def test_check_is_admin_new_defaults(self):
conf = oslo_fixture.Config(config.cfg.CONF)
conf.config(group="oslo_policy", enforce_new_defaults=True)
self.context = context.Context('admin', 'fake', roles=['AdMiN'],
system_scope='all')
self.assertTrue(policy.get_enforcer().check_is_admin(self.context))
def setUp(self):
super(PolicyTestCase, self).setUp()
self.conf = self.useFixture(oslo_fixture.Config())
# diltram: this one must be removed after fixing issue in oslo.config
# https://bugs.launchpad.net/oslo.config/+bug/1645868
self.conf.conf.__call__(args=[])
policy.reset()
self.context = context.Context('fake', 'fake', roles=['member'])
self.rules = [
oslo_policy.RuleDefault("true", "@"),
oslo_policy.RuleDefault("example:allowed", "@"),
oslo_policy.RuleDefault("example:denied", "!"),
oslo_policy.RuleDefault("example:get_http",
"http://www.example.com"),
oslo_policy.RuleDefault("example:my_file",
"role:compute_admin or "
"project_id:%(project_id)s"),
oslo_policy.RuleDefault("example:early_and_fail", "! and @"),
oslo_policy.RuleDefault("example:early_or_success", "@ or !"),
oslo_policy.RuleDefault("example:lowercase_admin",
"role:admin or role:sysadmin"),
oslo_policy.RuleDefault("example:uppercase_admin",
"role:ADMIN or role:sysadmin"),
]
policy.get_enforcer().register_defaults(self.rules)
self.target = {}
def setUp(self):
super(IsAdminCheckTestCase, self).setUp()
self.conf = self.useFixture(oslo_fixture.Config())
# diltram: this one must be removed after fixing issue in oslo.config
# https://bugs.launchpad.net/oslo.config/+bug/1645868
self.conf.conf.__call__(args=[])
self.context = context.Context('fake', 'fake')
def on_route(self, state):
user_id = state.request.headers.get('X-User-Id')
user_id = state.request.headers.get('X-User', user_id)
project = state.request.headers.get('X-Tenant-Id')
project = state.request.headers.get('X-Tenant', project)
project = state.request.headers.get('X-Project-Id', project)
project = state.request.headers.get('X-Project', project)
auth_token = state.request.headers.get('X-Auth-Token')
state.request.context['octavia_context'] = context.Context(
user_id=user_id, project_id=project, auth_token=auth_token)
def on_route(state):
user_id = state.request.headers.get('X-User-Id')
user_id = state.request.headers.get('X-User', user_id)
tenant = state.request.headers.get('X-Tenant-Id')
tenant = state.request.headers.get('X-Tenant', tenant)
auth_token = state.request.headers.get('X-Auth-Token')
state.request.context = context.Context(user_id=user_id,
tenant_id=tenant,
auth_token=auth_token)
def setUp(self):
super(AdminRolePolicyTestCase, self).setUp()
self.conf = self.useFixture(oslo_fixture.Config())
# diltram: this one must be removed after fixing issue in oslo.config
# https://bugs.launchpad.net/oslo.config/+bug/1645868
self.conf.conf.__call__(args=[])
self.context = context.Context('fake', 'fake', roles=['member'])
self.actions = policy.get_enforcer().get_rules().keys()
self.target = {}
def test_ignore_case_role_check(self):
lowercase_action = "example:lowercase_admin"
uppercase_action = "example:uppercase_admin"
# NOTE(dprince) we mix case in the Admin role here to ensure
# case is ignored
self.context = context.Context('admin', 'fake', roles=['AdMiN'])
self.context.policy.register_defaults(self.rules)
self.context.policy.authorize(lowercase_action, self.target)
self.context.policy.authorize(uppercase_action, self.target)
def test_ignore_case_role_check(self):
lowercase_action = "example:lowercase_admin"
uppercase_action = "example:uppercase_admin"
# NOTE(dprince) we mix case in the Admin role here to ensure
# case is ignored
self.context = context.Context('admin', 'fake', roles=['AdMiN'])
policy.get_enforcer().authorize(lowercase_action, self.target,
self.context)
policy.get_enforcer().authorize(uppercase_action, self.target,
self.context)
def test_modified_policy_reloads(self):
with tempfile.NamedTemporaryFile(mode='w', delete=True) as tmp:
self.conf.load_raw_values(group='oslo_policy',
policy_file=tmp.name)
self.context = context.Context('fake', 'fake')
rule = oslo_policy.RuleDefault('example:test', "")
self.context.policy.register_defaults([rule])
action = "example:test"
tmp.write('{"example:test": ""}')
tmp.flush()
self.context.policy.authorize(action, self.target)
tmp.seek(0)
tmp.write('{"example:test": "!"}')
tmp.flush()
self.context.policy.load_rules(True)
self.assertRaises(exceptions.NotAuthorized,
self.context.policy.authorize, action,
self.target)
def test_check_is_admin(self):
self.context = context.Context('admin', 'fake', roles=['AdMiN'])
self.assertTrue(policy.get_enforcer().check_is_admin(self.context))
def setUp(self):
super(AdminRolePolicyTestCase, self).setUp()
self.context = context.Context('fake', 'fake', roles=['member'])
self.actions = self.context.policy.get_rules().keys()
self.target = {}
def setUp(self):
super(IsAdminCheckTestCase, self).setUp()
self.context = context.Context('fake', 'fake')
def test_check_is_admin(self):
self.context = context.Context('admin', 'fake', roles=['AdMiN'])
self.context.policy.register_defaults(self.rules)
self.assertTrue(self.context.policy.check_is_admin())
