Update policy.json for FWaaS v2

This commit supports FWaaS v2 CLI as OSC plugin[1]. [1] http://specs.openstack.org/openstack/neutron-specs/specs/newton/fwaas-api-2.0.html Added our policy to the DB unit tests Amended tempest to avoid failure Co-Authored-By: Yushiro Furukawa <y.furukawa_2@jp.fujitsu.com> Co-Authored-By: German Eichberger <german.eichberger@rackspace.com> Change-Id: I3d2ef99f60af2a05b5d38ebdc90f818541317e8c Partial-Implements: blueprint fwaas-api-2.0 Depends-On: I7b4108772e8370e8f51971caf40ecd23e9f977e9 Depends-On: I57504f97ac39b5b7d301fd5cc88228a121f0677e Closes-Bug: #1609686
2016-11-30 14:41:22 -05:00 · 2016-11-30 14:41:22 -05:00 · e7ebbebb39
parent e62e53ab8c
commit e7ebbebb39
5 changed files with 65 additions and 24 deletions
--- a/etc/neutron/policy.d/neutron-fwaas.json
+++ b/etc/neutron/policy.d/neutron-fwaas.json
@ -1,35 +1,61 @@
 {
    "shared_firewalls": "field:firewalls:shared=True",
    "shared_firewall_policies": "field:firewall_policies:shared=True",
+    "shared_firewall_rules": "field:firewall_rules:shared=True",

    "public_firewall_groups": "field:firewall_groups:public=True",
    "public_firewall_policies": "field:firewall_policies:public=True",
    "public_firewall_rules": "field:firewall_rules:public=True",

+
    "create_firewall": "",
-    "get_firewall": "rule:admin_or_owner",
-    "create_firewall:shared": "rule:admin_only",
-    "get_firewall:shared": "rule:admin_only",
    "update_firewall": "rule:admin_or_owner",
-    "update_firewall:shared": "rule:admin_only",
    "delete_firewall": "rule:admin_or_owner",

+    "create_firewall:shared": "rule:admin_only",
+    "update_firewall:shared": "rule:admin_only",
+    "delete_firewall:shared": "rule:admin_only",
+
+    "get_firewall": "rule:admin_or_owner or rule:shared_firewalls",
+
+
+    "create_firewall_group": "",
+    "update_firewall_group": "rule:admin_or_owner",
+    "delete_firewall_group": "rule:admin_or_owner",
+
+    "create_firewall_group:public": "rule:admin_only",
+    "update_firewall_group:public": "rule:admin_only",
+    "delete_firewall_group:public": "rule:admin_only",
+
+    "get_firewall_group": "rule:admin_or_owner or rule:public_firewall_groups",
+
+
    "create_firewall_policy": "",
-    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies or rule:public_firewall_policies",
-    "create_firewall_policy:shared": "rule:admin_or_owner",
    "update_firewall_policy": "rule:admin_or_owner",
    "delete_firewall_policy": "rule:admin_or_owner",

+    "create_firewall_policy:shared": "rule:admin_only",
+    "update_firewall_policy:shared": "rule:admin_only",
+    "delete_firewall_policy:shared": "rule:admin_only",
+
+    "create_firewall_policy:public": "rule:admin_only",
+    "update_firewall_policy:public": "rule:admin_only",
+    "delete_firewall_policy:public": "rule:admin_only",
+
+    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies or rule:public_firewall_policies",
+
+
    "create_firewall_rule": "",
-    "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewall_rules or rule:public_firewall_rules",
    "update_firewall_rule": "rule:admin_or_owner",
    "delete_firewall_rule": "rule:admin_or_owner",

-    "create_firewall_group": "",
-    "get_firewall_group": "rule:admin_or_owner or rule:public_firewall_groups",
-    "create_firewall_group:public": "rule:admin_only",
-    "get_firewall_group:public": "rule:admin_only",
-    "update_firewall_group": "rule:admin_or_owner",
-    "update_firewall_group:public": "rule:admin_only",
-    "delete_firewall_group": "rule:admin_or_owner"
+    "create_firewall_rule:shared": "rule:admin_only",
+    "update_firewall_rule:shared": "rule:admin_only",
+    "delete_firewall_rule:shared": "rule:admin_only",
+
+    "create_firewall_rule:public": "rule:admin_only",
+    "update_firewall_rule:public": "rule:admin_only",
+    "delete_firewall_rule:public": "rule:admin_only",
+
+    "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewall_rules or rule:public_firewall_rules"
 }
--- a/neutron_fwaas/tests/base.py
+++ b/neutron_fwaas/tests/base.py
@ -14,6 +14,9 @@
 #    under the License.
 #

+import os
+
+from neutron.common import test_lib
 from neutron.tests import base as n_base
 from neutron.tests.unit.db import test_db_base_plugin_v2 as test_db_plugin

@ -23,4 +26,19 @@ class BaseTestCase(n_base.BaseTestCase):


 class NeutronDbPluginV2TestCase(test_db_plugin.NeutronDbPluginV2TestCase):
-    pass
+
+    def setup_config(self):
+        ## Copied from neutron's test_db_base_plugin_v2 because they
+        ## don't allow to specify args
+
+        # Create the default configurations
+        args = ['--config-file', n_base.etcdir('neutron.conf')]
+        # If test_config specifies some config-file, use it, as well
+        for config_file in test_lib.test_config.get('config_files', []):
+            args.extend(['--config-file', config_file])
+
+        ## our own stuff
+        dirpath = os.path.join(os.path.dirname(__file__),
+                            './../../etc/neutron/policy.d')
+        args.extend(['--config-dir', dirpath])
+        self.config_parse(args=args)
--- a/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaas_extensions.py
+++ b/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaas_extensions.py
@ -135,8 +135,8 @@ class FWaaSExtensionTestJSON(base.BaseFWaaSTest):

        # Update firewall rule
        body = self.firewall_rules_client.update_firewall_rule(fw_rule_id,
-                                                               shared=True)
-        self.assertTrue(body["firewall_rule"]['shared'])
+                                                               action="deny")
+        self.assertEqual("deny", body["firewall_rule"]['action'])

        # Delete firewall rule
        self.firewall_rules_client.delete_firewall_rule(fw_rule_id)
@ -178,10 +178,8 @@ class FWaaSExtensionTestJSON(base.BaseFWaaSTest):
        # Update firewall policy
        body = self.firewall_policies_client.update_firewall_policy(
            fw_policy_id,
-            shared=True,
            name="updated_policy")
        updated_fw_policy = body["firewall_policy"]
-        self.assertTrue(updated_fw_policy['shared'])
        self.assertEqual("updated_policy", updated_fw_policy['name'])

        # Delete firewall policy
--- a/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaasv2_extensions.py
+++ b/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaasv2_extensions.py
@ -176,8 +176,8 @@ class FWaaSv2ExtensionTestJSON(v2_base.BaseFWaaSTest):

        # Update firewall rule
        body = self.firewall_rules_client.update_firewall_rule(fw_rule_id,
-                                                               public=True)
-        self.assertTrue(body["firewall_rule"]['public'])
+                                                               action="deny")
+        self.assertEqual("deny", body["firewall_rule"]['action'])

        # Delete firewall rule
        self.firewall_rules_client.delete_firewall_rule(fw_rule_id)
@ -216,10 +216,8 @@ class FWaaSv2ExtensionTestJSON(v2_base.BaseFWaaSTest):
        # Update firewall policy
        body = self.firewall_policies_client.update_firewall_policy(
            fw_policy_id,
-            public=True,
            name="updated_policy")
        updated_fw_policy = body["firewall_policy"]
-        self.assertTrue(updated_fw_policy['public'])
        self.assertEqual("updated_policy", updated_fw_policy['name'])

        # Delete firewall policy
--- a/tools/check_unit_test_structure.sh
+++ b/tools/check_unit_test_structure.sh
@ -11,7 +11,8 @@ test_path=$neutron_path/$base_test_path
 test_files=$(find ${test_path} -iname 'test_*.py')

 ignore_regexes=(
-    "^plugins.*$"
+    "^plugins.*$",
+    "^misc.*$"
 )

 error_count=0