def __init__(self, user_id=None, tenant_id=None, is_admin=None, timestamp=None, tenant_name=None, user_name=None, is_advsvc=None, **kwargs): # NOTE(jamielennox): We maintain these arguments in order for tests # that pass arguments positionally. kwargs.setdefault('user', user_id) kwargs.setdefault('tenant', tenant_id) # prefer project_name, as that's what's going to be set by # keystone. Fall back to tenant_name if for some reason it's blank. kwargs.setdefault('project_name', tenant_name) self._os_id = kwargs.pop('os_id', '') self._az_id = kwargs.pop('az_id', '') super(ContextBase, self).__init__(is_admin=is_admin, **kwargs) self.user_name = user_name if not timestamp: timestamp = datetime.datetime.utcnow() self.timestamp = timestamp self.is_advsvc = is_advsvc if self.is_advsvc is None: self.is_advsvc = self.is_admin or policy.check_is_advsvc(self) if self.is_admin is None: self.is_admin = policy.check_is_admin(self)
def __init__(self, user_id=None, tenant_id=None, is_admin=None, timestamp=None, tenant_name=None, user_name=None, is_advsvc=None, **kwargs): # NOTE(jamielennox): We maintain these arguments in order for tests # that pass arguments positionally. kwargs.setdefault('user', user_id) kwargs.setdefault('tenant', tenant_id) super(ContextBase, self).__init__(is_admin=is_admin, **kwargs) self.user_name = user_name self.tenant_name = tenant_name if not timestamp: timestamp = datetime.datetime.utcnow() self.timestamp = timestamp self.is_advsvc = is_advsvc if self.is_advsvc is None: self.is_advsvc = self.is_admin or policy.check_is_advsvc(self) if self.is_admin is None: self.is_admin = policy.check_is_admin(self)
def __init__(self, user_id=None, tenant_id=None, is_admin=None, timestamp=None, tenant_name=None, user_name=None, is_advsvc=None, **kwargs): # NOTE(jamielennox): We maintain these arguments in order for tests # that pass arguments positionally. kwargs.setdefault('user', user_id) kwargs.setdefault('tenant', tenant_id) super(ContextBase, self).__init__(is_admin=is_admin, **kwargs) self.user_name = user_name # NOTE(sdague): tenant* is a deprecated set of names from # keystone, and is no longer set in modern keystone middleware # code, as such this is almost always going to be None. self.tenant_name = tenant_name if not timestamp: timestamp = datetime.datetime.utcnow() self.timestamp = timestamp self.is_advsvc = is_advsvc if self.is_advsvc is None: self.is_advsvc = self.is_admin or policy.check_is_advsvc(self) if self.is_admin is None: self.is_admin = policy.check_is_admin(self)
def test_check_is_advsvc_no_roles_no_advsvc(self): policy.init(policy_file='no_policy.json') ctx = context.Context('me', 'my_project', roles=['advsvc']) # No advsvc role in the policy file, so cannot assume the role. self.assertFalse(policy.check_is_advsvc(ctx))
def test_check_is_not_advsvc_admin(self): ctx = context.Context('me', 'my_project').elevated() self.assertTrue(policy.check_is_admin(ctx)) self.assertFalse(policy.check_is_advsvc(ctx))
def test_check_is_not_advsvc_user(self): ctx = context.Context('me', 'my_project', roles=['user']) self.assertFalse(policy.check_is_advsvc(ctx))
def test_check_is_advsvc_role(self): ctx = context.Context('me', 'my_project', roles=['advsvc']) self.assertTrue(policy.check_is_advsvc(ctx))
def test_check_is_advsvc_role_with_default_policy(self): policy.init(policy_file='no_policy.json') ctx = context.Context('me', 'my_project', roles=['advsvc']) self.assertTrue(policy.check_is_advsvc(ctx))