def setUp(self): super(PolicyTestCase, self).setUp() rules = oslo_policy.Rules.from_dict({ "true": '@', "example:allowed": '@', "example:denied": "!", "example:get_http": "http://www.example.com", "example:my_file": "role:compute_admin or " "project_id:%(project_id)s", "example:early_and_fail": "! and @", "example:early_or_success": "@ or !", "example:lowercase_admin": "role:admin or role:sysadmin", "example:uppercase_admin": "role:ADMIN or role:sysadmin", }) policy.reset() policy.init() policy.set_rules(rules) self.context = context.RequestContext('fake', 'fake', roles=['member']) self.target = {}
def test_modified_policy_reloads(self): with utils.tempdir() as tmpdir: tmpfilename = os.path.join(tmpdir, 'policy') CONF.set_override('policy_file', tmpfilename, 'oslo_policy') # NOTE(uni): context construction invokes policy check to determin # is_admin or not. As a side-effect, policy reset is needed here # to flush existing policy cache. policy.reset() action = "example:test" with open(tmpfilename, "w") as policyfile: policyfile.write('{"example:test": ""}') policy.enforce(self.context, action, self.target) with open(tmpfilename, "w") as policyfile: policyfile.write('{"example:test": "!"}') policy._ENFORCER.load_rules(True) self.assertRaises(exception.PolicyNotAuthorized, policy.enforce, self.context, action, self.target)
def _set_rules(self, default_rule): policy.reset() policy.init(rules=self.rules, default_rule=default_rule, use_conf=False)
def _set_rules(self, default_rule): policy.reset() rules = dict((k, common_policy.parse_rule(v)) for k, v in self.rules.items()) policy.init(rules=rules, default_rule=default_rule, use_conf=False)
def _set_rules(self, default_rule): policy.reset() rules = dict( (k, common_policy.parse_rule(v)) for k, v in self.rules.items()) policy.init(rules=rules, default_rule=default_rule, use_conf=False)