def test_check_raises(self):
policy._rules = None
try:
policy.check('rule', 'target', 'creds', TestException,
"arg1", "arg2", kw1="kwarg1", kw2="kwarg2")
except TestException as exc:
self.assertEqual(exc.args, ("arg1", "arg2"))
self.assertEqual(exc.kwargs, dict(kw1="kwarg1", kw2="kwarg2"))
else:
self.fail("policy.check() failed to raise requested exception")
def test_check_explicit(self):
policy._rules = None
rule = FakeCheck()
result = policy.check(rule, "target", "creds")
self.assertEqual(result, ("target", "creds"))
self.assertEqual(policy._rules, None)
def test_check_explicit(self):
policy._rules = None
rule = FakeCheck()
result = policy.check(rule, "target", "creds")
self.assertEqual(result, ("target", "creds"))
self.assertEqual(policy._rules, None)
def check(context, action, target, plugin=None, might_not_exist=False):
"""Verifies that the action is valid on the target in this context.
:param context: neutron context
:param action: string representing the action to be checked
this should be colon separated for clarity.
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param plugin: currently unused and deprecated.
Kept for backward compatibility.
:param might_not_exist: If True the policy check is skipped (and the
function returns True) if the specified policy does not exist.
Defaults to false.
:return: Returns True if access is permitted else False.
"""
if might_not_exist and not (policy._rules and action in policy._rules):
return True
return policy.check(*(_prepare_check(context, action, target)))
def check(context, action, target, plugin=None, might_not_exist=False):
"""Verifies that the action is valid on the target in this context.
:param context: neutron context
:param action: string representing the action to be checked
this should be colon separated for clarity.
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param plugin: currently unused and deprecated.
Kept for backward compatibility.
:param might_not_exist: If True the policy check is skipped (and the
function returns True) if the specified policy does not exist.
Defaults to false.
:return: Returns True if access is permitted else False.
"""
if might_not_exist and not (policy._rules and action in policy._rules):
return True
return policy.check(*(_prepare_check(context, action, target)))
def enforce(context, action, target, plugin=None):
"""Verifies that the action is valid on the target in this context.
:param context: neutron context
:param action: string representing the action to be checked
this should be colon separated for clarity.
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param plugin: currently unused and deprecated.
Kept for backward compatibility.
:raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
"""
rule, target, credentials = _prepare_check(context, action, target)
result = policy.check(rule, target, credentials, action=action)
if not result:
#LOG.debug(_("Failed policy check for '%s'"), action)
raise exceptions.PolicyNotAuthorized(action=action)
return result
def enforce(context, action, target, plugin=None):
"""Verifies that the action is valid on the target in this context.
:param context: neutron context
:param action: string representing the action to be checked
this should be colon separated for clarity.
:param target: dictionary representing the object of the action
for object creation this should be a dictionary representing the
location of the object e.g. ``{'project_id': context.project_id}``
:param plugin: currently unused and deprecated.
Kept for backward compatibility.
:raises neutron.exceptions.PolicyNotAuthorized: if verification fails.
"""
rule, target, credentials = _prepare_check(context, action, target)
result = policy.check(rule, target, credentials, action=action)
if not result:
#LOG.debug(_("Failed policy check for '%s'"), action)
raise exceptions.PolicyNotAuthorized(action=action)
return result
def test_check_with_rule(self):
policy._rules = dict(default=FakeCheck())
result = policy.check("default", "target", "creds")
self.assertEqual(result, ("target", "creds"))
def test_check_missing_rule(self):
policy._rules = {}
result = policy.check('rule', 'target', 'creds')
self.assertEqual(result, False)
def test_check_no_rules(self):
policy._rules = None
result = policy.check('rule', "target", "creds")
self.assertEqual(result, False)
self.assertEqual(policy._rules, None)
def test_check_with_rule(self):
policy._rules = dict(default=FakeCheck())
result = policy.check("default", "target", "creds")
self.assertEqual(result, ("target", "creds"))
def test_check_missing_rule(self):
policy._rules = {}
result = policy.check('rule', 'target', 'creds')
self.assertEqual(result, False)
def test_check_no_rules(self):
policy._rules = None
result = policy.check('rule', "target", "creds")
self.assertEqual(result, False)
self.assertEqual(policy._rules, None)
