Beispiel #1
0
    def setUp(self):
        super(QuantumPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()
        self.addCleanup(policy.reset)
        self.rules = dict(
            (k, common_policy.parse_rule(v))
            for k, v in {
                "admin_or_network_owner": "role:admin or " "tenant_id:%(network_tenant_id)s",
                "admin_or_owner": "role:admin or tenant_id:%(tenant_id)s",
                "admin_only": "role:admin",
                "regular_user": "******",
                "shared": "field:networks:shared=True",
                "external": "field:networks:router:external=True",
                "default": "@",
                "create_network": "rule:admin_or_owner",
                "create_network:shared": "rule:admin_only",
                "update_network": "@",
                "update_network:shared": "rule:admin_only",
                "get_network": "rule:admin_or_owner or " "rule:shared or " "rule:external",
                "create_port:mac": "rule:admin_or_network_owner",
            }.items()
        )

        def fakepolicyinit():
            common_policy.set_rules(common_policy.Rules(self.rules))

        self.patcher = mock.patch.object(quantum.policy, "init", new=fakepolicyinit)
        self.patcher.start()
        self.addCleanup(self.patcher.stop)
        self.context = context.Context("fake", "fake", roles=["user"])
        plugin_klass = importutils.import_class("quantum.db.db_base_plugin_v2.QuantumDbPluginV2")
        self.plugin = plugin_klass()
Beispiel #2
0
    def setUp(self):
        super(QuantumPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()
        self.rules = {
            "admin_or_network_owner": [["role:admin"],
                                       ["tenant_id:%(network_tenant_id)s"]],
            "admin_only": [["role:admin"]],
            "regular_user": [["role:user"]],
            "default": [],
            "networks:private:read": [["rule:admin_only"]],
            "networks:private:write": [["rule:admin_only"]],
            "networks:shared:read": [["rule:regular_user"]],
            "networks:shared:write": [["rule:admin_only"]],
            "create_network": [],
            "create_network:shared": [["rule:admin_only"]],
            "update_network": [],
            "update_network:shared": [["rule:admin_only"]],
            "get_network": [],
            "create_port:mac": [["rule:admin_or_network_owner"]],
        }

        def fakepolicyinit():
            common_policy.set_brain(common_policy.Brain(self.rules))

        self.patcher = mock.patch.object(quantum.policy,
                                         'init',
                                         new=fakepolicyinit)
        self.patcher.start()
        self.context = context.Context('fake', 'fake', roles=['user'])
        plugin_klass = importutils.import_class(
            "quantum.db.db_base_plugin_v2.QuantumDbPluginV2")
        self.plugin = plugin_klass()
Beispiel #3
0
    def setUp(self):
        super(QuantumPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()
        self.addCleanup(policy.reset)
        self.admin_only_legacy = "role:admin"
        self.admin_or_owner_legacy = "role:admin or tenant_id:%(tenant_id)s"
        self.rules = dict(
            (k, common_policy.parse_rule(v)) for k, v in {
                "context_is_admin":
                "role:admin",
                "admin_or_network_owner":
                "rule:context_is_admin or "
                "tenant_id:%(network:tenant_id)s",
                "admin_or_owner": ("rule:context_is_admin or "
                                   "tenant_id:%(tenant_id)s"),
                "admin_only":
                "rule:context_is_admin",
                "regular_user":
                "******",
                "shared":
                "field:networks:shared=True",
                "external":
                "field:networks:router:external=True",
                "default":
                '@',
                "create_network":
                "rule:admin_or_owner",
                "create_network:shared":
                "rule:admin_only",
                "update_network":
                '@',
                "update_network:shared":
                "rule:admin_only",
                "get_network":
                "rule:admin_or_owner or "
                "rule:shared or "
                "rule:external",
                "create_port:mac":
                "rule:admin_or_network_owner",
            }.items())

        def fakepolicyinit():
            common_policy.set_rules(common_policy.Rules(self.rules))

        self.patcher = mock.patch.object(quantum.policy,
                                         'init',
                                         new=fakepolicyinit)
        self.patcher.start()
        self.addCleanup(self.patcher.stop)
        self.context = context.Context('fake', 'fake', roles=['user'])
        plugin_klass = importutils.import_class(
            "quantum.db.db_base_plugin_v2.QuantumDbPluginV2")
        self.manager_patcher = mock.patch('quantum.manager.QuantumManager')
        fake_manager = self.manager_patcher.start()
        fake_manager_instance = fake_manager.return_value
        fake_manager_instance.plugin = plugin_klass()
        self.addCleanup(self.manager_patcher.stop)
Beispiel #4
0
    def setUp(self):
        super(DefaultPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()

        self.rules = {"default": [], "example:exist": [["false:false"]]}

        self._set_brain('default')

        self.context = context.Context('fake', 'fake')
Beispiel #5
0
    def setUp(self):
        super(DefaultPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()
        self.addCleanup(policy.reset)

        self.rules = {"default": "", "example:exist": "!"}

        self._set_rules("default")

        self.context = context.Context("fake", "fake")
Beispiel #6
0
    def setUp(self):
        super(DefaultPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()

        self.rules = {
            "default": '',
            "example:exist": '!',
        }

        self._set_rules('default')

        self.context = context.Context('fake', 'fake')
Beispiel #7
0
    def setUp(self):
        super(DefaultPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()

        self.rules = {
            "default": [],
            "example:exist": [["false:false"]]
        }

        self._set_brain('default')

        self.context = context.Context('fake', 'fake')
Beispiel #8
0
    def setUp(self):
        super(QuantumPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()
        self.addCleanup(policy.reset)
        self.admin_only_legacy = "role:admin"
        self.admin_or_owner_legacy = "role:admin or tenant_id:%(tenant_id)s"
        self.rules = dict((k, common_policy.parse_rule(v)) for k, v in {
            "context_is_admin": "role:admin",
            "admin_or_network_owner": "rule:context_is_admin or "
                                      "tenant_id:%(network:tenant_id)s",
            "admin_or_owner": ("rule:context_is_admin or "
                               "tenant_id:%(tenant_id)s"),
            "admin_only": "rule:context_is_admin",
            "regular_user": "******",
            "shared": "field:networks:shared=True",
            "external": "field:networks:router:external=True",
            "default": '@',

            "create_network": "rule:admin_or_owner",
            "create_network:shared": "rule:admin_only",
            "update_network": '@',
            "update_network:shared": "rule:admin_only",

            "get_network": "rule:admin_or_owner or "
                           "rule:shared or "
                           "rule:external",
            "create_port:mac": "rule:admin_or_network_owner",
        }.items())

        def fakepolicyinit():
            common_policy.set_rules(common_policy.Rules(self.rules))

        self.patcher = mock.patch.object(quantum.policy,
                                         'init',
                                         new=fakepolicyinit)
        self.patcher.start()
        self.addCleanup(self.patcher.stop)
        self.context = context.Context('fake', 'fake', roles=['user'])
        plugin_klass = importutils.import_class(
            "quantum.db.db_base_plugin_v2.QuantumDbPluginV2")
        self.manager_patcher = mock.patch('quantum.manager.QuantumManager')
        fake_manager = self.manager_patcher.start()
        fake_manager_instance = fake_manager.return_value
        fake_manager_instance.plugin = plugin_klass()
        self.addCleanup(self.manager_patcher.stop)
Beispiel #9
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     policy.reset()
     self.addCleanup(policy.reset)
     # NOTE(vish): preload rules to circumvent reloading from file
     policy.init()
     rules = {
         "true": "@",
         "example:allowed": "@",
         "example:denied": "!",
         "example:get_http": "http:http://www.example.com",
         "example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s",
         "example:early_and_fail": "! and @",
         "example:early_or_success": "@ or !",
         "example:lowercase_admin": "role:admin or role:sysadmin",
         "example:uppercase_admin": "role:ADMIN or role:sysadmin",
     }
     # NOTE(vish): then overload underlying rules
     common_policy.set_rules(common_policy.Rules(dict((k, common_policy.parse_rule(v)) for k, v in rules.items())))
     self.context = context.Context("fake", "fake", roles=["member"])
     self.target = {}
Beispiel #10
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     policy.reset()
     # NOTE(vish): preload rules to circumvent reloading from file
     policy.init()
     rules = {
         "true": [],
         "example:allowed": [],
         "example:denied": [["false:false"]],
         "example:get_http": [["http:http://www.example.com"]],
         "example:my_file": [["role:compute_admin"],
                             ["tenant_id:%(tenant_id)s"]],
         "example:early_and_fail": [["false:false", "rule:true"]],
         "example:early_or_success": [["rule:true"], ["false:false"]],
         "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]],
         "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]],
     }
     # NOTE(vish): then overload underlying brain
     common_policy.set_brain(common_policy.HttpBrain(rules))
     self.context = context.Context('fake', 'fake', roles=['member'])
     self.target = {}
Beispiel #11
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     policy.reset()
     # NOTE(vish): preload rules to circumvent reloading from file
     policy.init()
     rules = {
         "true": [],
         "example:allowed": [],
         "example:denied": [["false:false"]],
         "example:get_http": [["http:http://www.example.com"]],
         "example:my_file": [["role:compute_admin"],
                             ["tenant_id:%(tenant_id)s"]],
         "example:early_and_fail": [["false:false", "rule:true"]],
         "example:early_or_success": [["rule:true"], ["false:false"]],
         "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]],
         "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]],
     }
     # NOTE(vish): then overload underlying brain
     common_policy.set_brain(common_policy.HttpBrain(rules))
     self.context = context.Context('fake', 'fake', roles=['member'])
     self.target = {}
Beispiel #12
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     policy.reset()
     # NOTE(vish): preload rules to circumvent reloading from file
     policy.init()
     rules = {
         "true": '@',
         "example:allowed": '@',
         "example:denied": '!',
         "example:get_http": "http:http://www.example.com",
         "example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s",
         "example:early_and_fail": "! and @",
         "example:early_or_success": "@ or !",
         "example:lowercase_admin": "role:admin or role:sysadmin",
         "example:uppercase_admin": "role:ADMIN or role:sysadmin",
     }
     # NOTE(vish): then overload underlying rules
     common_policy.set_rules(common_policy.Rules(
         dict((k, common_policy.parse_rule(v))
              for k, v in rules.items())))
     self.context = context.Context('fake', 'fake', roles=['member'])
     self.target = {}
Beispiel #13
0
    def setUp(self):
        super(QuantumPolicyTestCase, self).setUp()
        policy.reset()
        policy.init()
        self.rules = {
            "admin_or_network_owner": [["role:admin"],
                                       ["tenant_id:%(network_tenant_id)s"]],
            "admin_only": [["role:admin"]],
            "regular_user": [["role:user"]],
            "default": [],

            "networks:private:read": [["rule:admin_only"]],
            "networks:private:write": [["rule:admin_only"]],
            "networks:shared:read": [["rule:regular_user"]],
            "networks:shared:write": [["rule:admin_only"]],

            "create_network": [],
            "create_network:shared": [["rule:admin_only"]],
            "update_network": [],
            "update_network:shared": [["rule:admin_only"]],

            "get_network": [],
            "create_port:mac": [["rule:admin_or_network_owner"]],
        }

        def fakepolicyinit():
            common_policy.set_brain(common_policy.Brain(self.rules))

        self.patcher = mock.patch.object(quantum.policy,
                                         'init',
                                         new=fakepolicyinit)
        self.patcher.start()
        self.context = context.Context('fake', 'fake', roles=['user'])
        plugin_klass = importutils.import_class(
            "quantum.db.db_base_plugin_v2.QuantumDbPluginV2")
        self.plugin = plugin_klass()