Current tests do not have good test coverage of VNF LCM
APIs policies. Either tests for policies do not exist or
if they exist then they do not cover the actual negative
and positive testing.
Basically this commit does the following:
* Add RBAC tests:
As we are implementing the project personas (project member
and reader role) in policies, we need to have the enough
testing coverage of existing policy behavior and to know
that with new defaults how the access permissions will
looks like.
* Pass correct target to oslo policy:
Currently, APIs are not passing the right targets to oslo
policy, means VNF instance project_id was not passed as target.
We need to pass the project_id so that we can check the 'onwer'
permission correctly at RBAC level and RBAC checks pass and
request goes to fetch the data from DB where project_id
is checked. For example, GET VNF API requests by a non
admin user does not check if requester users is from same
project of requested VNF or not and request pass the oslo
policy checks and make DB request. Passing the right project_id
in oslo policy will return the request (if projectA request projectB
VNF) from policy checks itself. This can be seen in modified
test_controller.py tests.
Partial implement blueprint implement-project-personas
Change-Id: Ib022397f715c6aa08718a6867d2f2ea19c517c00
c2ef23210f