def reset_service():
# Reset worker in case SIGHUP is called.
# Note that this is called only in case a service is running in
# daemon mode.
setup_logging()
set_config_defaults()
policy.refresh()
def setUp(self):
super(PolicyTestCase, self).setUp()
# NOTE(vish): preload rules to circumvent reloading from file
rules = {
"true":
'@',
"example:allowed":
'@',
"example:denied":
'!',
"example:get_http":
"http:http://www.example.com",
"example:my_file":
"role:compute_admin or tenant_id:%(tenant_id)s",
"example:early_and_fail":
"! and @",
"example:early_or_success":
"@ or !",
"example:lowercase_admin":
"role:admin or role:sysadmin",
"example:uppercase_admin":
"role:ADMIN or role:sysadmin",
"example:only_system_admin_allowed":
("role:admin and system_scope:all"),
}
policy.refresh()
# NOTE(vish): then overload underlying rules
policy.set_rules(oslo_policy.Rules.from_dict(rules))
self.context = context.Context('fake', 'fake', roles=['member'])
self.target = {}
def setUp(self):
super(NeutronPolicyTestCase, self).setUp()
policy.refresh()
# Add Fake resources to RESOURCE_ATTRIBUTE_MAP
attributes.RESOURCE_ATTRIBUTE_MAP.update(FAKE_RESOURCES)
self.rules = dict((k, common_policy.parse_rule(v)) for k, v in {
"context_is_admin": "role:admin",
"context_is_advsvc": "role:advsvc",
"admin_or_network_owner": "rule:context_is_admin or "
"tenant_id:%(network:tenant_id)s",
"admin_or_owner": ("rule:context_is_admin or "
"tenant_id:%(tenant_id)s"),
"admin_only": "rule:context_is_admin",
"regular_user": "******",
"shared": "field:networks:shared=True",
"external": "field:networks:router:external=True",
"default": '@',
"create_network": "rule:admin_or_owner",
"create_network:shared": "rule:admin_only",
"update_network": '@',
"update_network:shared": "rule:admin_only",
"get_network": "rule:admin_or_owner or rule:shared or "
"rule:external or rule:context_is_advsvc",
"create_subnet": "rule:admin_or_network_owner",
"create_port:mac": "rule:admin_or_network_owner or "
"rule:context_is_advsvc",
"update_port": "rule:admin_or_owner or rule:context_is_advsvc",
"get_port": "rule:admin_or_owner or rule:context_is_advsvc",
"delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
"create_fake_resource": "rule:admin_or_owner",
"create_fake_resource:attr": "rule:admin_or_owner",
"create_fake_resource:attr:sub_attr_1": "rule:admin_or_owner",
"create_fake_resource:attr:sub_attr_2": "rule:admin_only",
"create_fake_policy:": "rule:admin_or_owner",
"get_firewall_policy": "rule:admin_or_owner or "
"rule:shared",
"get_firewall_rule": "rule:admin_or_owner or "
"rule:shared",
"insert_rule": "rule:admin_or_owner",
"remove_rule": "rule:admin_or_owner",
}.items())
def remove_fake_resource():
del attributes.RESOURCE_ATTRIBUTE_MAP["%ss" % FAKE_RESOURCE_NAME]
self.patcher = mock.patch.object(neutron.policy,
'init',
new=self.fakepolicyinit)
self.patcher.start()
self.addCleanup(remove_fake_resource)
self.context = context.Context('fake', 'fake', roles=['user'])
plugin_klass = importutils.import_class(
"neutron.db.db_base_plugin_v2.NeutronDbPluginV2")
self.manager_patcher = mock.patch('neutron.manager.NeutronManager')
fake_manager = self.manager_patcher.start()
fake_manager_instance = fake_manager.return_value
fake_manager_instance.plugin = plugin_klass()
def reset_service():
# Reset worker in case SIGHUP is called.
# Note that this is called only in case a service is running in
# daemon mode.
setup_logging()
set_config_defaults()
policy.refresh()
def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
tmpfilename = self.get_temp_file_path("policy.json")
self.rules = {"default": "", "example:exist": "!"}
with open(tmpfilename, "w") as policyfile:
jsonutils.dump(self.rules, policyfile)
cfg.CONF.set_override("policy_file", tmpfilename)
policy.refresh()
self.addCleanup(policy.reset)
self.context = context.Context("fake", "fake")
def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
tmpfilename = self.get_temp_file_path('policy.json')
self.rules = {
"default": '',
"example:exist": '!',
}
with open(tmpfilename, "w") as policyfile:
jsonutils.dump(self.rules, policyfile)
policy.refresh(policy_file=tmpfilename)
self.context = context.Context('fake', 'fake')
def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
tmpfilename = self.get_temp_file_path('policy.json')
self.rules = {
"default": '',
"example:exist": '!',
}
with open(tmpfilename, "w") as policyfile:
jsonutils.dump(self.rules, policyfile)
policy.refresh(policy_file=tmpfilename)
self.context = context.Context('fake', 'fake')
def test_modified_policy_reloads(self):
tmpfilename = self.get_temp_file_path('policy')
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": ""}""")
policy.refresh(policy_file=tmpfilename)
policy.enforce(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": "!"}""")
policy.refresh(policy_file=tmpfilename)
self.target = {'tenant_id': 'fake_tenant'}
self.assertRaises(oslo_policy.PolicyNotAuthorized, policy.enforce,
self.context, action, self.target)
def test_modified_policy_reloads(self):
tmpfilename = self.get_temp_file_path("policy")
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": ""}""")
cfg.CONF.set_override("policy_file", tmpfilename)
policy.refresh()
policy.enforce(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": "!"}""")
policy.refresh()
self.target = {"tenant_id": "fake_tenant"}
self.assertRaises(common_policy.PolicyNotAuthorized, policy.enforce, self.context, action, self.target)
def test_modified_policy_reloads(self):
tmpfilename = self.tempdir.join('policy')
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": ""}""")
cfg.CONF.set_override('policy_file', tmpfilename)
policy.refresh()
policy.enforce(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": "!"}""")
policy.refresh()
self.target = {'tenant_id': 'fake_tenant'}
self.assertRaises(common_policy.PolicyNotAuthorized, policy.enforce,
self.context, action, self.target)
def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
self.tempdir = self.useFixture(fixtures.TempDir())
tmpfilename = self.tempdir.join('policy.json')
self.rules = {
"default": '',
"example:exist": '!',
}
with open(tmpfilename, "w") as policyfile:
jsonutils.dump(self.rules, policyfile)
cfg.CONF.set_override('policy_file', tmpfilename)
policy.refresh()
self.addCleanup(policy.reset)
self.context = context.Context('fake', 'fake')
def setUp(self):
super(DefaultPolicyTestCase, self).setUp()
self.tempdir = self.useFixture(fixtures.TempDir())
tmpfilename = self.tempdir.join('policy.json')
self.rules = {
"default": '',
"example:exist": '!',
}
with open(tmpfilename, "w") as policyfile:
jsonutils.dump(self.rules, policyfile)
cfg.CONF.set_override('policy_file', tmpfilename)
policy.refresh()
self.addCleanup(policy.reset)
self.context = context.Context('fake', 'fake')
def test_modified_policy_reloads(self):
tmpfilename = self.get_temp_file_path('policy')
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": ""}""")
policy.refresh(policy_file=tmpfilename)
policy.enforce(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write("""{"example:test": "!"}""")
policy.refresh(policy_file=tmpfilename)
self.target = {'tenant_id': 'fake_tenant'}
self.assertRaises(oslo_policy.PolicyNotAuthorized,
policy.enforce,
self.context,
action,
self.target)
def setUp(self):
super(NeutronPolicyTestCase, self).setUp()
# Add Fake resources to RESOURCE_ATTRIBUTE_MAP
attributes.RESOURCES.update(FAKE_RESOURCES)
self._set_rules()
self.patcher = mock.patch.object(neutron.policy,
'init',
new=self.fakepolicyinit)
self.patcher.start()
policy.refresh()
self.addCleanup(policy.refresh)
self.context = context.Context('fake', 'fake', roles=['user'])
plugin_klass = importutils.import_class(
"neutron.db.db_base_plugin_v2.NeutronDbPluginV2")
directory.add_plugin(plugin_constants.CORE, plugin_klass())
def setUp(self):
super(NeutronPolicyTestCase, self).setUp()
# Add Fake resources to RESOURCE_ATTRIBUTE_MAP
attributes.RESOURCES.update(FAKE_RESOURCES)
self._set_rules()
self.patcher = mock.patch.object(neutron.policy,
'init',
new=self.fakepolicyinit)
self.patcher.start()
policy.refresh()
self.addCleanup(policy.refresh)
self.context = context.Context('fake', 'fake', roles=['user'])
plugin_klass = importutils.import_class(
"neutron.db.db_base_plugin_v2.NeutronDbPluginV2")
directory.add_plugin(plugin_constants.CORE, plugin_klass())
def setUp(self):
super(PolicyTestCase, self).setUp()
# NOTE(vish): preload rules to circumvent reloading from file
rules = {
"true": '@',
"example:allowed": '@',
"example:denied": '!',
"example:get_http": "http:http://www.example.com",
"example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s",
"example:early_and_fail": "! and @",
"example:early_or_success": "@ or !",
"example:lowercase_admin": "role:admin or role:sysadmin",
"example:uppercase_admin": "role:ADMIN or role:sysadmin",
}
policy.refresh()
# NOTE(vish): then overload underlying rules
policy.set_rules(oslo_policy.Rules.from_dict(rules))
self.context = context.Context('fake', 'fake', roles=['member'])
self.target = {}
def setUp(self):
super(PolicyTestCase, self).setUp()
self.addCleanup(policy.reset)
# NOTE(vish): preload rules to circumvent reloading from file
rules = {
"true": "@",
"example:allowed": "@",
"example:denied": "!",
"example:get_http": "http:http://www.example.com",
"example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s",
"example:early_and_fail": "! and @",
"example:early_or_success": "@ or !",
"example:lowercase_admin": "role:admin or role:sysadmin",
"example:uppercase_admin": "role:ADMIN or role:sysadmin",
}
policy.refresh()
# NOTE(vish): then overload underlying rules
policy.set_rules(dict((k, common_policy.parse_rule(v)) for k, v in rules.items()))
self.context = context.Context("fake", "fake", roles=["member"])
self.target = {}
def setUp(self):
super(PolicyTestCase, self).setUp()
self.addCleanup(policy.reset)
# NOTE(vish): preload rules to circumvent reloading from file
rules = {
"true": '@',
"example:allowed": '@',
"example:denied": '!',
"example:get_http": "http:http://www.example.com",
"example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s",
"example:early_and_fail": "! and @",
"example:early_or_success": "@ or !",
"example:lowercase_admin": "role:admin or role:sysadmin",
"example:uppercase_admin": "role:ADMIN or role:sysadmin",
}
policy.refresh()
# NOTE(vish): then overload underlying rules
policy.set_rules(
dict((k, common_policy.parse_rule(v)) for k, v in rules.items()))
self.context = context.Context('fake', 'fake', roles=['member'])
self.target = {}
def setUp(self):
super(NeutronPolicyTestCase, self).setUp()
policy.refresh()
# Add Fake resources to RESOURCE_ATTRIBUTE_MAP
attributes.RESOURCE_ATTRIBUTE_MAP.update(FAKE_RESOURCES)
self._set_rules()
def remove_fake_resource():
del attributes.RESOURCE_ATTRIBUTE_MAP["%ss" % FAKE_RESOURCE_NAME]
self.patcher = mock.patch.object(neutron.policy,
'init',
new=self.fakepolicyinit)
self.patcher.start()
self.addCleanup(remove_fake_resource)
self.context = context.Context('fake', 'fake', roles=['user'])
plugin_klass = importutils.import_class(
"neutron.db.db_base_plugin_v2.NeutronDbPluginV2")
self.manager_patcher = mock.patch('neutron.manager.NeutronManager')
fake_manager = self.manager_patcher.start()
fake_manager_instance = fake_manager.return_value
fake_manager_instance.plugin = plugin_klass()
def setUp(self):
super(NeutronPolicyTestCase, self).setUp()
policy.refresh()
# Add Fake resources to RESOURCE_ATTRIBUTE_MAP
attributes.RESOURCE_ATTRIBUTE_MAP.update(FAKE_RESOURCES)
self._set_rules()
def remove_fake_resource():
del attributes.RESOURCE_ATTRIBUTE_MAP["%ss" % FAKE_RESOURCE_NAME]
self.patcher = mock.patch.object(neutron.policy,
'init',
new=self.fakepolicyinit)
self.patcher.start()
self.addCleanup(remove_fake_resource)
self.context = context.Context('fake', 'fake', roles=['user'])
plugin_klass = importutils.import_class(
"neutron.db.db_base_plugin_v2.NeutronDbPluginV2")
self.manager_patcher = mock.patch('neutron.manager.NeutronManager')
fake_manager = self.manager_patcher.start()
fake_manager_instance = fake_manager.return_value
fake_manager_instance.plugin = plugin_klass()
def reset(self):
config.setup_logging()
policy.refresh()
def reset(self):
config.setup_logging()
policy.refresh()