Exemple #1
0
 def wrapper(self, *args, **kwargs):
     context = args[0].context
     project_id = kwargs.get('project_id')
     utils.check_project_id(context, project_id)
     policy.enforce(context, rule, {})
     LOG.debug('RBAC: Authorization granted')
     return f(self, *args, **kwargs)
Exemple #2
0
 def wrapper(self, *args, **kwargs):
     context = args[0].context
     project_id = kwargs.get('project_id')
     utils.check_project_id(context, project_id)
     policy.enforce(context, rule, {})
     LOG.debug('RBAC: Authorization granted')
     return f(self, *args, **kwargs)
Exemple #3
0
 def test_templatized_enforcement(self):
     target_mine = {'tenant_id': 'fake'}
     target_not_mine = {'tenant_id': 'another'}
     action = "example:my_file"
     policy.enforce(self.context, action, target_mine)
     self.assertRaises(exception.Forbidden, policy.enforce,
                       self.context, action, target_not_mine)
Exemple #4
0
 def test_templatized_enforcement(self):
     target_mine = {'tenant_id': 'fake'}
     target_not_mine = {'tenant_id': 'another'}
     action = "example:my_file"
     policy.enforce(self.context, action, target_mine)
     self.assertRaises(exception.Forbidden, policy.enforce, self.context,
                       action, target_not_mine)
Exemple #5
0
 def test_ignore_case_role_check(self):
     lowercase_action = "example:lowercase_admin"
     uppercase_action = "example:uppercase_admin"
     # NOTE(dprince) we mix case in the Admin role here to ensure
     # case is ignored
     admin_context = build_context(roles='AdmiN')
     policy.enforce(admin_context, lowercase_action, self.target)
     policy.enforce(admin_context, uppercase_action, self.target)
Exemple #6
0
 def test_ignore_case_role_check(self):
     lowercase_action = "example:lowercase_admin"
     uppercase_action = "example:uppercase_admin"
     # NOTE(dprince) we mix case in the Admin role here to ensure
     # case is ignored
     admin_context = build_context(roles='AdmiN')
     policy.enforce(admin_context, lowercase_action, self.target)
     policy.enforce(admin_context, uppercase_action, self.target)
Exemple #7
0
 def test_modified_policy_reloads(self):
     tmpfilename = '/tmp/policy.json'
     policy.cfg.CONF.find_file = mock.MagicMock(return_value=tmpfilename)
     action = "example:test"
     with open(tmpfilename, "w") as policyfile:
         policyfile.write('{"example:test": ""}')
     f = open(tmpfilename, 'r')
     print f.readline()
     policy.enforce(self.context, action, self.target)
     with open(tmpfilename, "w") as policyfile:
         policyfile.write('{"example:test": "!"}')
     policy._POLICY_CACHE = {}
     self.assertRaises(exception.Forbidden, policy.enforce, self.context,
                       action, self.target)
Exemple #8
0
 def test_modified_policy_reloads(self):
     tmpfilename = '/tmp/policy.json'
     policy.cfg.CONF.find_file = mock.MagicMock(return_value=tmpfilename)
     action = "example:test"
     with open(tmpfilename, "w") as policyfile:
         policyfile.write('{"example:test": ""}')
     f = open(tmpfilename, 'r')
     print f.readline()
     policy.enforce(self.context, action, self.target)
     with open(tmpfilename, "w") as policyfile:
         policyfile.write('{"example:test": "!"}')
     policy._POLICY_CACHE = {}
     self.assertRaises(exception.Forbidden, policy.enforce,
                       self.context, action, self.target)
Exemple #9
0
 def test_enforce_http_true(self, mock_urlopen):
     mock_urlopen.return_value = StringIO.StringIO("True")
     action = "example:get_http"
     target = {}
     result = policy.enforce(self.context, action, target)
     self.assertEqual(result, True)
Exemple #10
0
 def test_enforce_good_action(self):
     action = "example:allowed"
     result = policy.enforce(self.context, action, self.target)
     self.assertEqual(result, True)
Exemple #11
0
 def test_enforce_bad_action_noraise(self):
     action = "example:denied"
     result = policy.enforce(self.context, action, self.target, False)
     self.assertEqual(result, False)
Exemple #12
0
 def test_not_found_policy_calls_default(self):
     policy.enforce(self.context, "example:noexist", {})
Exemple #13
0
 def test_early_OR_enforcement(self):
     action = "example:early_or_success"
     policy.enforce(self.context, action, self.target)
Exemple #14
0
 def test_enforce_http_true(self, mock_urlopen):
     mock_urlopen.return_value = StringIO.StringIO("True")
     action = "example:get_http"
     target = {}
     result = policy.enforce(self.context, action, target)
     self.assertEqual(result, True)
Exemple #15
0
 def test_enforce_good_action(self):
     action = "example:allowed"
     result = policy.enforce(self.context, action, self.target)
     self.assertEqual(result, True)
Exemple #16
0
 def test_enforce_bad_action_noraise(self):
     action = "example:denied"
     result = policy.enforce(self.context, action, self.target, False)
     self.assertEqual(result, False)
Exemple #17
0
 def test_not_found_policy_calls_default(self):
     policy.enforce(self.context, "example:noexist", {})
Exemple #18
0
 def test_early_OR_enforcement(self):
     action = "example:early_or_success"
     policy.enforce(self.context, action, self.target)