示例#1
0
 def test_admin_only_rules(self):
     for rule in self.admin_only_rules:
         self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                           self.non_admin_context, rule, {
                               'project_id': 'fake',
                               'user_id': 'fake'
                           })
         policy.enforce(self.admin_context, rule, self.target)
示例#2
0
 def test_enforce_http_true(self, req_mock):
     req_mock.post('http://www.example.com/',
                   text='True')
     action = "example:get_http"
     target = {}
     result = policy.enforce(self.context, action, target)
     self.assertTrue(result)
示例#3
0
    def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')

            self.flags(policy_file=tmpfilename, group='oslo_policy')

            # NOTE(Dinesh_Bhor): context construction invokes policy check to
            # determine is_admin or not. As a side-effect, policy reset is
            # needed here to flush existing policy cache.
            policy.reset()
            policy.init()
            rule = oslo_policy.RuleDefault('example:test', "")
            policy._ENFORCER.register_defaults([rule])

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": ""}')
            policy.enforce(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": "!"}')
            policy._ENFORCER.load_rules(True)
            self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                              self.context, action, self.target)
示例#4
0
    def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')

            self.flags(policy_file=tmpfilename, group='oslo_policy')

            # NOTE(Dinesh_Bhor): context construction invokes policy check to
            # determine is_admin or not. As a side-effect, policy reset is
            # needed here to flush existing policy cache.
            policy.reset()
            policy.init()
            rule = oslo_policy.RuleDefault('example:test', "")
            policy._ENFORCER.register_defaults([rule])

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": ""}')
            policy.enforce(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": "!"}')
            policy._ENFORCER.load_rules(True)
            self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                              self.context, action, self.target)
示例#5
0
 def test_enforce_bad_action_noraise(self):
     action = "example:denied"
     result = policy.enforce(self.context, action, self.target, False)
     self.assertFalse(result)
示例#6
0
 def test_admin_only_rules(self):
     for rule in self.admin_only_rules:
         self.assertRaises(exception.PolicyNotAuthorized, policy.enforce,
                           self.non_admin_context, rule,
                           {'project_id': 'fake', 'user_id': 'fake'})
         policy.enforce(self.admin_context, rule, self.target)
示例#7
0
 def test_enforce_good_action(self):
     action = "example:allowed"
     result = policy.enforce(self.context, action, self.target)
     self.assertTrue(result)
示例#8
0
 def test_enforce_bad_action_noraise(self):
     action = "example:denied"
     result = policy.enforce(self.context, action, self.target, False)
     self.assertFalse(result)
示例#9
0
 def test_enforce_http_true(self, req_mock):
     req_mock.post('http://www.example.com/', text='True')
     action = "example:get_http"
     target = {}
     result = policy.enforce(self.context, action, target)
     self.assertTrue(result)
示例#10
0
 def test_enforce_good_action(self):
     action = "example:allowed"
     result = policy.enforce(self.context, action, self.target)
     self.assertTrue(result)