Python enforce示例，ironic.common.policy.enforce Python示例

示例#1

0

显示文件

文件： hooks.py 项目： juliakreger/ironic

    def before(self, state):
        headers = state.request.headers

        # Do not pass any token with context for noauth mode
        auth_token = (None if cfg.CONF.auth_strategy == 'noauth' else
                      headers.get('X-Auth-Token'))

        creds = {
            'user': headers.get('X-User') or headers.get('X-User-Id'),
            'tenant': headers.get('X-Tenant') or headers.get('X-Tenant-Id'),
            'domain_id': headers.get('X-User-Domain-Id'),
            'domain_name': headers.get('X-User-Domain-Name'),
            'auth_token': auth_token,
            'roles': headers.get('X-Roles', '').split(','),
        }

        is_admin = policy.enforce('admin_api', creds, creds)
        is_public_api = state.request.environ.get('is_public_api', False)
        show_password = policy.enforce('show_password', creds, creds)

        state.request.context = context.RequestContext(
            is_admin=is_admin,
            is_public_api=is_public_api,
            show_password=show_password,
            **creds)

示例#2

0

显示文件

文件： hooks.py 项目： Tan0/ironic

    def before(self, state):
        headers = state.request.headers

        # Do not pass any token with context for noauth mode
        auth_token = (None if cfg.CONF.auth_strategy == 'noauth' else
                      headers.get('X-Auth-Token'))

        creds = {
            'user': headers.get('X-User') or headers.get('X-User-Id'),
            'tenant': headers.get('X-Tenant') or headers.get('X-Tenant-Id'),
            'domain_id': headers.get('X-User-Domain-Id'),
            'domain_name': headers.get('X-User-Domain-Name'),
            'auth_token': auth_token,
            'roles': headers.get('X-Roles', '').split(','),
        }

        # NOTE(adam_g): We also check the previous 'admin' rule to ensure
        # compat with default juno policy.json.  This double check may be
        # removed in Liberty.
        is_admin = (policy.enforce('admin_api', creds, creds)
                    or policy.enforce('admin', creds, creds))
        is_public_api = state.request.environ.get('is_public_api', False)
        show_password = policy.enforce('show_password', creds, creds)

        state.request.context = context.RequestContext(
            is_admin=is_admin,
            is_public_api=is_public_api,
            show_password=show_password,
            **creds)

示例#3

0

显示文件

    def before(self, state):
        headers = state.request.headers

        # Do not pass any token with context for noauth mode
        auth_token = (None if cfg.CONF.auth_strategy == 'noauth' else
                      headers.get('X-Auth-Token'))

        creds = {
            'user': headers.get('X-User') or headers.get('X-User-Id'),
            'tenant': headers.get('X-Tenant') or headers.get('X-Tenant-Id'),
            'domain_id': headers.get('X-User-Domain-Id'),
            'domain_name': headers.get('X-User-Domain-Name'),
            'auth_token': auth_token,
            'roles': headers.get('X-Roles', '').split(','),
        }

        is_admin = policy.enforce('admin_api', creds, creds)
        is_public_api = state.request.environ.get('is_public_api', False)
        show_password = policy.enforce('show_password', creds, creds)

        state.request.context = context.RequestContext(
            is_admin=is_admin,
            is_public_api=is_public_api,
            show_password=show_password,
            **creds)

示例#4

0

显示文件

文件： hooks.py 项目： Pratyusha9/ironic

    def before(self, state):
        headers = state.request.headers

        # Do not pass any token with context for noauth mode
        auth_token = (None if cfg.CONF.auth_strategy == 'noauth' else
                      headers.get('X-Auth-Token'))

        creds = {
            'user': headers.get('X-User') or headers.get('X-User-Id'),
            'tenant': headers.get('X-Tenant') or headers.get('X-Tenant-Id'),
            'domain_id': headers.get('X-User-Domain-Id'),
            'domain_name': headers.get('X-User-Domain-Name'),
            'auth_token': auth_token,
            'roles': headers.get('X-Roles', '').split(','),
        }

        # NOTE(adam_g): We also check the previous 'admin' rule to ensure
        # compat with default juno policy.json.  This double check may be
        # removed in L.
        is_admin = (policy.enforce('admin_api', creds, creds) or
                    policy.enforce('admin', creds, creds))
        is_public_api = state.request.environ.get('is_public_api', False)
        show_password = policy.enforce('show_password', creds, creds)

        state.request.context = context.RequestContext(
            is_admin=is_admin,
            is_public_api=is_public_api,
            show_password=show_password,
            **creds)

示例#5

0

显示文件

 def before(self, state):
     ctx = state.request.context
     if ctx.is_public_api:
         return
     policy.enforce('admin_api',
                    ctx.to_dict(),
                    ctx.to_dict(),
                    do_raise=True,
                    exc=exc.HTTPForbidden)

示例#6

0

显示文件

文件： test_policy.py 项目： ISCAS-VDI/ironic-base

    def test_trusted_call(self):
        creds = ({'roles': ['Member']},
                 {'is_public_api': 'False'},
                 {'roles': ['Member'], 'is_public_api': 'False'})

        for c in creds:
            self.assertFalse(policy.enforce('trusted_call', c, c))

示例#7

0

显示文件

文件： test_policy.py 项目： ISCAS-VDI/ironic-base

    def test_admin_api(self):
        creds = ({'roles': [u'admin']},
                 {'roles': ['administrator']},
                 {'roles': ['admin', 'administrator']})

        for c in creds:
            self.assertTrue(policy.enforce('admin_api', c, c))

示例#8

0

显示文件

文件： test_policy.py 项目： jriguera/ironic

    def test_admin_api(self):
        creds = ({
            'roles': [u'admin']
        }, {
            'roles': ['administrator']
        }, {
            'roles': ['admin', 'administrator']
        })

        for c in creds:
            self.assertTrue(policy.enforce('admin_api', c, c))

示例#9

0

显示文件

文件： hooks.py 项目： skw0rm/ironic

    def before(self, state):
        headers = state.request.headers

        creds = {
            'user': headers.get('X-User') or headers.get('X-User-Id'),
            'tenant': headers.get('X-Tenant') or headers.get('X-Tenant-Id'),
            'domain_id': headers.get('X-User-Domain-Id'),
            'domain_name': headers.get('X-User-Domain-Name'),
            'auth_token': headers.get('X-Auth-Token'),
            'roles': headers.get('X-Roles', '').split(','),
        }

        # NOTE(adam_g): We also check the previous 'admin' rule to ensure
        # compat with default juno policy.json.  This double check may be
        # removed in L.
        is_admin = (policy.enforce('admin_api', creds, creds)
                    or policy.enforce('admin', creds, creds))
        is_public_api = state.request.environ.get('is_public_api', False)

        state.request.context = context.RequestContext(
            is_admin=is_admin, is_public_api=is_public_api, **creds)

示例#10

0

显示文件

文件： test_policy.py 项目： jriguera/ironic

    def test_trusted_call(self):
        creds = ({
            'roles': ['Member']
        }, {
            'is_public_api': 'False'
        }, {
            'roles': ['Member'],
            'is_public_api': 'False'
        })

        for c in creds:
            self.assertFalse(policy.enforce('trusted_call', c, c))

示例#11

0

显示文件

文件： hooks.py 项目： ionutbalutoiu/ironic

    def before(self, state):
        headers = state.request.headers

        # Do not pass any token with context for noauth mode
        auth_token = None if cfg.CONF.auth_strategy == "noauth" else headers.get("X-Auth-Token")

        creds = {
            "user": headers.get("X-User") or headers.get("X-User-Id"),
            "tenant": headers.get("X-Tenant") or headers.get("X-Tenant-Id"),
            "domain_id": headers.get("X-User-Domain-Id"),
            "domain_name": headers.get("X-User-Domain-Name"),
            "auth_token": auth_token,
            "roles": headers.get("X-Roles", "").split(","),
        }

        is_admin = policy.enforce("admin_api", creds, creds)
        is_public_api = state.request.environ.get("is_public_api", False)
        show_password = policy.enforce("show_password", creds, creds)

        state.request.context = context.RequestContext(
            is_admin=is_admin, is_public_api=is_public_api, show_password=show_password, **creds
        )

示例#12

0

显示文件

文件： test_policy.py 项目： ISCAS-VDI/ironic-base

 def test_public_api(self):
     creds = {'is_public_api': 'True'}
     self.assertTrue(policy.enforce('public_api', creds, creds))

示例#13

0

显示文件

文件： hooks.py 项目： Pratyusha9/ironic

 def before(self, state):
     ctx = state.request.context
     if ctx.is_public_api:
         return
     policy.enforce('admin_api', ctx.to_dict(), ctx.to_dict(),
                    do_raise=True, exc=exc.HTTPForbidden)

示例#14

0

显示文件

文件： test_policy.py 项目： Tehsmash/ironic

 def test_enforce_existing_rule_fails(self):
     creds = {'roles': ['bar']}
     self.assertFalse(policy.enforce('has_foo_role', creds, creds))

示例#15

0

显示文件

文件： test_policy.py 项目： ISCAS-VDI/ironic-base

 def test_show_password(self):
     creds = {'roles': [u'admin'], 'tenant': 'demo'}
     self.assertFalse(policy.enforce('show_password', creds, creds))

示例#16

0

显示文件

文件： test_policy.py 项目： Tehsmash/ironic

 def test_enforce_missing_rule_fails(self):
     creds = {'roles': ['foo']}
     self.assertFalse(policy.enforce('has_bar_role', creds, creds))

示例#17

0

显示文件

文件： test_policy.py 项目： jriguera/ironic

 def test_admin_api(self):
     creds = {'roles': ['Member']}
     self.assertFalse(policy.enforce('admin_api', creds, creds))

示例#18

0

显示文件

文件： test_policy.py 项目： ericxiett/arobot_contrib

 def test_enforce_existing_rule_fails(self):
     creds = {'roles': ['bar']}
     self.assertFalse(policy.enforce('has_foo_role', creds, creds))

示例#19

0

显示文件

文件： test_policy.py 项目： ericxiett/arobot_contrib

 def test_enforce_missing_rule_fails(self):
     creds = {'roles': ['foo']}
     self.assertFalse(policy.enforce('has_bar_role', creds, creds))

示例#20

0

显示文件

文件： test_policy.py 项目： ericxiett/arobot_contrib

 def test_enforce_existing_rule_passes(self):
     creds = {'roles': ['foo']}
     self.assertTrue(policy.enforce('has_foo_role', creds, creds))

示例#21

0

显示文件

文件： test_policy.py 项目： jriguera/ironic

 def test_public_api(self):
     creds = {'is_public_api': 'True'}
     self.assertTrue(policy.enforce('public_api', creds, creds))

示例#22

0

显示文件

文件： test_policy.py 项目： ISCAS-VDI/ironic-base

 def test_admin_api(self):
     creds = {'roles': ['Member']}
     self.assertFalse(policy.enforce('admin_api', creds, creds))

示例#23

0

显示文件

文件： test_policy.py 项目： jriguera/ironic

    def test_public_api(self):
        creds = ({'is_public_api': 'False'}, {})

        for c in creds:
            self.assertFalse(policy.enforce('public_api', c, c))

示例#24

0

显示文件

文件： test_policy.py 项目： ISCAS-VDI/ironic-base

    def test_public_api(self):
        creds = ({'is_public_api': 'False'}, {})

        for c in creds:
            self.assertFalse(policy.enforce('public_api', c, c))

示例#25

0

显示文件

文件： test_policy.py 项目： jriguera/ironic

 def test_show_password(self):
     creds = {'roles': [u'admin'], 'tenant': 'demo'}
     self.assertFalse(policy.enforce('show_password', creds, creds))

示例#26

0

显示文件

文件： test_policy.py 项目： Tehsmash/ironic

 def test_enforce_existing_rule_passes(self):
     creds = {'roles': ['foo']}
     self.assertTrue(policy.enforce('has_foo_role', creds, creds))