def test_pass_rule_parameters(self, call_mock): policy_file = self.get_config_file_fullname('policy.yaml') access_file = self.get_config_file_fullname('access.json') apply_rule = None is_admin = False stdout = self._capture_stdout() access_data = copy.deepcopy( token_fixture.PROJECT_SCOPED_TOKEN_FIXTURE["token"]) target = { 'user_id': access_data['user']['id'], 'project_id': access_data['project']['id'] } access_data['roles'] = [ role['name'] for role in access_data['roles']] access_data['user_id'] = access_data['user']['id'] access_data['project_id'] = access_data['project']['id'] access_data['is_admin'] = is_admin shell.tool(policy_file, access_file, apply_rule, is_admin) call_mock.assert_called_once_with( target, access_data, mock.ANY, current_rule="sampleservice:sample_rule") expected = '''passed: sampleservice:sample_rule ''' self.assertEqual(expected, stdout.getvalue())
def test_pass_rule_parameters_with_custom_target(self, call_mock): apply_rule = None is_admin = False access_data = copy.deepcopy( token_fixture.PROJECT_SCOPED_TOKEN_FIXTURE["token"]) access_data['roles'] = [ role['name'] for role in access_data['roles']] access_data['user_id'] = access_data['user']['id'] access_data['project_id'] = access_data['project']['id'] access_data['is_admin'] = is_admin sample_target = { "project_id": access_data["project"]["id"], "domain_id": access_data["project"]["domain"]["id"] } self.create_config_file( "target.json", jsonutils.dumps(sample_target)) policy_file = self.get_config_file_fullname('policy.yaml') access_file = self.get_config_file_fullname('access.json') target_file = self.get_config_file_fullname('target.json') stdout = self._capture_stdout() shell.tool(policy_file, access_file, apply_rule, is_admin, target_file) call_mock.assert_called_once_with( sample_target, access_data, mock.ANY, current_rule="sampleservice:sample_rule") expected = '''passed: sampleservice:sample_rule ''' self.assertEqual(expected, stdout.getvalue())
def test_all_nonadmin(self): policy_file = self.get_config_file_fullname('policy.yaml') access_file = self.get_config_file_fullname('access.json') apply_rule = None is_admin = False stdout = self._capture_stdout() shell.tool(policy_file, access_file, apply_rule, is_admin) expected = '''passed: sampleservice:sample_rule ''' self.assertEqual(expected, stdout.getvalue())
def test_pass_rule_parameters_sorted(self): self.create_config_file("policy.yaml", self.SAMPLE_POLICY_UNSORTED) policy_file = self.get_config_file_fullname('policy.yaml') access_file = self.get_config_file_fullname('access.json') apply_rule = None is_admin = False stdout = self._capture_stdout() access_data = copy.deepcopy( token_fixture.SCOPED_TOKEN_FIXTURE["token"]) access_data['roles'] = [role['name'] for role in access_data['roles']] access_data['project_id'] = access_data['project']['id'] access_data['is_admin'] = is_admin shell.tool(policy_file, access_file, apply_rule, is_admin) expected = '''passed: sampleservice:sample_rule0 passed: sampleservice:sample_rule1 passed: sampleservice:sample_rule2 ''' self.assertEqual(expected, stdout.getvalue())
def test_pass_rule_parameters_with_scope(self): self.create_config_file("policy.yaml", self.SAMPLE_POLICY_SCOPED) self.create_config_file( "access.json", jsonutils.dumps(token_fixture.SYSTEM_SCOPED_TOKEN_FIXTURE)) policy_file = self.get_config_file_fullname('policy.yaml') access_file = self.get_config_file_fullname('access.json') apply_rule = None is_admin = False stdout = self._capture_stdout() access_data = copy.deepcopy( token_fixture.SYSTEM_SCOPED_TOKEN_FIXTURE["token"]) access_data['roles'] = [role['name'] for role in access_data['roles']] access_data['user_id'] = access_data['user']['id'] access_data['is_admin'] = is_admin shell.tool(policy_file, access_file, apply_rule, is_admin) expected = '''passed: sampleservice:sample_rule passed: sampleservice:scoped_rule ''' self.assertEqual(expected, stdout.getvalue())