def test_project_id_is_none(self): policy = _policy.Policy(POLICY_FILE) self._test_policy(policy, 'project-none', True, {'project_id': None}, tests_base.TestCredentials({})) self._test_policy(policy, 'project-none', False, {'project_id': '1234'}, tests_base.TestCredentials({}))
def test_custom_attr(self): class CustomClass(dict): def __init__(self, headers): super(CustomClass, self).__init__(cred_attr=headers['cred-attr']) policy = _policy.Policy(POLICY_FILE) self._test_policy(policy, 'target-attribute', True, {'target_attr': '1'}, CustomClass({'cred-attr': '1'})) self._test_policy(policy, 'target-attribute', False, {'target_attr': '2'}, CustomClass({'cred-attr': '1'}))
def test_add_rule(self): policy = _policy.Policy(POLICY_FILE) self._test_policy( policy, 'user-moshe', True, {}, tests_base.TestCredentials({tests_base.HEADER_USER_NAME: 'moshe'})) self._test_policy( policy, 'user-haim', False, {}, tests_base.TestCredentials({tests_base.HEADER_USER_NAME: 'haim'})) policy.set({'user-haim': 'user_name:haim'}) self._test_policy( policy, 'user-moshe', True, {}, tests_base.TestCredentials({tests_base.HEADER_USER_NAME: 'moshe'})) self._test_policy( policy, 'user-haim', True, {}, tests_base.TestCredentials({tests_base.HEADER_USER_NAME: 'haim'}))
def __init__(self, api, resource_package, policy_file=None, credentials_class=None, backend_args=None, **resource_params): backend_args = backend_args or {} self._backend = backends.get(api, **backend_args) self._policy = policy.Policy(policy_file=policy_file) self._resources = resource_node.ResourceNode() resource_params.update({ '_policy': self._policy, '_resource_package': resource_package, '_credentials_class': credentials_class, }) self._backend.add_resources(self._resources, resource_package, **resource_params) self._backend.add_resources(self._resources, common_resources, **resource_params)
def test_policy(self): policy = _policy.Policy(POLICY_FILE) self._test_policy( policy, 'project-admin', True, {'project_id': 'project-id-1'}, tests_base.TestCredentials({ tests_base.HEADER_ROLES: 'project_admin', tests_base.HEADER_PROJECT_ID: 'project-id-1' })) self._test_policy( policy, 'project-admin', True, {'project_id': 'project-id-2'}, tests_base.TestCredentials({ tests_base.HEADER_ROLES: 'admin', tests_base.HEADER_PROJECT_ID: 'project-id-1' })) self._test_policy( policy, 'project-admin', False, {'project_id': 'project-id-2'}, tests_base.TestCredentials({ tests_base.HEADER_ROLES: 'project_admin', tests_base.HEADER_PROJECT_ID: 'project-id-1' })) self._test_policy( policy, 'project-admin-list', True, {'project_id': 'project-id-1'}, tests_base.TestCredentials({ tests_base.HEADER_ROLES: 'project_admin', tests_base.HEADER_PROJECT_ID: 'project-id-1' })) self._test_policy( policy, 'project-admin-list', True, {'project_id': 'project-id-2'}, tests_base.TestCredentials({ tests_base.HEADER_ROLES: 'admin', tests_base.HEADER_PROJECT_ID: 'project-id-1' })) self._test_policy( policy, 'project-admin-list', False, {'project_id': 'project-id-2'}, tests_base.TestCredentials({ tests_base.HEADER_ROLES: 'project_admin', tests_base.HEADER_PROJECT_ID: 'project-id-1' })) self._test_policy( policy, 'user-moshe-reference', True, {}, tests_base.TestCredentials({tests_base.HEADER_USER_NAME: 'moshe'})) self._test_policy( policy, 'user-moshe-reference', False, {}, tests_base.TestCredentials({tests_base.HEADER_USER_NAME: 'haim'})) self._test_policy(policy, 'allow-all', True, {}, {}) self._test_policy(policy, 'deny-all', False, {}, {}) self._test_policy(policy, 'rule-does-not-exists', False, {}, {})