コード例 #1
0
 def test_templatized_enforcement(self):
     target_mine = {'project_id': 'fake'}
     target_not_mine = {'project_id': 'another'}
     credentials = {'project_id': 'fake', 'roles': []}
     action = "example:my_file"
     policy.enforce(credentials, action, target_mine)
     self.assertRaises(exception.ForbiddenAction, policy.enforce,
                       credentials, action, target_not_mine)
コード例 #2
0
 def test_ignore_case_role_check(self):
     lowercase_action = "example:lowercase_admin"
     uppercase_action = "example:uppercase_admin"
     # NOTE(dprince): We mix case in the Admin role here to ensure
     # case is ignored
     admin_credentials = {'roles': ['AdMiN']}
     policy.enforce(admin_credentials, lowercase_action, self.target)
     policy.enforce(admin_credentials, uppercase_action, self.target)
コード例 #3
0
 def test_warning_message_is_logged_if_enforce_scope_is_false(self):
     self.config_fixture.config(group='oslo_policy', enforce_scope=False)
     expected_msg = (
         'Policy foo failed scope check. The token used to make the '
         'request was project scoped but the policy requires [\'system\'] '
         'scope. This behavior may change in the future where using the '
         'intended scope is required')
     with mock.patch('warnings.warn') as mock_warn:
         policy.enforce(self.credentials, self.action, self.target)
         mock_warn.assert_called_with(expected_msg)
コード例 #4
0
 def test_modified_policy_reloads(self):
     action = "example:test"
     empty_credentials = {}
     with open(self.tmpfilename, "w") as policyfile:
         policyfile.write("""{"example:test": []}""")
     policy.enforce(empty_credentials, action, self.target)
     with open(self.tmpfilename, "w") as policyfile:
         policyfile.write("""{"example:test": ["false:false"]}""")
     policy._ENFORCER._enforcer.clear()
     self.assertRaises(exception.ForbiddenAction, policy.enforce,
                       empty_credentials, action, self.target)
コード例 #5
0
ファイル: test_policy.py プロジェクト: mahak/keystone 
 def test_warning_message_is_logged_if_enforce_scope_is_false(self):
     self.config_fixture.config(group='oslo_policy', enforce_scope=False)
     expected_msg = (
         'Policy foo failed scope check. The token used to make the '
         'request was project scoped but the policy requires [\'system\'] '
         'scope. This behavior may change in the future where using the '
         'intended scope is required'
     )
     with mock.patch('warnings.warn') as mock_warn:
         policy.enforce(self.credentials, self.action, self.target)
         mock_warn.assert_called_with(expected_msg)
コード例 #6
0
 def test_early_OR_enforcement(self):
     action = "example:early_or_success"
     policy.enforce(self.credentials, action, self.target)
コード例 #7
0
 def test_enforce_good_action(self):
     action = "example:allowed"
     policy.enforce(self.credentials, action, self.target)
コード例 #8
0
ファイル: rules.py プロジェクト: bopopescu/OpenStack-Stein 
 def enforce(self, credentials, action, target):
     msg = 'enforce %(action)s: %(credentials)s'
     LOG.debug(msg, {'action': action, 'credentials': credentials})
     policy.enforce(credentials, action, target)
コード例 #9
0
ファイル: rules.py プロジェクト: mahak/keystone 
 def enforce(self, credentials, action, target):
     msg = 'enforce %(action)s: %(credentials)s'
     LOG.debug(msg, {
         'action': action,
         'credentials': credentials})
     policy.enforce(credentials, action, target)