def test_verify_deprecated_policy_using_new_action(self):
old_policy = "old_action_default"
new_policy = "new_action"
default_rule = "rule:admin_api"
using_old_action = policy.verify_deprecated_policy(
old_policy, new_policy, default_rule, self.context)
self.assertFalse(using_old_action)
def test_verify_deprecated_policy_using_new_action(self):
old_policy = "old_action_default"
new_policy = "new_action"
default_rule = "rule:admin_api"
using_old_action = policy.verify_deprecated_policy(
old_policy, new_policy, default_rule, self.context)
self.assertFalse(using_old_action)
def test_verify_deprecated_policy_using_old_action(self, mock_warning):
old_policy = "old_action_not_default"
new_policy = "new_action"
default_rule = "rule:admin_api"
using_old_action = policy.verify_deprecated_policy(
old_policy, new_policy, default_rule, self.context)
self.assertTrue(mock_warning.called)
self.assertTrue(using_old_action)
def test_verify_deprecated_policy_using_old_action(self, mock_warning):
old_policy = "old_action_not_default"
new_policy = "new_action"
default_rule = "rule:admin_api"
using_old_action = policy.verify_deprecated_policy(
old_policy, new_policy, default_rule, self.context)
self.assertTrue(mock_warning.called)
self.assertTrue(using_old_action)
def _authorize_policy(self, context, new_policy):
# TODO(cl566n): In future release, this _authorize_policy function
# can be removed. The call to it can be replaced by
# context.authorize(new_policy) once the old
# policy.ENCRYPTION_POLICY is deprecated.
using_old_action = cinder_policy.verify_deprecated_policy(
policy.ENCRYPTION_POLICY,
new_policy,
base.RULE_ADMIN_API,
context)
if not using_old_action:
context.authorize(new_policy)