def test_enforcer_with_default_rule(self):
rules_json = """{
"deny_stack_user": "******",
"cloudwatch:PutMetricData": ""
}"""
rules = policy.Rules.load_json(rules_json)
default_rule = policy.TrueCheck()
enforcer = policy.Enforcer(default_rule=default_rule)
enforcer.set_rules(rules)
action = "cloudwatch:PutMetricData"
creds = {'roles': ''}
self.assertEqual(enforcer.enforce(action, {}, creds), True)
def test_get_policy_path_raises_exc(self):
enforcer = policy.Enforcer(policy_file='raise_error.json')
e = self.assertRaises(cfg.ConfigFilesNotFoundError,
enforcer._get_policy_path)
self.assertEqual(('raise_error.json', ), e.config_files)
def test_enforcer_with_policy_file(self):
enforcer = policy.Enforcer(policy_file='non-default.json')
self.assertEqual('non-default.json', enforcer.policy_file)
def test_enforcer_with_default_policy_file(self):
enforcer = policy.Enforcer()
self.assertEqual(cfg.CONF.policy_file, enforcer.policy_file)
import mock
import six
import six.moves.urllib.parse as urlparse
import six.moves.urllib.request as urlrequest
from essential.config import cfg
from essential.fixture import config
from essential.fixture import lockutils
from essential import jsonutils
from essential import policy
from essential import test
TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), 'var'))
ENFORCER = policy.Enforcer()
class MyException(Exception):
def __init__(self, *args, **kwargs):
self.args = args
self.kwargs = kwargs
class RulesTestCase(test.BaseTestCase):
def test_init_basic(self):
rules = policy.Rules()
self.assertEqual(rules, {})
self.assertIsNone(rules.default_rule)