예제 #1
0
    def test_verify_show_cant_view_other_tenant(self):
        req = webob.Request.blank(
            "/v2/faketenant_1/os-simple-tenant-usage/"
            "faketenant_0?start=%s&end=%s" % (START.isoformat(), STOP.isoformat())
        )
        req.method = "GET"
        req.headers["content-type"] = "application/json"

        rules = {"compute_extension:simple_tenant_usage:show": [["role:admin"], ["project_id:%(project_id)s"]]}
        common_policy.set_brain(common_policy.HttpBrain(rules))

        try:
            res = req.get_response(fakes.wsgi_app(fake_auth_context=self.alt_user_context))
            self.assertEqual(res.status_int, 403)
        finally:
            policy.reset()
예제 #2
0
    def test_verify_show_cant_view_other_tenant(self):
        req = webob.Request.blank('/v2/faketenant_1/os-simple-tenant-usage/'
                                  'faketenant_0?start=%s&end=%s' %
                                  (START.isoformat(), STOP.isoformat()))
        req.method = "GET"
        req.headers["content-type"] = "application/json"

        rules = {
            "compute_extension:simple_tenant_usage:show":
            [["role:admin"], ["project_id:%(project_id)s"]]
        }
        common_policy.set_brain(common_policy.HttpBrain(rules))

        try:
            res = req.get_response(
                fakes.wsgi_app(fake_auth_context=self.alt_user_context))
            self.assertEqual(res.status_int, 403)
        finally:
            policy.reset()
예제 #3
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     policy.reset()
     # NOTE(vish): preload rules to circumvent reloading from file
     policy.init()
     rules = {
         "true": [],
         "example:allowed": [],
         "example:denied": [["false:false"]],
         "example:get_http": [["http:http://www.example.com"]],
         "example:my_file": [["role:compute_admin"],
                             ["project_id:%(project_id)s"]],
         "example:early_and_fail": [["false:false", "rule:true"]],
         "example:early_or_success": [["rule:true"], ["false:false"]],
         "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]],
         "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]],
     }
     # NOTE(vish): then overload underlying brain
     common_policy.set_brain(common_policy.HttpBrain(rules))
     self.context = context.RequestContext('fake', 'fake', roles=['member'])
     self.target = {}
예제 #4
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     policy.reset()
     # NOTE(vish): preload rules to circumvent reloading from file
     policy.init()
     rules = {
         "true": [],
         "example:allowed": [],
         "example:denied": [["false:false"]],
         "example:get_http": [["http:http://www.example.com"]],
         "example:my_file": [["role:compute_admin"],
                             ["project_id:%(project_id)s"]],
         "example:early_and_fail": [["false:false", "rule:true"]],
         "example:early_or_success": [["rule:true"], ["false:false"]],
         "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]],
         "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]],
     }
     # NOTE(vish): then overload underlying brain
     common_policy.set_brain(common_policy.HttpBrain(rules))
     self.context = context.RequestContext('fake', 'fake', roles=['member'])
     self.target = {}
예제 #5
0
 def _set_brain(self, default_rule):
     brain = common_policy.HttpBrain(self.rules, default_rule)
     common_policy.set_brain(brain)
예제 #6
0
파일: policy.py 프로젝트: vishvananda/nova
def _set_brain(data):
    default_rule = FLAGS.policy_default_rule
    policy.set_brain(policy.Brain.load_json(data, default_rule))
예제 #7
0
 def _set_brain(self, default_rule):
     brain = common_policy.HttpBrain(self.rules, default_rule)
     common_policy.set_brain(brain)