def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
policy.reset()
policy.init(suppress_deprecation_warnings=True)
self.rules = {"default": [], "example:exist": "false:false"}
self._set_rules('default')
self.context = context.RequestContext('fake', 'fake')
def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
policy.reset()
policy.init()
self.rules = {"default": [], "example:exist": [["false:false"]]}
self._set_rules('default')
self.context = context.RequestContext('fake', 'fake')
def test_authorize_does_not_raise_forbidden(self, method):
self.fixture.config(enforce_scope=False, group='oslo_policy')
project_context = context.RequestContext(project_id='fake-project-id',
roles=['bar'])
policy.reset()
policy.init()
rule = common_policy.RuleDefault('foo', 'role:bar',
scope_types=['system'])
policy._ENFORCER.register_defaults([rule])
self.assertTrue(getattr(policy, method)(project_context, 'foo', {}))
def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
policy.reset()
policy.init()
self.rules = {
"default": [],
"example:exist": [["false:false"]]
}
self._set_rules('default')
self.context = context.RequestContext('fake', 'fake')
def test_authorize_properly_handles_invalid_scope_exception(self, method):
self.fixture.config(enforce_scope=True, group='oslo_policy')
project_context = context.RequestContext(project_id='fake-project-id',
roles=['bar'])
policy.reset()
policy.init()
rule = common_policy.RuleDefault('foo', 'role:bar',
scope_types=['system'])
policy._ENFORCER.register_defaults([rule])
self.assertRaises(exception.PolicyNotAuthorized,
getattr(policy, method),
project_context, 'foo', {})
def setUp(self):
super(PolicyTestCase, self).setUp()
policy.reset()
policy.init()
self.rules = {
"true": [],
"example:allowed": [],
"example:denied": [["false:false"]],
"example:get_http": [["http:http://www.example.com"]],
"example:my_file": [["role:compute_admin"],
["project_id:%(project_id)s"]],
"example:early_and_fail": [["false:false", "rule:true"]],
"example:early_or_success": [["rule:true"], ["false:false"]],
"example:lowercase_admin": [["role:admin"], ["role:sysadmin"]],
"example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]],
}
self._set_rules()
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
def setUp(self):
super(PolicyTestCase, self).setUp()
policy.reset()
policy.init()
self.rules = {
"true": [],
"example:allowed": [],
"example:denied": [["false:false"]],
"example:get_http": [["http:http://www.example.com"]],
"example:my_file": [["role:compute_admin"],
["project_id:%(project_id)s"]],
"example:early_and_fail": [["false:false", "rule:true"]],
"example:early_or_success": [["rule:true"], ["false:false"]],
"example:lowercase_admin": [["role:admin"], ["role:sysadmin"]],
"example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]],
}
self._set_rules()
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
def setUp(self):
super(PolicyTestCase, self).setUp()
rules = [
common_policy.RuleDefault("true", '@'),
common_policy.RuleDefault("test:allowed", '@'),
common_policy.RuleDefault("test:denied", "!"),
common_policy.RuleDefault(
"test:my_file", "role:compute_admin or "
"project_id:%(project_id)s"),
common_policy.RuleDefault("test:early_and_fail", "! and @"),
common_policy.RuleDefault("test:early_or_success", "@ or !"),
common_policy.RuleDefault("test:lowercase_admin", "role:admin"),
common_policy.RuleDefault("test:uppercase_admin", "role:ADMIN"),
]
policy.reset()
policy.init(suppress_deprecation_warnings=True)
# before a policy rule can be used, its default has to be registered.
policy._ENFORCER.register_defaults(rules)
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
self.addCleanup(policy.reset)
def setUp(self):
super(ContextIsAdminPolicyTestCase, self).setUp()
policy.reset()
policy.init()
def tearDown(self):
super(DefaultPolicyTestCase, self).tearDown()
policy.reset()
def tearDown(self):
policy.reset()
super(PolicyTestCase, self).tearDown()
def tearDown(self):
super(DefaultPolicyTestCase, self).tearDown()
policy.reset()
def setUp(self):
super(ContextIsAdminPolicyTestCase, self).setUp()
policy.reset()
policy.init(suppress_deprecation_warnings=True)
def setUp(self):
super(PolicyFileTestCase, self).setUp()
# since is_admin is defined by policy, create context before reset
self.context = context.RequestContext('fake', 'fake')
policy.reset()
self.target = {}
def setUp(self):
super(ContextIsAdminPolicyTestCase, self).setUp()
policy.reset()
policy.init()
def tearDown(self):
super(PolicyFileTestCase, self).tearDown()
policy.reset()
def setUp(self):
super(PolicyFileTestCase, self).setUp()
# since is_admin is defined by policy, create context before reset
self.context = context.RequestContext('fake', 'fake')
policy.reset()
self.target = {}
def tearDown(self):
policy.reset()
super(PolicyTestCase, self).tearDown()
def tearDown(self):
super(PolicyFileTestCase, self).tearDown()
policy.reset()
