def wrapper(self, *args, **kwargs):
context = args[0].context
project_id = kwargs.get('project_id')
utils.check_project_id(context, project_id)
policy.enforce(context, rule, {})
LOG.debug('RBAC: Authorization granted')
return f(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
context = args[0].context
project_id = kwargs.get('project_id')
utils.check_project_id(context, project_id)
policy.enforce(context, rule, {})
LOG.debug('RBAC: Authorization granted')
return f(self, *args, **kwargs)
def test_templatized_enforcement(self):
target_mine = {'tenant_id': 'fake'}
target_not_mine = {'tenant_id': 'another'}
action = "example:my_file"
policy.enforce(self.context, action, target_mine)
self.assertRaises(exception.Forbidden, policy.enforce,
self.context, action, target_not_mine)
def test_templatized_enforcement(self):
target_mine = {'tenant_id': 'fake'}
target_not_mine = {'tenant_id': 'another'}
action = "example:my_file"
policy.enforce(self.context, action, target_mine)
self.assertRaises(exception.Forbidden, policy.enforce, self.context,
action, target_not_mine)
def test_ignore_case_role_check(self):
lowercase_action = "example:lowercase_admin"
uppercase_action = "example:uppercase_admin"
# NOTE(dprince) we mix case in the Admin role here to ensure
# case is ignored
admin_context = build_context(roles='AdmiN')
policy.enforce(admin_context, lowercase_action, self.target)
policy.enforce(admin_context, uppercase_action, self.target)
def test_ignore_case_role_check(self):
lowercase_action = "example:lowercase_admin"
uppercase_action = "example:uppercase_admin"
# NOTE(dprince) we mix case in the Admin role here to ensure
# case is ignored
admin_context = build_context(roles='AdmiN')
policy.enforce(admin_context, lowercase_action, self.target)
policy.enforce(admin_context, uppercase_action, self.target)
def test_modified_policy_reloads(self):
tmpfilename = '/tmp/policy.json'
policy.cfg.CONF.find_file = mock.MagicMock(return_value=tmpfilename)
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": ""}')
f = open(tmpfilename, 'r')
print f.readline()
policy.enforce(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": "!"}')
policy._POLICY_CACHE = {}
self.assertRaises(exception.Forbidden, policy.enforce, self.context,
action, self.target)
def test_modified_policy_reloads(self):
tmpfilename = '/tmp/policy.json'
policy.cfg.CONF.find_file = mock.MagicMock(return_value=tmpfilename)
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": ""}')
f = open(tmpfilename, 'r')
print f.readline()
policy.enforce(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": "!"}')
policy._POLICY_CACHE = {}
self.assertRaises(exception.Forbidden, policy.enforce,
self.context, action, self.target)
def test_enforce_http_true(self, mock_urlopen):
mock_urlopen.return_value = StringIO.StringIO("True")
action = "example:get_http"
target = {}
result = policy.enforce(self.context, action, target)
self.assertEqual(result, True)
def test_enforce_good_action(self):
action = "example:allowed"
result = policy.enforce(self.context, action, self.target)
self.assertEqual(result, True)
def test_enforce_bad_action_noraise(self):
action = "example:denied"
result = policy.enforce(self.context, action, self.target, False)
self.assertEqual(result, False)
def test_not_found_policy_calls_default(self):
policy.enforce(self.context, "example:noexist", {})
def test_early_OR_enforcement(self):
action = "example:early_or_success"
policy.enforce(self.context, action, self.target)
def test_enforce_http_true(self, mock_urlopen):
mock_urlopen.return_value = StringIO.StringIO("True")
action = "example:get_http"
target = {}
result = policy.enforce(self.context, action, target)
self.assertEqual(result, True)
def test_enforce_good_action(self):
action = "example:allowed"
result = policy.enforce(self.context, action, self.target)
self.assertEqual(result, True)
def test_enforce_bad_action_noraise(self):
action = "example:denied"
result = policy.enforce(self.context, action, self.target, False)
self.assertEqual(result, False)
def test_not_found_policy_calls_default(self):
policy.enforce(self.context, "example:noexist", {})
def test_early_OR_enforcement(self):
action = "example:early_or_success"
policy.enforce(self.context, action, self.target)