def test_check_raises(self): policy._rules = None try: policy.check('rule', 'target', 'creds', TestException, "arg1", "arg2", kw1="kwarg1", kw2="kwarg2") except TestException as exc: self.assertEqual(exc.args, ("arg1", "arg2")) self.assertEqual(exc.kwargs, dict(kw1="kwarg1", kw2="kwarg2")) else: self.fail("policy.check() failed to raise requested exception")
def test_check_explicit(self): policy._rules = None rule = FakeCheck() result = policy.check(rule, "target", "creds") self.assertEqual(result, ("target", "creds")) self.assertEqual(policy._rules, None)
def check(context, action, target, plugin=None, might_not_exist=False): """Verifies that the action is valid on the target in this context. :param context: neutron context :param action: string representing the action to be checked this should be colon separated for clarity. :param target: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. ``{'project_id': context.project_id}`` :param plugin: currently unused and deprecated. Kept for backward compatibility. :param might_not_exist: If True the policy check is skipped (and the function returns True) if the specified policy does not exist. Defaults to false. :return: Returns True if access is permitted else False. """ if might_not_exist and not (policy._rules and action in policy._rules): return True return policy.check(*(_prepare_check(context, action, target)))
def enforce(context, action, target, plugin=None): """Verifies that the action is valid on the target in this context. :param context: neutron context :param action: string representing the action to be checked this should be colon separated for clarity. :param target: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. ``{'project_id': context.project_id}`` :param plugin: currently unused and deprecated. Kept for backward compatibility. :raises neutron.exceptions.PolicyNotAuthorized: if verification fails. """ rule, target, credentials = _prepare_check(context, action, target) result = policy.check(rule, target, credentials, action=action) if not result: #LOG.debug(_("Failed policy check for '%s'"), action) raise exceptions.PolicyNotAuthorized(action=action) return result
def test_check_with_rule(self): policy._rules = dict(default=FakeCheck()) result = policy.check("default", "target", "creds") self.assertEqual(result, ("target", "creds"))
def test_check_missing_rule(self): policy._rules = {} result = policy.check('rule', 'target', 'creds') self.assertEqual(result, False)
def test_check_no_rules(self): policy._rules = None result = policy.check('rule', "target", "creds") self.assertEqual(result, False) self.assertEqual(policy._rules, None)