def test_get_roles_context_is_admin_rule_missing(self): rules = dict((k, common_policy.parse_rule(v)) for k, v in { "some_other_rule": "role:admin", }.items()) policy.set_rules(common_policy.Rules(rules)) # 'admin' role is expected for bw compatibility self.assertEqual(['admin'], policy.get_admin_roles())
def test_get_roles_with_rule_check(self): rules = dict((k, common_policy.parse_rule(v)) for k, v in { policy.ADMIN_CTX_POLICY: "rule:some_other_rule", "some_other_rule": "role:admin", }.items()) policy.set_rules(common_policy.Rules(rules)) self.assertEqual(['admin'], policy.get_admin_roles())
def setUp(self): super(PolicyTestCase, self).setUp() # NOTE(vish): preload rules to circumvent reloading from file rules = { "true": '@', "example:allowed": '@', "example:denied": '!', "example:get_http": "http:http://www.example.com", "example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s", "example:early_and_fail": "! and @", "example:early_or_success": "@ or !", "example:lowercase_admin": "role:admin or role:sysadmin", "example:uppercase_admin": "role:ADMIN or role:sysadmin", "example:only_system_admin_allowed": ("role:admin and system_scope:all"), } policy.refresh() # NOTE(vish): then overload underlying rules policy.set_rules(oslo_policy.Rules.from_dict(rules)) self.context = context.Context('fake', 'fake', roles=['member']) self.target = {}
def _test_set_rules_with_deprecated_policy(self, input_rules, expected_rules): policy.set_rules(input_rules.copy()) # verify deprecated policy has been removed for pol in input_rules.keys(): self.assertNotIn(pol, policy._ENFORCER.rules) # verify deprecated policy was correctly translated. Iterate # over items for compatibility with unittest2 in python 2.6 for rule in expected_rules: self.assertIn(rule, policy._ENFORCER.rules) self.assertEqual(str(policy._ENFORCER.rules[rule]), expected_rules[rule])
def setUp(self): super(PolicyTestCase, self).setUp() # NOTE(vish): preload rules to circumvent reloading from file rules = { "true": '@', "example:allowed": '@', "example:denied": '!', "example:get_http": "http:http://www.example.com", "example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s", "example:early_and_fail": "! and @", "example:early_or_success": "@ or !", "example:lowercase_admin": "role:admin or role:sysadmin", "example:uppercase_admin": "role:ADMIN or role:sysadmin", } policy.refresh() # NOTE(vish): then overload underlying rules policy.set_rules(oslo_policy.Rules.from_dict(rules)) self.context = context.Context('fake', 'fake', roles=['member']) self.target = {}
def setUp(self): super(PolicyTestCase, self).setUp() self.addCleanup(policy.reset) # NOTE(vish): preload rules to circumvent reloading from file rules = { "true": "@", "example:allowed": "@", "example:denied": "!", "example:get_http": "http:http://www.example.com", "example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s", "example:early_and_fail": "! and @", "example:early_or_success": "@ or !", "example:lowercase_admin": "role:admin or role:sysadmin", "example:uppercase_admin": "role:ADMIN or role:sysadmin", } policy.refresh() # NOTE(vish): then overload underlying rules policy.set_rules(dict((k, common_policy.parse_rule(v)) for k, v in rules.items())) self.context = context.Context("fake", "fake", roles=["member"]) self.target = {}
def setUp(self): super(PolicyTestCase, self).setUp() self.addCleanup(policy.reset) # NOTE(vish): preload rules to circumvent reloading from file rules = { "true": '@', "example:allowed": '@', "example:denied": '!', "example:get_http": "http:http://www.example.com", "example:my_file": "role:compute_admin or tenant_id:%(tenant_id)s", "example:early_and_fail": "! and @", "example:early_or_success": "@ or !", "example:lowercase_admin": "role:admin or role:sysadmin", "example:uppercase_admin": "role:ADMIN or role:sysadmin", } policy.refresh() # NOTE(vish): then overload underlying rules policy.set_rules( dict((k, common_policy.parse_rule(v)) for k, v in rules.items())) self.context = context.Context('fake', 'fake', roles=['member']) self.target = {}