Commit de959245 authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

Add unit test for RAPI handler access definitions



- Ensure query-related resources have the same access permissions
  (specifically “/2/query/*” and “/2/*/console”)
- Check access permission consistency (write implies read)
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
parent 41f3d54d
......@@ -35,8 +35,11 @@ from ganeti import http
from ganeti import query
from ganeti import luxi
from ganeti import errors
from ganeti import rapi
from ganeti.rapi import rlib2
from ganeti.rapi import baserlib
from ganeti.rapi import connector
import testutils
......@@ -1753,5 +1756,26 @@ class TestInstancesMultiAlloc(unittest.TestCase):
for inst in body["instances"]]))
class TestPermissions(unittest.TestCase):
def testEquality(self):
self.assertEqual(rlib2.R_2_query.GET_ACCESS, rlib2.R_2_query.PUT_ACCESS)
self.assertEqual(rlib2.R_2_query.GET_ACCESS,
rlib2.R_2_instances_name_console.GET_ACCESS)
def testMethodAccess(self):
for handler in connector.CONNECTOR.values():
for method in baserlib._SUPPORTED_METHODS:
access = getattr(handler, "%s_ACCESS" % method)
self.assertFalse(set(access) - rapi.RAPI_ACCESS_ALL,
msg=("Handler '%s' uses unknown access options for"
" method %s" % (handler, method)))
self.assertTrue(rapi.RAPI_ACCESS_READ not in access or
rapi.RAPI_ACCESS_WRITE in access,
msg=("Handler '%s' gives query, but not write access"
" for method %s (the latter includes query and"
" should therefore be given as well)" %
(handler, method)))
if __name__ == "__main__":
testutils.GanetiTestProgram()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment