def test_templatized_enforcement(self):
target_mine = {'project_id': 'fake'}
target_not_mine = {'project_id': 'another'}
action = "example:my_file"
policy.enforce(self.context, action, target_mine)
self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce,
self.context, action, target_not_mine)
def test_templatized_enforcement(self):
target_mine = {'project_id': 'fake'}
target_not_mine = {'project_id': 'another'}
action = "example:my_file"
policy.enforce(self.context, action, target_mine)
self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce,
self.context, action, target_not_mine)
def test_standardpolicy(self):
target_good = {'user_id': self.context.user_id,
'project_id': self.context.project_id}
target_wrong = {'user_id': self.context.user_id,
'project_id': 'bad_project'}
action = "climate:leases"
self.assertEqual(True, policy.enforce(self.context, action,
target_good))
self.assertEqual(False, policy.enforce(self.context, action,
target_wrong, False))
def test_standardpolicy(self):
target_good = {'user_id': self.context.user_id,
'project_id': self.context.project_id}
target_wrong = {'user_id': self.context.user_id,
'project_id': 'bad_project'}
action = "climate:leases"
self.assertEqual(True, policy.enforce(self.context, action,
target_good))
self.assertEqual(False, policy.enforce(self.context, action,
target_wrong, False))
def get_leases(self):
"""List all existing leases."""
ctx = context.current()
if policy.enforce(ctx, 'admin', {}, do_raise=False):
project_id = None
else:
project_id = ctx.project_id
return self.manager_rpcapi.list_leases(project_id=project_id)
def test_elevatedpolicy(self):
target = {'user_id': self.context.user_id,
'project_id': self.context.project_id}
action = "climate:oshosts"
self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce,
self.context, action, target)
elevated_context = self.context.elevated()
self.assertEqual(True,
policy.enforce(elevated_context, action, target))
def test_elevatedpolicy(self):
target = {'user_id': self.context.user_id,
'project_id': self.context.project_id}
action = "climate:oshosts"
self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce,
self.context, action, target)
elevated_context = self.context.elevated()
self.assertEqual(True,
policy.enforce(elevated_context, action, target))
def ctx_from_headers(headers):
ctx = context.ClimateContext(
user_id=headers['X-User-Id'],
tenant_id=headers['X-Tenant-Id'],
auth_token=headers['X-Auth-Token'],
service_catalog=headers['X-Service-Catalog'],
user_name=headers['X-User-Name'],
tenant_name=headers['X-Tenant-Name'],
roles=map(unicode.strip, headers['X-Roles'].split(',')),
)
target = {'tenant_id': ctx.tenant_id, 'user_id': ctx.user_id}
if policy.enforce(ctx, "admin", target, do_raise=False):
return ctx.elevated()
else:
return ctx
def test_enforce_good_action(self):
action = "example:allowed"
result = policy.enforce(self.context, action, {}, False)
self.assertEqual(result, True)
def test_not_found_policy_calls_default(self):
result = policy.enforce(self.context, "example:noexist", {}, False)
self.assertEqual(result, True)
def test_standardpolicy(self):
target_good = {"user_id": self.context.user_id, "tenant_id": self.context.tenant_id}
target_wrong = {"user_id": self.context.user_id, "tenant_id": "bad_tenant"}
action = "climate:leases"
self.assertEqual(True, policy.enforce(self.context, action, target_good))
self.assertEqual(False, policy.enforce(self.context, action, target_wrong, False))
def test_templatized_enforcement(self):
target_mine = {"tenant_id": "fake"}
target_not_mine = {"tenant_id": "another"}
action = "example:my_file"
policy.enforce(self.context, action, target_mine)
self.assertRaises(exceptions.PolicyNotAuthorized, policy.enforce, self.context, action, target_not_mine)
def test_enforce_good_action(self):
action = "example:allowed"
result = policy.enforce(self.context, action, {}, False)
self.assertEqual(result, True)
def test_not_found_policy_calls_default(self):
result = policy.enforce(self.context, "example:noexist", {}, False)
self.assertEqual(result, True)
