def test_templatized_enforcement(self): target_mine = {"project_id": "fake"} target_not_mine = {"project_id": "another"} credentials = {"project_id": "fake", "roles": []} action = "example:my_file" rules.enforce(credentials, action, target_mine) self.assertRaises(exception.ForbiddenAction, rules.enforce, credentials, action, target_not_mine)
def test_templatized_enforcement(self): target_mine = {'project_id': 'fake'} target_not_mine = {'project_id': 'another'} credentials = {'project_id': 'fake', 'roles': []} action = "example:my_file" rules.enforce(credentials, action, target_mine) self.assertRaises(exception.ForbiddenAction, rules.enforce, credentials, action, target_not_mine)
def test_ignore_case_role_check(self): lowercase_action = "example:lowercase_admin" uppercase_action = "example:uppercase_admin" # NOTE(dprince) we mix case in the Admin role here to ensure # case is ignored admin_credentials = {'roles': ['AdMiN']} rules.enforce(admin_credentials, lowercase_action, self.target) rules.enforce(admin_credentials, uppercase_action, self.target)
def test_modified_policy_reloads(self): action = "example:test" empty_credentials = {} with open(self.tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": []}""") rules.enforce(empty_credentials, action, self.target) with open(self.tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": ["false:false"]}""") rules._ENFORCER.clear() self.assertRaises(exception.ForbiddenAction, rules.enforce, empty_credentials, action, self.target)
def test_modified_policy_reloads(self): action = "example:test" empty_credentials = {} with open(self.tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": []}""") rules.enforce(empty_credentials, action, self.target) with open(self.tmpfilename, "w") as policyfile: policyfile.write("""{"example:test": ["false:false"]}""") # NOTE(vish): reset stored policy cache so we don't have to sleep(1) rules._POLICY_CACHE = {} self.assertRaises(exception.ForbiddenAction, rules.enforce, empty_credentials, action, self.target)
def test_enforce_http_true(self): def fakeurlopen(url, post_data): return StringIO.StringIO("True") self.stubs.Set(urllib2, "urlopen", fakeurlopen) action = "example:get_http" target = {} result = rules.enforce(self.credentials, action, target) self.assertTrue(result)
def test_enforce_http_true(self): def fakeurlopen(url, post_data): return StringIO.StringIO("True") self.stubs.Set(urllib2, 'urlopen', fakeurlopen) action = "example:get_http" target = {} result = rules.enforce(self.credentials, action, target) self.assertTrue(result)
def test_enforce_http_true(self): def fakeurlopen(url, post_data): return six.StringIO("True") action = "example:get_http" target = {} with mock.patch.object(urlrequest, "urlopen", fakeurlopen): result = rules.enforce(self.credentials, action, target) self.assertTrue(result)
def test_enforce_http_true(self): def fakeurlopen(url, post_data): return six.StringIO("True") action = "example:get_http" target = {} with mock.patch.object(urlrequest, 'urlopen', fakeurlopen): result = rules.enforce(self.credentials, action, target) self.assertTrue(result)
def test_not_found_policy_calls_default(self): rules.enforce(self.credentials, "example:noexist", {})
def test_early_OR_enforcement(self): action = "example:early_or_success" rules.enforce(self.credentials, action, self.target)
def test_enforce_good_action(self): action = "example:allowed" rules.enforce(self.credentials, action, self.target)