Esempio n. 1
0
    def test_check_raises(self):
        policy._rules = None

        try:
            policy.check('rule', 'target', 'creds', TestException,
                         "arg1", "arg2", kw1="kwarg1", kw2="kwarg2")
        except TestException as exc:
            self.assertEqual(exc.args, ("arg1", "arg2"))
            self.assertEqual(exc.kwargs, dict(kw1="kwarg1", kw2="kwarg2"))
        else:
            self.fail("policy.check() failed to raise requested exception")
Esempio n. 2
0
    def test_check_explicit(self):
        policy._rules = None
        rule = FakeCheck()
        result = policy.check(rule, "target", "creds")

        self.assertEqual(result, ("target", "creds"))
        self.assertEqual(policy._rules, None)
Esempio n. 3
0
    def test_check_explicit(self):
        policy._rules = None
        rule = FakeCheck()
        result = policy.check(rule, "target", "creds")

        self.assertEqual(result, ("target", "creds"))
        self.assertEqual(policy._rules, None)
Esempio n. 4
0
def check(context, action, target, plugin=None, might_not_exist=False):
    """Verifies that the action is valid on the target in this context.

    :param context: neutron context
    :param action: string representing the action to be checked
        this should be colon separated for clarity.
    :param target: dictionary representing the object of the action
        for object creation this should be a dictionary representing the
        location of the object e.g. ``{'project_id': context.project_id}``
    :param plugin: currently unused and deprecated.
        Kept for backward compatibility.
    :param might_not_exist: If True the policy check is skipped (and the
        function returns True) if the specified policy does not exist.
        Defaults to false.

    :return: Returns True if access is permitted else False.
    """
    if might_not_exist and not (policy._rules and action in policy._rules):
        return True
    return policy.check(*(_prepare_check(context, action, target)))
Esempio n. 5
0
def check(context, action, target, plugin=None, might_not_exist=False):
    """Verifies that the action is valid on the target in this context.

    :param context: neutron context
    :param action: string representing the action to be checked
        this should be colon separated for clarity.
    :param target: dictionary representing the object of the action
        for object creation this should be a dictionary representing the
        location of the object e.g. ``{'project_id': context.project_id}``
    :param plugin: currently unused and deprecated.
        Kept for backward compatibility.
    :param might_not_exist: If True the policy check is skipped (and the
        function returns True) if the specified policy does not exist.
        Defaults to false.

    :return: Returns True if access is permitted else False.
    """
    if might_not_exist and not (policy._rules and action in policy._rules):
        return True
    return policy.check(*(_prepare_check(context, action, target)))
Esempio n. 6
0
def enforce(context, action, target, plugin=None):
    """Verifies that the action is valid on the target in this context.

    :param context: neutron context
    :param action: string representing the action to be checked
        this should be colon separated for clarity.
    :param target: dictionary representing the object of the action
        for object creation this should be a dictionary representing the
        location of the object e.g. ``{'project_id': context.project_id}``
    :param plugin: currently unused and deprecated.
        Kept for backward compatibility.

    :raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
    """

    rule, target, credentials = _prepare_check(context, action, target)
    result = policy.check(rule, target, credentials, action=action)
    if not result:
        #LOG.debug(_("Failed policy check for '%s'"), action)
        raise exceptions.PolicyNotAuthorized(action=action)
    return result
Esempio n. 7
0
def enforce(context, action, target, plugin=None):
    """Verifies that the action is valid on the target in this context.

    :param context: neutron context
    :param action: string representing the action to be checked
        this should be colon separated for clarity.
    :param target: dictionary representing the object of the action
        for object creation this should be a dictionary representing the
        location of the object e.g. ``{'project_id': context.project_id}``
    :param plugin: currently unused and deprecated.
        Kept for backward compatibility.

    :raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
    """

    rule, target, credentials = _prepare_check(context, action, target)
    result = policy.check(rule, target, credentials, action=action)
    if not result:
        #LOG.debug(_("Failed policy check for '%s'"), action)
        raise exceptions.PolicyNotAuthorized(action=action)
    return result
Esempio n. 8
0
    def test_check_with_rule(self):
        policy._rules = dict(default=FakeCheck())
        result = policy.check("default", "target", "creds")

        self.assertEqual(result, ("target", "creds"))
Esempio n. 9
0
    def test_check_missing_rule(self):
        policy._rules = {}
        result = policy.check('rule', 'target', 'creds')

        self.assertEqual(result, False)
Esempio n. 10
0
    def test_check_no_rules(self):
        policy._rules = None
        result = policy.check('rule', "target", "creds")

        self.assertEqual(result, False)
        self.assertEqual(policy._rules, None)
Esempio n. 11
0
    def test_check_with_rule(self):
        policy._rules = dict(default=FakeCheck())
        result = policy.check("default", "target", "creds")

        self.assertEqual(result, ("target", "creds"))
Esempio n. 12
0
    def test_check_missing_rule(self):
        policy._rules = {}
        result = policy.check('rule', 'target', 'creds')

        self.assertEqual(result, False)
Esempio n. 13
0
    def test_check_no_rules(self):
        policy._rules = None
        result = policy.check('rule', "target", "creds")

        self.assertEqual(result, False)
        self.assertEqual(policy._rules, None)