def test_get_roles_context_is_admin_rule_missing(self): rules = dict((k, common_policy.parse_rule(v)) for k, v in { "some_other_rule": "role:admin", }.items()) common_policy.set_rules(common_policy.Rules(rules)) # 'admin' role is expected for bw compatibility self.assertEqual(['admin'], policy.get_admin_roles())
def test_get_roles_with_rule_check(self): rules = dict( (k, common_policy.parse_rule(v)) for k, v in {policy.ADMIN_CTX_POLICY: "rule:some_other_rule", "some_other_rule": "role:admin"}.items() ) common_policy.set_rules(common_policy.Rules(rules)) self.assertEqual(["admin"], policy.get_admin_roles())
def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no", roles=None, timestamp=None, **kwargs): """ :param read_deleted: 'no' indicates deleted records are hidden, 'yes' indicates deleted records are visible, 'only' indicates that *only* deleted records are visible. """ if kwargs: LOG.warn(_('Arguments dropped when creating ' 'context: %s'), kwargs) super(ContextBase, self).__init__(user=user_id, tenant=tenant_id, is_admin=is_admin) self.read_deleted = read_deleted if not timestamp: timestamp = datetime.utcnow() self.timestamp = timestamp self._session = None self.roles = roles or [] if self.is_admin is None: self.is_admin = policy.check_is_admin(self) elif self.is_admin: # Ensure context is populated with admin roles # TODO(salvatore-orlando): It should not be necessary # to populate roles in artificially-generated contexts # address in bp/make-authz-orthogonal admin_roles = policy.get_admin_roles() if admin_roles: self.roles = list(set(self.roles) | set(admin_roles))
def test_get_roles_with_rule_check(self): rules = dict((k, common_policy.parse_rule(v)) for k, v in { policy.ADMIN_CTX_POLICY: "rule:some_other_rule", "some_other_rule": "role:admin", }.items()) common_policy.set_rules(common_policy.Rules(rules)) self.assertEqual(['admin'], policy.get_admin_roles())
def test_get_roles_with_or_check(self): self.rules = dict( (k, common_policy.parse_rule(v)) for k, v in { policy.ADMIN_CTX_POLICY: "rule:rule1 or rule:rule2", "rule1": "role:admin_1", "rule2": "role:admin_2" }.items()) self.assertEqual(['admin_1', 'admin_2'], policy.get_admin_roles())
def test_get_roles_with_or_check(self): self.rules = dict((k, common_policy.parse_rule(v)) for k, v in { policy.ADMIN_CTX_POLICY: "rule:rule1 or rule:rule2", "rule1": "role:admin_1", "rule2": "role:admin_2" }.items()) self.assertEqual(['admin_1', 'admin_2'], policy.get_admin_roles())
def __init__(self, user_id, tenant_id, is_admin=None, read_deleted="no", roles=None, timestamp=None, **kwargs): """Object initialization. :param read_deleted: 'no' indicates deleted records are hidden, 'yes' indicates deleted records are visible, 'only' indicates that *only* deleted records are visible. """ if kwargs: LOG.warn(_('Arguments dropped when creating ' 'context: %s'), kwargs) super(ContextBase, self).__init__(user=user_id, tenant=tenant_id, is_admin=is_admin) self.read_deleted = read_deleted if not timestamp: timestamp = datetime.utcnow() self.timestamp = timestamp self._session = None self.roles = roles or [] if self.is_admin is None: self.is_admin = policy.check_is_admin(self) elif self.is_admin: # Ensure context is populated with admin roles # TODO(salvatore-orlando): It should not be necessary # to populate roles in artificially-generated contexts # address in bp/make-authz-orthogonal admin_roles = policy.get_admin_roles() if admin_roles: self.roles = list(set(self.roles) | set(admin_roles))
def test_get_roles_with_other_rules(self): self.rules = dict((k, common_policy.parse_rule(v)) for k, v in { policy.ADMIN_CTX_POLICY: "role:xxx or other:value", }.items()) self.assertEqual(['xxx'], policy.get_admin_roles())
def test_get_roles_with_other_rules(self): self.rules = dict( (k, common_policy.parse_rule(v)) for k, v in {policy.ADMIN_CTX_POLICY: "role:xxx or other:value"}.items() ) self.assertEqual(["xxx"], policy.get_admin_roles())