def test_pass_rule_parameters(self, call_mock):
policy_file = self.get_config_file_fullname('policy.yaml')
access_file = self.get_config_file_fullname('access.json')
apply_rule = None
is_admin = False
stdout = self._capture_stdout()
access_data = copy.deepcopy(
token_fixture.PROJECT_SCOPED_TOKEN_FIXTURE["token"])
target = {
'user_id': access_data['user']['id'],
'project_id': access_data['project']['id']
}
access_data['roles'] = [
role['name'] for role in access_data['roles']]
access_data['user_id'] = access_data['user']['id']
access_data['project_id'] = access_data['project']['id']
access_data['is_admin'] = is_admin
shell.tool(policy_file, access_file, apply_rule, is_admin)
call_mock.assert_called_once_with(
target, access_data, mock.ANY,
current_rule="sampleservice:sample_rule")
expected = '''passed: sampleservice:sample_rule
'''
self.assertEqual(expected, stdout.getvalue())
def test_pass_rule_parameters_with_custom_target(self, call_mock):
apply_rule = None
is_admin = False
access_data = copy.deepcopy(
token_fixture.PROJECT_SCOPED_TOKEN_FIXTURE["token"])
access_data['roles'] = [
role['name'] for role in access_data['roles']]
access_data['user_id'] = access_data['user']['id']
access_data['project_id'] = access_data['project']['id']
access_data['is_admin'] = is_admin
sample_target = {
"project_id": access_data["project"]["id"],
"domain_id": access_data["project"]["domain"]["id"]
}
self.create_config_file(
"target.json",
jsonutils.dumps(sample_target))
policy_file = self.get_config_file_fullname('policy.yaml')
access_file = self.get_config_file_fullname('access.json')
target_file = self.get_config_file_fullname('target.json')
stdout = self._capture_stdout()
shell.tool(policy_file, access_file, apply_rule, is_admin,
target_file)
call_mock.assert_called_once_with(
sample_target, access_data, mock.ANY,
current_rule="sampleservice:sample_rule")
expected = '''passed: sampleservice:sample_rule
'''
self.assertEqual(expected, stdout.getvalue())
def test_all_nonadmin(self):
policy_file = self.get_config_file_fullname('policy.yaml')
access_file = self.get_config_file_fullname('access.json')
apply_rule = None
is_admin = False
stdout = self._capture_stdout()
shell.tool(policy_file, access_file, apply_rule, is_admin)
expected = '''passed: sampleservice:sample_rule
'''
self.assertEqual(expected, stdout.getvalue())
def test_pass_rule_parameters_sorted(self):
self.create_config_file("policy.yaml", self.SAMPLE_POLICY_UNSORTED)
policy_file = self.get_config_file_fullname('policy.yaml')
access_file = self.get_config_file_fullname('access.json')
apply_rule = None
is_admin = False
stdout = self._capture_stdout()
access_data = copy.deepcopy(
token_fixture.SCOPED_TOKEN_FIXTURE["token"])
access_data['roles'] = [role['name'] for role in access_data['roles']]
access_data['project_id'] = access_data['project']['id']
access_data['is_admin'] = is_admin
shell.tool(policy_file, access_file, apply_rule, is_admin)
expected = '''passed: sampleservice:sample_rule0
passed: sampleservice:sample_rule1
passed: sampleservice:sample_rule2
'''
self.assertEqual(expected, stdout.getvalue())
def test_pass_rule_parameters_with_scope(self):
self.create_config_file("policy.yaml", self.SAMPLE_POLICY_SCOPED)
self.create_config_file(
"access.json",
jsonutils.dumps(token_fixture.SYSTEM_SCOPED_TOKEN_FIXTURE))
policy_file = self.get_config_file_fullname('policy.yaml')
access_file = self.get_config_file_fullname('access.json')
apply_rule = None
is_admin = False
stdout = self._capture_stdout()
access_data = copy.deepcopy(
token_fixture.SYSTEM_SCOPED_TOKEN_FIXTURE["token"])
access_data['roles'] = [role['name'] for role in access_data['roles']]
access_data['user_id'] = access_data['user']['id']
access_data['is_admin'] = is_admin
shell.tool(policy_file, access_file, apply_rule, is_admin)
expected = '''passed: sampleservice:sample_rule
passed: sampleservice:scoped_rule
'''
self.assertEqual(expected, stdout.getvalue())
