def test_multiple_nested_lists_accepted(self):
check = _checks.GenericCheck('a.b.c.d', 'APPLES')
credentials = {'a': {'b': [{'a': ''},
{'c':
{'d': ['BANANAS', 'APPLES', 'GRAPES']}},
{}]}}
self.assertTrue(check({}, credentials, self.enforcer))
def test_missing_credentials_dictionary_lookup(self):
credentials = {'a': 'APPLES', 'o': {'t': 'ORANGES'}}
# First a valid check - rest of case is expecting failures
# Should prove the basic credentials structure before we test
# for failure cases.
check = _checks.GenericCheck('o.t', 'ORANGES')
self.assertTrue(check({}, credentials, self.enforcer))
# Case where final key is missing
check = _checks.GenericCheck('o.v', 'ORANGES')
self.assertFalse(check({}, credentials, self.enforcer))
# Attempt to access key under a missing dictionary
check = _checks.GenericCheck('q.v', 'APPLES')
self.assertFalse(check({}, credentials, self.enforcer))
def test_multiple_entry_in_list_accepted(self):
check = _checks.GenericCheck('a.b.c.d', 'APPLES')
credentials = {
'a': {
'b': {
'c': {
'd': ['Bananas', 'APPLES', 'Grapes']
}
}
}
}
self.assertTrue(check({}, credentials, self.enforcer))
def test_no_cred(self):
check = _checks.GenericCheck('name', '%(name)s')
self.assertFalse(check(dict(name='spam'), {}, self.enforcer))
def test_entry_not_in_list_rejected(self):
check = _checks.GenericCheck('a.b.c.d', 'APPLES')
credentials = {'a': {'b': {'c': {'d': ['PEACHES', 'PEARS']}}}}
self.assertFalse(check({}, credentials, self.enforcer))
def test_generic_missing_role_does_not_matches(self):
check = _checks.GenericCheck(
'token.roles.name', 'missing')
credentials = token_fixture.PROJECT_SCOPED_TOKEN_FIXTURE
self.assertFalse(check({}, credentials, self.enforcer))
def test_generic_role_check_matches(self):
check = _checks.GenericCheck(
'token.roles.name', 'role1')
credentials = token_fixture.PROJECT_SCOPED_TOKEN_FIXTURE
self.assertTrue(check({}, credentials, self.enforcer))
def test_multiple_entries_one_matches(self):
check = _checks.GenericCheck(
'token.catalog.endpoints.id',
token_fixture.REGION_ONE_PUBLIC_KEYSTONE_ENDPOINT_ID)
credentials = token_fixture.PROJECT_SCOPED_TOKEN_FIXTURE
self.assertTrue(check({}, credentials, self.enforcer))
def test_deep_credentials_dictionary_lookup(self):
check = _checks.GenericCheck('a.b.c.d', 'APPLES')
credentials = {'a': {'b': {'c': {'d': 'APPLES'}}}}
self.assertTrue(check({}, credentials, self.enforcer))
def test_constant_literal_accept(self):
check = _checks.GenericCheck('True', '%(enabled)s')
self.assertTrue(check(dict(enabled=True), {}, self.enforcer))
def test_constant_literal_mismatch(self):
check = _checks.GenericCheck('True', '%(enabled)s')
self.assertFalse(check(dict(enabled=False), {}, self.enforcer))
def test_constant_string_accept(self):
check = _checks.GenericCheck("'spam'", '%(name)s')
self.assertTrue(check(dict(name='spam'), {}, self.enforcer))
def test_constant_string_mismatch(self):
check = _checks.GenericCheck("'spam'", '%(name)s')
self.assertFalse(check(dict(name='ham'), {}, self.enforcer))
def test_no_key_match_in_target(self):
check = _checks.GenericCheck('name', '%(name)s')
self.assertFalse(check(dict(name1='spam'),
dict(name='spam'),
self.enforcer))
def test_accept(self):
check = _checks.GenericCheck('name', '%(name)s')
self.assertTrue(check(dict(name='spam'),
dict(name='spam'),
self.enforcer))
def test_cred_mismatch(self):
check = _checks.GenericCheck('name', '%(name)s')
self.assertFalse(check(dict(name='spam'),
dict(name='ham'),
self.enforcer))
