def setUp(self): super(DefaultPolicyTestCase, self).setUp() policy.reset() policy.init(suppress_deprecation_warnings=True) self.rules = {"default": [], "example:exist": "false:false"} self._set_rules('default') self.context = context.RequestContext('fake', 'fake')
def setUp(self): super(DefaultPolicyTestCase, self).setUp() policy.reset() policy.init() self.rules = {"default": [], "example:exist": [["false:false"]]} self._set_rules('default') self.context = context.RequestContext('fake', 'fake')
def setUp(self): super(DefaultPolicyTestCase, self).setUp() policy.reset() policy.init() self.rules = { "default": [], "example:exist": [["false:false"]] } self._set_rules('default') self.context = context.RequestContext('fake', 'fake')
def test_authorize_does_not_raise_forbidden(self, method): self.fixture.config(enforce_scope=False, group='oslo_policy') project_context = context.RequestContext(project_id='fake-project-id', roles=['bar']) policy.reset() policy.init() rule = common_policy.RuleDefault('foo', 'role:bar', scope_types=['system']) policy._ENFORCER.register_defaults([rule]) self.assertTrue(getattr(policy, method)(project_context, 'foo', {}))
def test_authorize_properly_handles_invalid_scope_exception(self, method): self.fixture.config(enforce_scope=True, group='oslo_policy') project_context = context.RequestContext(project_id='fake-project-id', roles=['bar']) policy.reset() policy.init() rule = common_policy.RuleDefault('foo', 'role:bar', scope_types=['system']) policy._ENFORCER.register_defaults([rule]) self.assertRaises(exception.PolicyNotAuthorized, getattr(policy, method), project_context, 'foo', {})
def setUp(self): super(PolicyTestCase, self).setUp() policy.reset() policy.init() self.rules = { "true": [], "example:allowed": [], "example:denied": [["false:false"]], "example:get_http": [["http:http://www.example.com"]], "example:my_file": [["role:compute_admin"], ["project_id:%(project_id)s"]], "example:early_and_fail": [["false:false", "rule:true"]], "example:early_or_success": [["rule:true"], ["false:false"]], "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]], "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]], } self._set_rules() self.context = context.RequestContext('fake', 'fake', roles=['member']) self.target = {}
def test_modified_policy_reloads(self): with utils.tempdir() as tmpdir: tmpfilename = os.path.join(tmpdir, 'policy') CONF.set_override('policy_file', tmpfilename, group='oslo_policy') action = "example:test" with open(tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": []}""") policy.init(tmpfilename) policy.enforce(self.context, action, self.target) with open(tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": ["false:false"]}""") # NOTE(vish): reset stored policy cache so we don't have to # sleep(1) policy._ENFORCER.load_rules(True) self.assertRaises( exception.PolicyNotAuthorized, policy.enforce, self.context, action, self.target, )
def test_modified_policy_reloads(self): with utils.tempdir() as tmpdir: tmpfilename = os.path.join(tmpdir, 'policy') self.flags(policy_file=tmpfilename) action = "example:test" with open(tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": []}""") policy.init(tmpfilename) policy.enforce(self.context, action, self.target) with open(tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": ["false:false"]}""") # NOTE(vish): reset stored policy cache so we don't have to # sleep(1) policy._ENFORCER.load_rules(True) self.assertRaises( exception.PolicyNotAuthorized, policy.enforce, self.context, action, self.target, )
def setUp(self): super(PolicyTestCase, self).setUp() rules = [ common_policy.RuleDefault("true", '@'), common_policy.RuleDefault("test:allowed", '@'), common_policy.RuleDefault("test:denied", "!"), common_policy.RuleDefault( "test:my_file", "role:compute_admin or " "project_id:%(project_id)s"), common_policy.RuleDefault("test:early_and_fail", "! and @"), common_policy.RuleDefault("test:early_or_success", "@ or !"), common_policy.RuleDefault("test:lowercase_admin", "role:admin"), common_policy.RuleDefault("test:uppercase_admin", "role:ADMIN"), ] policy.reset() policy.init(suppress_deprecation_warnings=True) # before a policy rule can be used, its default has to be registered. policy._ENFORCER.register_defaults(rules) self.context = context.RequestContext('fake', 'fake', roles=['member']) self.target = {} self.addCleanup(policy.reset)
def setUp(self): super(ContextIsAdminPolicyTestCase, self).setUp() policy.reset() policy.init()
def setUp(self): super(ContextIsAdminPolicyTestCase, self).setUp() policy.reset() policy.init(suppress_deprecation_warnings=True)