def test_check_node_policy_forbidden(self, mock_authorize, mock_pr): mock_pr.version.minor = 50 mock_pr.context.to_policy_values.return_value = {} mock_authorize.side_effect = exception.HTTPForbidden(resource='fake') self.assertRaises(exception.HTTPForbidden, utils.check_node_policy, 'fake-policy', self.node['owner'])
def test_check_node_policy_and_retrieve_policy_forbidden( self, mock_grn, mock_authorize, mock_pr): mock_pr.version.minor = 50 mock_pr.context.to_policy_values.return_value = {} mock_authorize.side_effect = exception.HTTPForbidden(resource='fake') mock_grn.return_value = self.node self.assertRaises(exception.HTTPForbidden, utils.check_node_policy_and_retrieve, 'fake-policy', self.valid_node_uuid)
def authorize(rule, target, creds, *args, **kwargs): """A shortcut for policy.Enforcer.authorize() Checks authorization of a rule against the target and credentials, and raises an exception if the rule is not defined. Always returns true if CONF.auth_strategy is not keystone. """ if CONF.auth_strategy != 'keystone': return True enforcer = get_enforcer() try: return enforcer.authorize(rule, target, creds, do_raise=True, *args, **kwargs) except policy.PolicyNotAuthorized: raise exception.HTTPForbidden(resource=rule)
def authorize(rule, target, creds, *args, **kwargs): """A shortcut for policy.Enforcer.authorize() Checks authorization of a rule against the target and credentials, and raises an exception if the rule is not defined. Always returns true if CONF.auth_strategy == noauth. Beginning with the Newton cycle, this should be used in place of 'enforce'. """ if CONF.auth_strategy == 'noauth': return True enforcer = get_enforcer() try: return enforcer.authorize(rule, target, creds, do_raise=True, *args, **kwargs) except policy.PolicyNotAuthorized: raise exception.HTTPForbidden(resource=rule)
def get(self, image_id): raise exception.HTTPForbidden(image_id)
def test_check_policy_forbidden(self, mock_authorize, mock_pr): mock_authorize.side_effect = exception.HTTPForbidden(resource='fake') self.assertRaises(exception.HTTPForbidden, utils.check_policy, 'fake-policy')
def mock_authorize_function(rule, target, creds): if rule == 'baremetal:node:list_all': raise exception.HTTPForbidden(resource='fake') return True
def mock_authorize_function(rule, target, creds): raise exception.HTTPForbidden(resource='fake')