def test_check_is_admin_new_defaults(self): conf = oslo_fixture.Config(config.cfg.CONF) conf.config(group="oslo_policy", enforce_new_defaults=True) self.context = context.Context('admin', 'fake', roles=['AdMiN'], system_scope='all') self.assertTrue(policy.get_enforcer().check_is_admin(self.context))
def setUp(self): super(PolicyTestCase, self).setUp() self.conf = self.useFixture(oslo_fixture.Config()) # diltram: this one must be removed after fixing issue in oslo.config # https://bugs.launchpad.net/oslo.config/+bug/1645868 self.conf.conf.__call__(args=[]) policy.reset() self.context = context.Context('fake', 'fake', roles=['member']) self.rules = [ oslo_policy.RuleDefault("true", "@"), oslo_policy.RuleDefault("example:allowed", "@"), oslo_policy.RuleDefault("example:denied", "!"), oslo_policy.RuleDefault("example:get_http", "http://www.example.com"), oslo_policy.RuleDefault("example:my_file", "role:compute_admin or " "project_id:%(project_id)s"), oslo_policy.RuleDefault("example:early_and_fail", "! and @"), oslo_policy.RuleDefault("example:early_or_success", "@ or !"), oslo_policy.RuleDefault("example:lowercase_admin", "role:admin or role:sysadmin"), oslo_policy.RuleDefault("example:uppercase_admin", "role:ADMIN or role:sysadmin"), ] policy.get_enforcer().register_defaults(self.rules) self.target = {}
def setUp(self): super(IsAdminCheckTestCase, self).setUp() self.conf = self.useFixture(oslo_fixture.Config()) # diltram: this one must be removed after fixing issue in oslo.config # https://bugs.launchpad.net/oslo.config/+bug/1645868 self.conf.conf.__call__(args=[]) self.context = context.Context('fake', 'fake')
def on_route(self, state): user_id = state.request.headers.get('X-User-Id') user_id = state.request.headers.get('X-User', user_id) project = state.request.headers.get('X-Tenant-Id') project = state.request.headers.get('X-Tenant', project) project = state.request.headers.get('X-Project-Id', project) project = state.request.headers.get('X-Project', project) auth_token = state.request.headers.get('X-Auth-Token') state.request.context['octavia_context'] = context.Context( user_id=user_id, project_id=project, auth_token=auth_token)
def on_route(state): user_id = state.request.headers.get('X-User-Id') user_id = state.request.headers.get('X-User', user_id) tenant = state.request.headers.get('X-Tenant-Id') tenant = state.request.headers.get('X-Tenant', tenant) auth_token = state.request.headers.get('X-Auth-Token') state.request.context = context.Context(user_id=user_id, tenant_id=tenant, auth_token=auth_token)
def setUp(self): super(AdminRolePolicyTestCase, self).setUp() self.conf = self.useFixture(oslo_fixture.Config()) # diltram: this one must be removed after fixing issue in oslo.config # https://bugs.launchpad.net/oslo.config/+bug/1645868 self.conf.conf.__call__(args=[]) self.context = context.Context('fake', 'fake', roles=['member']) self.actions = policy.get_enforcer().get_rules().keys() self.target = {}
def test_ignore_case_role_check(self): lowercase_action = "example:lowercase_admin" uppercase_action = "example:uppercase_admin" # NOTE(dprince) we mix case in the Admin role here to ensure # case is ignored self.context = context.Context('admin', 'fake', roles=['AdMiN']) self.context.policy.register_defaults(self.rules) self.context.policy.authorize(lowercase_action, self.target) self.context.policy.authorize(uppercase_action, self.target)
def test_ignore_case_role_check(self): lowercase_action = "example:lowercase_admin" uppercase_action = "example:uppercase_admin" # NOTE(dprince) we mix case in the Admin role here to ensure # case is ignored self.context = context.Context('admin', 'fake', roles=['AdMiN']) policy.get_enforcer().authorize(lowercase_action, self.target, self.context) policy.get_enforcer().authorize(uppercase_action, self.target, self.context)
def test_modified_policy_reloads(self): with tempfile.NamedTemporaryFile(mode='w', delete=True) as tmp: self.conf.load_raw_values(group='oslo_policy', policy_file=tmp.name) self.context = context.Context('fake', 'fake') rule = oslo_policy.RuleDefault('example:test', "") self.context.policy.register_defaults([rule]) action = "example:test" tmp.write('{"example:test": ""}') tmp.flush() self.context.policy.authorize(action, self.target) tmp.seek(0) tmp.write('{"example:test": "!"}') tmp.flush() self.context.policy.load_rules(True) self.assertRaises(exceptions.NotAuthorized, self.context.policy.authorize, action, self.target)
def test_check_is_admin(self): self.context = context.Context('admin', 'fake', roles=['AdMiN']) self.assertTrue(policy.get_enforcer().check_is_admin(self.context))
def setUp(self): super(AdminRolePolicyTestCase, self).setUp() self.context = context.Context('fake', 'fake', roles=['member']) self.actions = self.context.policy.get_rules().keys() self.target = {}
def setUp(self): super(IsAdminCheckTestCase, self).setUp() self.context = context.Context('fake', 'fake')
def test_check_is_admin(self): self.context = context.Context('admin', 'fake', roles=['AdMiN']) self.context.policy.register_defaults(self.rules) self.assertTrue(self.context.policy.check_is_admin())