def test_check_identity_rule_not_found_true(self):
     policy_backend.reset()
     value = policy.check((("identity", "i_dont_exist"),),
                          request=self.request)
     # this should succeed because the default check for
     # identity is admin_required
     self.assertTrue(value)
Beispiel #2
0
 def test_check_identity_rule_not_found_false(self):
     policy_backend.reset()
     value = policy.check((("identity", "i_dont_exist"), ),
                          request=self.request)
     # this should succeed because the default check does not exist and
     # if the default check does not exist the policy check should succeed.
     self.assertTrue(value)
Beispiel #3
0
    def test_compound_check_true(self):
        policy_backend.reset()

        # Check a single rule works expectly
        self.assertTrue(
            policy.check((("identity", "admin_required"), ),
                         request=self.request))
        self.assertTrue(
            policy.check((("identity", "owner"), ),
                         request=self.request,
                         target={'user_id': 1}))
        self.assertFalse(
            policy.check((("identity", "owner"), ),
                         request=self.request,
                         target={'user_id': 2}))

        self.assertTrue(
            policy.check((
                ("identity", "admin_required"),
                ("identity", "owner"),
            ),
                         request=self.request,
                         target={'user_id': 1}))
        self.assertFalse(
            policy.check((
                ("identity", "admin_required"),
                ("identity", "owner"),
            ),
                         request=self.request,
                         target={'user_id': 2}))
 def test_check_identity_rule_not_found_true(self):
     policy.reset()
     value = policy.check((("identity", "i_dont_exist"),),
                          request=self.request)
     # this should succeed because the default check for
     # identity is admin_required
     self.assertTrue(value)
Beispiel #5
0
 def test_check_identity_rule_not_found_false(self):
     policy_backend.reset()
     value = policy.check((("identity", "i_dont_exist"),),
                          request=self.request)
     # this should fail because the default check for
     # identity is admin_required
     self.assertFalse(value)
 def test_check_identity_rule_not_found_false(self):
     policy.reset()
     value = policy.check((("identity", "i_dont_exist"), ),
                          request=self.request)
     # this should fail because the default check for
     # identity is admin_required
     self.assertFalse(value)
Beispiel #7
0
 def test_check_identity_rule_not_found_true(self):
     policy_backend.reset()
     value = policy.check((("identity", "i_dont_exist"), ),
                          request=self.request)
     # This assume the identity policy file does not contain the default
     # check. If both a specified rule and the default rule do not exist,
     # the check should succeed.
     self.assertTrue(value)
Beispiel #8
0
 def test_nonexisting_policy_file_load(self):
     policy_files = {
         'dinosaur': 'no_godzilla.json',
     }
     policy.reset()
     with self.settings(POLICY_FILES=policy_files):
         enforcer = policy._get_enforcer()
         self.assertEqual(0, len(enforcer))
 def test_compound_check_false(self):
     policy.reset()
     value = policy.check((
         ("identity", "admin_required"),
         ("identity", "identity:default"),
     ),
                          request=self.request)
     self.assertFalse(value)
Beispiel #10
0
 def test_check_credentials_default(self):
     policy.reset()
     enforcer = policy._get_enforcer()
     scope = enforcer['with_default']
     user = utils.get_user()
     credentials = policy._user_to_credentials(user)
     target = {
         'project_id': user.project_id,
         'tenant_id': user.project_id,
         'user_id': user.id,
         'domain_id': user.user_domain_id,
         'user.domain_id': user.user_domain_id,
         'group.domain_id': user.user_domain_id,
         'project.domain_id': user.user_domain_id,
     }
     is_valid = policy._check_credentials(scope, 'action', target,
                                          credentials)
     self.assertFalse(is_valid)
Beispiel #11
0
 def test_check_credentials_default(self):
     policy.reset()
     enforcer = policy._get_enforcer()
     scope = enforcer['with_default']
     user = utils.get_user()
     credentials = policy._user_to_credentials(user)
     target = {
         'project_id': user.project_id,
         'tenant_id': user.project_id,
         'user_id': user.id,
         'domain_id': user.user_domain_id,
         'user.domain_id': user.user_domain_id,
         'group.domain_id': user.user_domain_id,
         'project.domain_id': user.user_domain_id,
     }
     is_valid = policy._check_credentials(scope, 'action', target,
                                          credentials)
     self.assertFalse(is_valid)
 def test_scope_not_found(self):
     policy.reset()
     value = policy.check((("dummy", "default"), ), request=self.request)
     self.assertTrue(value)
 def test_policy_reset(self):
     policy._get_enforcer()
     self.assertEqual(2, len(policy._ENFORCER))
     policy.reset()
     self.assertIsNone(policy._ENFORCER)
 def test_policy_file_load(self):
     policy.reset()
     enforcer = policy._get_enforcer()
     self.assertEqual(2, len(enforcer))
     self.assertTrue('identity' in enforcer)
     self.assertTrue('compute' in enforcer)
 def test_check_nova_context_is_admin_true(self):
     policy.reset()
     value = policy.check((("compute", "context_is_admin"),),
                          request=self.request)
     self.assertTrue(value)
Beispiel #16
0
 def test_policy_file_load(self):
     policy_backend.reset()
     enforcer = policy_backend._get_enforcer()
     self.assertEqual(2, len(enforcer))
     self.assertIn('identity', enforcer)
     self.assertIn('compute', enforcer)
 def test_policy_reset(self):
     policy._get_enforcer()
     self.assertEqual(2, len(policy._ENFORCER))
     policy.reset()
     self.assertIsNone(policy._ENFORCER)
 def test_scope_not_found(self):
     policy.reset()
     value = policy.check((("dummy", "default"),),
                          request=self.request)
     self.assertTrue(value)
 def test_check_admin_required_false(self):
     policy.reset()
     value = policy.check((("identity", "admin_required"),),
                          request=self.request)
     self.assertFalse(value)
Beispiel #20
0
 def test_compound_check_false(self):
     policy_backend.reset()
     value = policy.check((("identity", "admin_required"), ("identity", "identity:default")), request=self.request)
     self.assertFalse(value)
 def test_check_nova_context_is_admin_false(self):
     policy.reset()
     value = policy.check((("compute", "context_is_admin"), ),
                          request=self.request)
     self.assertFalse(value)
Beispiel #22
0
 def test_check_nova_context_is_admin_true(self):
     policy_backend.reset()
     value = policy.check((("compute", "context_is_admin"),),
                          request=self.request)
     self.assertTrue(value)
Beispiel #23
0
 def test_check_admin_required_true(self):
     policy_backend.reset()
     value = policy.check((("identity", "admin_required"),),
                          request=self.request)
     self.assertTrue(value)
Beispiel #24
0
 def test_check_nova_context_is_admin_false(self):
     policy_backend.reset()
     value = policy.check((("compute", "context_is_admin"),),
                          request=self.request)
     self.assertFalse(value)
 def test_check_admin_required_true(self):
     policy.reset()
     value = policy.check((("identity", "admin_required"), ),
                          request=self.request)
     self.assertTrue(value)
 def test_policy_file_load(self):
     policy.reset()
     enforcer = policy._get_enforcer()
     self.assertEqual(2, len(enforcer))
     self.assertTrue('identity' in enforcer)
     self.assertTrue('compute' in enforcer)
 def test_compound_check_true(self):
     policy.reset()
     value = policy.check((("identity", "admin_required"),
                           ("identity", "identity:default"),),
                          request=self.request)
     self.assertTrue(value)
 def test_check_domain_admin_required_true(self):
     policy.reset()
     value = policy.check((
         ("identity", "admin_and_matching_domain_id"),),
         request=self.request)
     self.assertTrue(value)
Beispiel #29
0
 def test_check_admin_required_false(self):
     policy_backend.reset()
     value = policy.check((("identity", "admin_required"),),
                          request=self.request)
     self.assertFalse(value)
 def test_check_any_admin_required_true(self):
     policy.reset()
     value = policy.check((("identity", "admin_or_cloud_admin"),),
                          request=self.request)
     self.assertTrue(value)
Beispiel #31
0
 def test_nonexisting_policy_file_load(self):
     policy.reset()
     enforcer = policy._get_enforcer()
     self.assertEqual(0, len(enforcer))