def test_templatized_enforcement(self): target_mine = {'project_id': 'fake'} target_not_mine = {'project_id': 'another'} action = "example:my_file" policy.enforce(self.context, action, target_mine) self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce, self.context, action, target_not_mine)
def test_standardpolicy(self): target_good = {'user_id': self.context.user_id, 'project_id': self.context.project_id} target_wrong = {'user_id': self.context.user_id, 'project_id': 'bad_project'} action = "climate:leases" self.assertEqual(True, policy.enforce(self.context, action, target_good)) self.assertEqual(False, policy.enforce(self.context, action, target_wrong, False))
def get_leases(self): """List all existing leases.""" ctx = context.current() if policy.enforce(ctx, 'admin', {}, do_raise=False): project_id = None else: project_id = ctx.project_id return self.manager_rpcapi.list_leases(project_id=project_id)
def test_elevatedpolicy(self): target = {'user_id': self.context.user_id, 'project_id': self.context.project_id} action = "climate:oshosts" self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce, self.context, action, target) elevated_context = self.context.elevated() self.assertEqual(True, policy.enforce(elevated_context, action, target))
def ctx_from_headers(headers): ctx = context.ClimateContext( user_id=headers['X-User-Id'], tenant_id=headers['X-Tenant-Id'], auth_token=headers['X-Auth-Token'], service_catalog=headers['X-Service-Catalog'], user_name=headers['X-User-Name'], tenant_name=headers['X-Tenant-Name'], roles=map(unicode.strip, headers['X-Roles'].split(',')), ) target = {'tenant_id': ctx.tenant_id, 'user_id': ctx.user_id} if policy.enforce(ctx, "admin", target, do_raise=False): return ctx.elevated() else: return ctx
def test_enforce_good_action(self): action = "example:allowed" result = policy.enforce(self.context, action, {}, False) self.assertEqual(result, True)
def test_not_found_policy_calls_default(self): result = policy.enforce(self.context, "example:noexist", {}, False) self.assertEqual(result, True)
def test_standardpolicy(self): target_good = {"user_id": self.context.user_id, "tenant_id": self.context.tenant_id} target_wrong = {"user_id": self.context.user_id, "tenant_id": "bad_tenant"} action = "climate:leases" self.assertEqual(True, policy.enforce(self.context, action, target_good)) self.assertEqual(False, policy.enforce(self.context, action, target_wrong, False))
def test_templatized_enforcement(self): target_mine = {"tenant_id": "fake"} target_not_mine = {"tenant_id": "another"} action = "example:my_file" policy.enforce(self.context, action, target_mine) self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce, self.context, action, target_not_mine)