Пример #1
0
 def test_templatized_enforcement(self):
     target_mine = {'project_id': 'fake'}
     target_not_mine = {'project_id': 'another'}
     action = "example:my_file"
     policy.enforce(self.context, action, target_mine)
     self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                       self.context, action, target_not_mine)
Пример #2
0
 def test_templatized_enforcement(self):
     target_mine = {'project_id': 'fake'}
     target_not_mine = {'project_id': 'another'}
     action = "example:my_file"
     policy.enforce(self.context, action, target_mine)
     self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                       self.context, action, target_not_mine)
Пример #3
0
 def authorize(context, target=None, action=None):
     target = target or policy.default_target(context)
     if action is None:
         act = '%s_extension:%s' % (api_name, extension_name)
     else:
         act = '%s_extension:%s:%s' % (api_name, extension_name, action)
     policy.enforce(context, act, target)
Пример #4
0
 def test_ignore_case_role_check(self):
     lowercase_action = "example:lowercase_admin"
     uppercase_action = "example:uppercase_admin"
     # NOTE(dprince) we mix case in the Admin role here to ensure
     # case is ignored
     admin_context = context.RequestContext('admin',
                                            'fake',
                                            roles=['AdMiN'])
     policy.enforce(admin_context, lowercase_action, self.target)
     policy.enforce(admin_context, uppercase_action, self.target)
Пример #5
0
 def test_ignore_case_role_check(self):
     lowercase_action = "example:lowercase_admin"
     uppercase_action = "example:uppercase_admin"
     # NOTE(dprince) we mix case in the Admin role here to ensure
     # case is ignored
     admin_context = context.RequestContext('admin',
                                            'fake',
                                            roles=['AdMiN'])
     policy.enforce(admin_context, lowercase_action, self.target)
     policy.enforce(admin_context, uppercase_action, self.target)
Пример #6
0
    def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')
            self.flags(policy_file=tmpfilename)

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write("""{"example:test": []}""")
            policy.enforce(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write("""{"example:test": ["false:false"]}""")
            # NOTE(vish): reset stored policy cache so we don't have to
            # sleep(1)
            policy._POLICY_CACHE = {}
            self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                              self.context, action, self.target)
Пример #7
0
    def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')
            self.flags(policy_file=tmpfilename)

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write("""{"example:test": []}""")
            policy.enforce(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write("""{"example:test": ["false:false"]}""")
            # NOTE(vish): reset stored policy cache so we don't have to
            # sleep(1)
            policy._POLICY_CACHE = {}
            self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                              self.context, action, self.target)
Пример #8
0
    def test_enforce_http_true(self):
        def fakeurlopen(url, post_data):
            return six.StringIO("True")

        action = "example:get_http"
        target = {}
        with mock.patch.object(urlrequest, 'urlopen', fakeurlopen):
            result = policy.enforce(self.context, action, target)
        self.assertTrue(result)
Пример #9
0
    def test_enforce_http_true(self):

        def fakeurlopen(url, post_data):
            return six.StringIO("True")

        action = "example:get_http"
        target = {}
        with mock.patch.object(urlrequest, 'urlopen', fakeurlopen):
            result = policy.enforce(self.context, action, target)
        self.assertTrue(result)
Пример #10
0
 def test_modified_policy_reloads(self):
     with utils.tempdir() as tmpdir:
         tmpfilename = os.path.join(tmpdir, 'policy')
         CONF.set_override('policy_file', tmpfilename, group='oslo_policy')
         action = "example:test"
         with open(tmpfilename, "w") as policyfile:
             policyfile.write("""{"example:test": []}""")
         policy.init(tmpfilename)
         policy.enforce(self.context, action, self.target)
         with open(tmpfilename, "w") as policyfile:
             policyfile.write("""{"example:test": ["false:false"]}""")
         # NOTE(vish): reset stored policy cache so we don't have to
         # sleep(1)
         policy._ENFORCER.load_rules(True)
         self.assertRaises(
             exception.PolicyNotAuthorized,
             policy.enforce,
             self.context,
             action,
             self.target,
         )
Пример #11
0
 def test_modified_policy_reloads(self):
     with utils.tempdir() as tmpdir:
         tmpfilename = os.path.join(tmpdir, 'policy')
         CONF.set_override('policy_file', tmpfilename, group='oslo_policy')
         action = "example:test"
         with open(tmpfilename, "w") as policyfile:
             policyfile.write("""{"example:test": []}""")
         policy.init(tmpfilename)
         policy.enforce(self.context, action, self.target)
         with open(tmpfilename, "w") as policyfile:
             policyfile.write("""{"example:test": ["false:false"]}""")
         # NOTE(vish): reset stored policy cache so we don't have to
         # sleep(1)
         policy._ENFORCER.load_rules(True)
         self.assertRaises(
             exception.PolicyNotAuthorized,
             policy.enforce,
             self.context,
             action,
             self.target,
         )
Пример #12
0
 def test_not_found_policy_calls_default(self):
     policy.enforce(self.context, "example:noexist", {})
Пример #13
0
 def test_not_found_policy_calls_default(self):
     policy.enforce(self.context, "example:noexist", {})
Пример #14
0
 def test_enforce_good_action(self):
     action = "example:allowed"
     policy.enforce(self.context, action, self.target)
Пример #15
0
 def test_early_OR_enforcement(self):
     action = "example:early_or_success"
     policy.enforce(self.context, action, self.target)
Пример #16
0
 def test_enforce_good_action(self):
     action = "example:allowed"
     policy.enforce(self.context, action, self.target)
Пример #17
0
 def test_early_OR_enforcement(self):
     action = "example:early_or_success"
     policy.enforce(self.context, action, self.target)