From 08aa0cbd539b1f84ddcdcdb9b8e7890331c3756e Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 28 Nov 2013 16:55:50 +0000 Subject: [PATCH] Fix missing policy enforcement in CFN API Currently the CreateStack and UpdateStack actions aren't correctly enforcing the policy, so add calls to _enforce which fixes that, and rework the test to illustrate the issue. Change-Id: Ia5c2e65512ab9d1c163171f8617c081ab96745e5 Closes-Bug: #1256049 --- heat/api/cfn/v1/stacks.py | 2 + heat/tests/test_api_cfn_v1.py | 159 ++++++++++++++++++++++++------------------ 2 files changed, 92 insertions(+), 69 deletions(-) diff --git a/heat/api/cfn/v1/stacks.py b/heat/api/cfn/v1/stacks.py index 1516f23..03f08dd 100644 --- a/heat/api/cfn/v1/stacks.py +++ b/heat/api/cfn/v1/stacks.py @@ -267,9 +267,11 @@ class StackController(object): ) def create(self, req): + self._enforce(req, 'CreateStack') return self.create_or_update(req, self.CREATE_STACK) def update(self, req): + self._enforce(req, 'UpdateStack') return self.create_or_update(req, self.UPDATE_STACK) def create_or_update(self, req, action=None): diff --git a/heat/tests/test_api_cfn_v1.py b/heat/tests/test_api_cfn_v1.py index cdab08e..341d8c6 100644 --- a/heat/tests/test_api_cfn_v1.py +++ b/heat/tests/test_api_cfn_v1.py @@ -38,6 +38,29 @@ class CfnStackControllerTest(HeatTestCase): the endpoint processing API requests after they are routed ''' + def setUp(self): + super(CfnStackControllerTest, self).setUp() + + opts = [ + cfg.StrOpt('config_dir', default=policy_path), + cfg.StrOpt('config_file', default='foo'), + cfg.StrOpt('project', default='heat'), + ] + cfg.CONF.register_opts(opts) + cfg.CONF.set_default('host', 'host') + self.topic = rpc_api.ENGINE_TOPIC + self.api_version = '1.0' + + # Create WSGI controller instance + class DummyConfig(): + bind_port = 8000 + cfgopts = DummyConfig() + self.controller = stacks.StackController(options=cfgopts) + self.controller.policy.enforcer.policy_path = (policy_path + + 'deny_stack_user.json') + self.addCleanup(self.m.VerifyAll) + + def _dummy_GET_request(self, params={}): # Mangle the params dict into a query string qs = "&".join(["=".join([k, str(params[k])]) for k in params]) @@ -46,6 +69,16 @@ class CfnStackControllerTest(HeatTestCase): req.context = utils.dummy_context() return req + def _stub_enforce(self, req, action, allowed=True): + self.m.StubOutWithMock(policy.Enforcer, 'enforce') + if allowed: + policy.Enforcer.enforce(req.context, action + ).AndReturn(True) + else: + policy.Enforcer.enforce(req.context, action + ).AndRaise(heat_exception.Forbidden) + self.m.ReplayAll() + # The tests def test_stackid_addprefix(self): self.m.ReplayAll() @@ -62,27 +95,22 @@ class CfnStackControllerTest(HeatTestCase): expected = {'StackName': 'Foo', 'StackId': 'arn:openstack:heat::t:stacks/Foo/123'} self.assertEqual(response, expected) - self.m.VerifyAll() - def test_enforce_default(self): - self.m.ReplayAll() + def test_enforce_ok(self): params = {'Action': 'ListStacks'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ListStacks') self.controller.policy.policy_path = None response = self.controller._enforce(dummy_req, 'ListStacks') self.assertEqual(response, None) - self.m.VerifyAll() def test_enforce_denied(self): self.m.ReplayAll() params = {'Action': 'ListStacks'} dummy_req = self._dummy_GET_request(params) - dummy_req.context.roles = ['heat_stack_user'] - self.controller.policy.policy_path = (policy_path + - 'deny_stack_user.json') + self._stub_enforce(dummy_req, 'ListStacks', False) self.assertRaises(exception.HeatAccessDeniedError, self.controller._enforce, dummy_req, 'ListStacks') - self.m.VerifyAll() def test_enforce_ise(self): params = {'Action': 'ListStacks'} @@ -90,21 +118,19 @@ class CfnStackControllerTest(HeatTestCase): dummy_req.context.roles = ['heat_stack_user'] self.m.StubOutWithMock(policy.Enforcer, 'enforce') - policy.Enforcer.enforce(dummy_req.context, 'ListStacks', {} + policy.Enforcer.enforce(dummy_req.context, 'ListStacks' ).AndRaise(AttributeError) self.m.ReplayAll() - self.controller.policy.policy_path = (policy_path + - 'deny_stack_user.json') self.assertRaises(exception.HeatInternalFailureError, self.controller._enforce, dummy_req, 'ListStacks') - self.m.VerifyAll() @mock.patch.object(rpc, 'call') def test_list(self, mock_call): # Format a dummy GET request to pass into the WSGI handler params = {'Action': 'ListStacks'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ListStacks') # Stub out the RPC call to the engine with a pre-canned response engine_resp = [{u'stack_identity': {u'tenant': u't', @@ -145,6 +171,7 @@ class CfnStackControllerTest(HeatTestCase): def test_list_rmt_aterr(self, mock_call): params = {'Action': 'ListStacks'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ListStacks') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -165,6 +192,7 @@ class CfnStackControllerTest(HeatTestCase): def test_list_rmt_interr(self, mock_call): params = {'Action': 'ListStacks'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ListStacks') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -186,6 +214,7 @@ class CfnStackControllerTest(HeatTestCase): identity = dict(identifier.HeatIdentifier('t', stack_name, '6')) params = {'Action': 'DescribeStacks', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStacks') # Stub out the RPC call to the engine with a pre-canned response # Note the engine returns a load of keys we don't actually use @@ -267,7 +296,6 @@ class CfnStackControllerTest(HeatTestCase): 'LastUpdatedTime': u'2012-07-09T09:13:11Z'}]}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_describe_arn(self): # Format a dummy GET request to pass into the WSGI handler @@ -277,6 +305,7 @@ class CfnStackControllerTest(HeatTestCase): params = {'Action': 'DescribeStacks', 'StackName': stack_identifier.arn()} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStacks') # Stub out the RPC call to the engine with a pre-canned response # Note the engine returns a load of keys we don't actually use @@ -352,7 +381,6 @@ class CfnStackControllerTest(HeatTestCase): 'LastUpdatedTime': u'2012-07-09T09:13:11Z'}]}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_describe_arn_invalidtenant(self): # Format a dummy GET request to pass into the WSGI handler @@ -362,6 +390,7 @@ class CfnStackControllerTest(HeatTestCase): params = {'Action': 'DescribeStacks', 'StackName': stack_identifier.arn()} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStacks') self.m.StubOutWithMock(rpc, 'call') rpc.call(dummy_req.context, self.topic, @@ -377,13 +406,13 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.describe(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_describe_aterr(self): stack_name = "wordpress" identity = dict(identifier.HeatIdentifier('t', stack_name, '6')) params = {'Action': 'DescribeStacks', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStacks') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -405,12 +434,12 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.describe(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_describe_bad_name(self): stack_name = "wibble" params = {'Action': 'DescribeStacks', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStacks') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -427,7 +456,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.describe(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_get_template_int_body(self): '''Test the internal _get_template function.''' @@ -453,6 +481,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30', 'disable_rollback': 'true'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') # Stub out the RPC call to the engine with a pre-canned response engine_resp = {u'tenant': u't', @@ -484,7 +513,6 @@ class CfnStackControllerTest(HeatTestCase): } self.assertEqual(response, expected) - self.m.VerifyAll() def test_create_rollback(self): # Format a dummy request @@ -500,6 +528,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') # Stub out the RPC call to the engine with a pre-canned response engine_resp = {u'tenant': u't', @@ -531,7 +560,6 @@ class CfnStackControllerTest(HeatTestCase): } self.assertEqual(response, expected) - self.m.VerifyAll() def test_create_onfailure_true(self): # Format a dummy request @@ -547,6 +575,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30', 'disable_rollback': 'true'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') # Stub out the RPC call to the engine with a pre-canned response engine_resp = {u'tenant': u't', @@ -578,7 +607,6 @@ class CfnStackControllerTest(HeatTestCase): } self.assertEqual(response, expected) - self.m.VerifyAll() def test_create_onfailure_false_delete(self): # Format a dummy request @@ -594,6 +622,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') # Stub out the RPC call to the engine with a pre-canned response engine_resp = {u'tenant': u't', @@ -625,7 +654,6 @@ class CfnStackControllerTest(HeatTestCase): } self.assertEqual(response, expected) - self.m.VerifyAll() def test_create_onfailure_false_rollback(self): # Format a dummy request @@ -641,6 +669,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') # Stub out the RPC call to the engine with a pre-canned response engine_resp = {u'tenant': u't', @@ -672,7 +701,6 @@ class CfnStackControllerTest(HeatTestCase): } self.assertEqual(response, expected) - self.m.VerifyAll() def test_create_onfailure_err(self): # Format a dummy request @@ -689,6 +717,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30', 'disable_rollback': 'false'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') self.assertRaises(exception.HeatInvalidParameterCombinationError, self.controller.create, dummy_req) @@ -698,6 +727,7 @@ class CfnStackControllerTest(HeatTestCase): stack_name = "wordpress" params = {'Action': 'CreateStack', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') result = self.controller.create(dummy_req) self.assertEqual(type(result), exception.HeatMissingParameterError) @@ -709,6 +739,7 @@ class CfnStackControllerTest(HeatTestCase): params = {'Action': 'CreateStack', 'StackName': stack_name, 'TemplateBody': '%s' % json_template} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') result = self.controller.create(dummy_req) self.assertEqual(type(result), @@ -728,10 +759,14 @@ class CfnStackControllerTest(HeatTestCase): engine_args = {'timeout_mins': u'30'} dummy_req = self._dummy_GET_request(params) + self.m.StubOutWithMock(policy.Enforcer, 'enforce') + # Insert an engine RPC error and ensure we map correctly to the # heat exception type self.m.StubOutWithMock(rpc, 'call') + policy.Enforcer.enforce(dummy_req.context, 'CreateStack' + ).AndReturn(True) rpc.call(dummy_req.context, self.topic, {'namespace': None, 'method': 'create_stack', @@ -742,6 +777,9 @@ class CfnStackControllerTest(HeatTestCase): 'args': engine_args}, 'version': self.api_version}, None ).AndRaise(AttributeError()) + + policy.Enforcer.enforce(dummy_req.context, 'CreateStack' + ).AndReturn(True) rpc.call(dummy_req.context, self.topic, {'namespace': None, 'method': 'create_stack', @@ -752,6 +790,9 @@ class CfnStackControllerTest(HeatTestCase): 'args': engine_args}, 'version': self.api_version}, None ).AndRaise(heat_exception.UnknownUserParameter(key='test')) + + policy.Enforcer.enforce(dummy_req.context, 'CreateStack' + ).AndReturn(True) rpc.call(dummy_req.context, self.topic, {'namespace': None, 'method': 'create_stack', @@ -780,7 +821,6 @@ class CfnStackControllerTest(HeatTestCase): self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_create_err_exists(self): # Format a dummy request @@ -795,6 +835,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -817,7 +858,6 @@ class CfnStackControllerTest(HeatTestCase): self.assertEqual(type(result), exception.AlreadyExistsError) - self.m.VerifyAll() def test_create_err_engine(self): # Format a dummy request @@ -832,6 +872,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {'timeout_mins': u'30'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'CreateStack') # Stub out the RPC call to the engine with a pre-canned response self.m.StubOutWithMock(rpc, 'call') @@ -854,7 +895,6 @@ class CfnStackControllerTest(HeatTestCase): self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_update(self): # Format a dummy request @@ -868,6 +908,7 @@ class CfnStackControllerTest(HeatTestCase): engine_parms = {u'InstanceType': u'm1.xlarge'} engine_args = {} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'UpdateStack') # Stub out the RPC call to the engine with a pre-canned response identity = dict(identifier.HeatIdentifier('t', stack_name, '1')) @@ -903,7 +944,6 @@ class CfnStackControllerTest(HeatTestCase): } self.assertEqual(response, expected) - self.m.VerifyAll() def test_update_bad_name(self): stack_name = "wibble" @@ -914,6 +954,7 @@ class CfnStackControllerTest(HeatTestCase): 'Parameters.member.1.ParameterKey': 'InstanceType', 'Parameters.member.1.ParameterValue': 'm1.xlarge'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'UpdateStack') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -930,7 +971,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.update(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_create_or_update_err(self): result = self.controller.create_or_update(req={}, action="dsdgfdf") @@ -943,6 +983,7 @@ class CfnStackControllerTest(HeatTestCase): template = {u'Foo': u'bar'} params = {'Action': 'GetTemplate', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'GetTemplate') # Stub out the RPC call to the engine with a pre-canned response engine_resp = template @@ -968,7 +1009,6 @@ class CfnStackControllerTest(HeatTestCase): {'TemplateBody': template}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_get_template_err_rpcerr(self): stack_name = "wordpress" @@ -976,6 +1016,7 @@ class CfnStackControllerTest(HeatTestCase): template = {u'Foo': u'bar'} params = {'Action': 'GetTemplate', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'GetTemplate') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -998,12 +1039,12 @@ class CfnStackControllerTest(HeatTestCase): self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_get_template_bad_name(self): stack_name = "wibble" params = {'Action': 'GetTemplate', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'GetTemplate') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -1020,7 +1061,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.get_template(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_get_template_err_none(self): stack_name = "wordpress" @@ -1028,6 +1068,7 @@ class CfnStackControllerTest(HeatTestCase): template = {u'Foo': u'bar'} params = {'Action': 'GetTemplate', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'GetTemplate') # Stub out the RPC call to the engine to return None # this test the "no such stack" error path @@ -1051,13 +1092,13 @@ class CfnStackControllerTest(HeatTestCase): self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_validate_err_no_template(self): # Format a dummy request with a missing template field stack_name = "wordpress" params = {'Action': 'ValidateTemplate'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ValidateTemplate') result = self.controller.validate_template(dummy_req) self.assertEqual(type(result), exception.HeatMissingParameterError) @@ -1068,6 +1109,7 @@ class CfnStackControllerTest(HeatTestCase): params = {'Action': 'ValidateTemplate', 'TemplateBody': '%s' % json_template} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ValidateTemplate') result = self.controller.validate_template(dummy_req) self.assertEqual(type(result), @@ -1088,6 +1130,7 @@ class CfnStackControllerTest(HeatTestCase): response = {'Error': 'Resources must contain Resource. ' 'Found a [string] instead'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ValidateTemplate') # Stub out the RPC call to the engine with a pre-canned response self.m.StubOutWithMock(rpc, 'call') @@ -1105,7 +1148,6 @@ class CfnStackControllerTest(HeatTestCase): 'Resources must contain Resource. ' 'Found a [string] instead'}} self.assertEqual(expected, response) - self.m.VerifyAll() def test_delete(self): # Format a dummy request @@ -1113,6 +1155,7 @@ class CfnStackControllerTest(HeatTestCase): identity = dict(identifier.HeatIdentifier('t', stack_name, '1')) params = {'Action': 'DeleteStack', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DeleteStack') # Stub out the RPC call to the engine with a pre-canned response self.m.StubOutWithMock(rpc, 'call') @@ -1135,13 +1178,13 @@ class CfnStackControllerTest(HeatTestCase): expected = {'DeleteStackResponse': {'DeleteStackResult': ''}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_delete_err_rpcerr(self): stack_name = "wordpress" identity = dict(identifier.HeatIdentifier('t', stack_name, '1')) params = {'Action': 'DeleteStack', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DeleteStack') # Stub out the RPC call to the engine with a pre-canned response self.m.StubOutWithMock(rpc, 'call') @@ -1166,12 +1209,12 @@ class CfnStackControllerTest(HeatTestCase): self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_delete_bad_name(self): stack_name = "wibble" params = {'Action': 'DeleteStack', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DeleteStack') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -1188,7 +1231,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.delete(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_events_list(self): # Format a dummy request @@ -1196,6 +1238,7 @@ class CfnStackControllerTest(HeatTestCase): identity = dict(identifier.HeatIdentifier('t', stack_name, '6')) params = {'Action': 'DescribeStackEvents', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackEvents') # Stub out the RPC call to the engine with a pre-canned response engine_resp = [{u'stack_name': u'wordpress', @@ -1249,13 +1292,13 @@ class CfnStackControllerTest(HeatTestCase): 'LogicalResourceId': u'WikiDatabase'}]}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_events_list_err_rpcerr(self): stack_name = "wordpress" identity = dict(identifier.HeatIdentifier('t', stack_name, '6')) params = {'Action': 'DescribeStackEvents', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackEvents') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -1277,12 +1320,12 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.events_list(dummy_req) self.assertEqual(type(result), exception.HeatInternalFailureError) - self.m.VerifyAll() def test_events_list_bad_name(self): stack_name = "wibble" params = {'Action': 'DescribeStackEvents', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackEvents') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -1299,7 +1342,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.events_list(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_describe_stack_resource(self): # Format a dummy request @@ -1309,6 +1351,7 @@ class CfnStackControllerTest(HeatTestCase): 'StackName': stack_name, 'LogicalResourceId': "WikiDatabase"} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResource') # Stub out the RPC call to the engine with a pre-canned response engine_resp = {u'description': u'', @@ -1369,7 +1412,6 @@ class CfnStackControllerTest(HeatTestCase): 'LogicalResourceId': u'WikiDatabase'}}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_describe_stack_resource_nonexistent_stack(self): # Format a dummy request @@ -1379,6 +1421,7 @@ class CfnStackControllerTest(HeatTestCase): 'StackName': stack_name, 'LogicalResourceId': "WikiDatabase"} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResource') # Stub out the RPC call to the engine with a pre-canned response self.m.StubOutWithMock(rpc, 'call') @@ -1394,7 +1437,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.describe_stack_resource(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_describe_stack_resource_nonexistent(self): # Format a dummy request @@ -1404,6 +1446,7 @@ class CfnStackControllerTest(HeatTestCase): 'StackName': stack_name, 'LogicalResourceId': "wibble"} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResource') # Stub out the RPC call to the engine with a pre-canned response self.m.StubOutWithMock(rpc, 'call') @@ -1429,7 +1472,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.describe_stack_resource(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_describe_stack_resources(self): # Format a dummy request @@ -1439,6 +1481,7 @@ class CfnStackControllerTest(HeatTestCase): 'StackName': stack_name, 'LogicalResourceId': "WikiDatabase"} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResources') # Stub out the RPC call to the engine with a pre-canned response engine_resp = [{u'description': u'', @@ -1498,7 +1541,6 @@ class CfnStackControllerTest(HeatTestCase): 'LogicalResourceId': u'WikiDatabase'}]}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_describe_stack_resources_bad_name(self): stack_name = "wibble" @@ -1506,6 +1548,7 @@ class CfnStackControllerTest(HeatTestCase): 'StackName': stack_name, 'LogicalResourceId': "WikiDatabase"} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResources') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -1522,7 +1565,6 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.describe_stack_resources(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_describe_stack_resources_physical(self): # Format a dummy request @@ -1532,6 +1574,7 @@ class CfnStackControllerTest(HeatTestCase): 'LogicalResourceId': "WikiDatabase", 'PhysicalResourceId': 'a3455d8c-9f88-404d-a85b-5315293e67de'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResources') # Stub out the RPC call to the engine with a pre-canned response engine_resp = [{u'description': u'', @@ -1592,7 +1635,6 @@ class CfnStackControllerTest(HeatTestCase): 'LogicalResourceId': u'WikiDatabase'}]}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_describe_stack_resources_physical_not_found(self): # Format a dummy request @@ -1602,6 +1644,7 @@ class CfnStackControllerTest(HeatTestCase): 'LogicalResourceId': "WikiDatabase", 'PhysicalResourceId': 'aaaaaaaa-9f88-404d-cccc-ffffffffffff'} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResources') # Stub out the RPC call to the engine with a pre-canned response self.m.StubOutWithMock(rpc, 'call') @@ -1620,7 +1663,6 @@ class CfnStackControllerTest(HeatTestCase): self.assertEqual(type(response), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() def test_describe_stack_resources_err_inval(self): # Format a dummy request containing both StackName and @@ -1631,10 +1673,10 @@ class CfnStackControllerTest(HeatTestCase): 'StackName': stack_name, 'PhysicalResourceId': "123456"} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'DescribeStackResources') ret = self.controller.describe_stack_resources(dummy_req) self.assertEqual(type(ret), exception.HeatInvalidParameterCombinationError) - self.m.VerifyAll() def test_list_stack_resources(self): # Format a dummy request @@ -1643,6 +1685,7 @@ class CfnStackControllerTest(HeatTestCase): params = {'Action': 'ListStackResources', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ListStackResources') # Stub out the RPC call to the engine with a pre-canned response engine_resp = [{u'resource_identity': @@ -1691,13 +1734,13 @@ class CfnStackControllerTest(HeatTestCase): 'LogicalResourceId': u'WikiDatabase'}]}}} self.assertEqual(response, expected) - self.m.VerifyAll() def test_list_stack_resources_bad_name(self): stack_name = "wibble" params = {'Action': 'ListStackResources', 'StackName': stack_name} dummy_req = self._dummy_GET_request(params) + self._stub_enforce(dummy_req, 'ListStackResources') # Insert an engine RPC error and ensure we map correctly to the # heat exception type @@ -1714,25 +1757,3 @@ class CfnStackControllerTest(HeatTestCase): result = self.controller.list_stack_resources(dummy_req) self.assertEqual(type(result), exception.HeatInvalidParameterValueError) - self.m.VerifyAll() - - def setUp(self): - super(CfnStackControllerTest, self).setUp() - - opts = [ - cfg.StrOpt('config_dir', default=policy_path), - cfg.StrOpt('config_file', default='foo'), - cfg.StrOpt('project', default='heat'), - ] - cfg.CONF.register_opts(opts) - cfg.CONF.set_default('host', 'host') - self.topic = rpc_api.ENGINE_TOPIC - self.api_version = '1.0' - - # Create WSGI controller instance - class DummyConfig(): - bind_port = 8000 - cfgopts = DummyConfig() - self.controller = stacks.StackController(options=cfgopts) - self.controller.policy.enforcer.policy_path = (policy_path + - 'deny_stack_user.json') -- 1.8.3.1