def test_get_roles_context_is_admin_rule_missing(self): rules = dict((k, common_policy.parse_rule(v)) for k, v in { "some_other_rule": "role:admin", }.items()) common_policy.set_rules(common_policy.Rules(rules)) # 'admin' role is expected for bw compatibility self.assertEqual(['admin'], policy.get_admin_roles())
def test_get_roles_with_rule_check(self): rules = dict((k, common_policy.parse_rule(v)) for k, v in { policy.ADMIN_CTX_POLICY: "rule:some_other_rule", "some_other_rule": "role:admin", }.items()) policy.set_rules(common_policy.Rules(rules)) self.assertEqual(['admin'], policy.get_admin_roles())
def setUp(self): super(UOSExtensionPolicyTestCase, self).setUp() policy.reset() policy.init() rules = { "associate_floatingip_router": "not role:project_observer", "get_router_details": "role:admin", "remove_router_portforwarding": "role:member" } common_policy.set_rules( common_policy.Rules( dict((k, common_policy.parse_rule(v)) for k, v in rules.items()))) self.context = context.Context('fake', 'fake', roles=['member']) self.request = FakeRequest(self.context) self.target = {} self.controller = uos.UosController()
def test_policy_404(self): with self.subnet(cidr='12.0.0.0/24') as public_sub: self._set_net_external(public_sub['subnet']['network_id']) fip = self._make_floatingip(self.fmt, public_sub['subnet']['network_id']) policy.reset() policy.init() rules = {"delete_floatingip": "role:admin_only"} common_policy.set_rules( common_policy.Rules( dict((k, common_policy.parse_rule(v)) for k, v in rules.items()))) fip_id = fip['floatingip']['id'] self.context = context.Context('fake', 'fake', roles=['member']) req = self.new_delete_request('floatingips', fip_id) req.environ['neutron.context'] = self.context res = req.get_response(self._api_for_resource('floatingips')) self.assertEqual(404, res.status_int) policy.reset() policy.init() self._delete('floatingips', fip_id)
def setUp(self): super(PolicyTestCase, self).setUp() policy.reset() self.addCleanup(policy.reset) # NOTE(vish): preload rules to circumvent reloading from file policy.init() rules = { "true": '@', "example:allowed": '@', "example:denied": '!', "example:get_http": "http:http://www.example.com", "example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s", "example:early_and_fail": "! and @", "example:early_or_success": "@ or !", "example:lowercase_admin": "role:admin or role:sysadmin", "example:uppercase_admin": "role:ADMIN or role:sysadmin", } # NOTE(vish): then overload underlying rules common_policy.set_rules(common_policy.Rules( dict((k, common_policy.parse_rule(v)) for k, v in rules.items()))) self.context = context.Context('fake', 'fake', roles=['member']) self.target = {}
def fakepolicyinit(): common_policy.set_rules(common_policy.Rules(self.rules))
def _set_rules(self, default_rule): rules = common_policy.Rules( dict((k, common_policy.parse_rule(v)) for k, v in self.rules.items()), default_rule) common_policy.set_rules(rules)
def fakepolicyinit(self, **kwargs): enf = policy._ENFORCER enf.set_rules(common_policy.Rules(self.rules))