyTest(UserPolicyTestCase):
            'NoExistResource']
        stack = utils.parse_stack(t)

-        rsrc = user.AccessPolicy(resource_name,
-                                 t['Resources'][resource_name],
-                                 stack)
-        self.assertRaises(exception.ResourceNotFound, rsrc.handle_create)
+        self.assertRaises(exception.StackValidationFailed, stack.validate)

    def test_accesspolicy_update(self):
        t = template_format.parse(user_policy_template)