diff options
author | Adam Young <ayoung@redhat.com> | 2013-02-25 14:53:03 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2013-02-26 09:23:10 -0500 |
commit | f3d2a462209a9f2dd3faa1c5ca271f304eaa16d5 (patch) | |
tree | 8e736433f5fcadc5ab9d41941b2cebfad677ac45 /tests/test_v3_protection.py | |
parent | ac2fb0f861b5bbe3a71f619fc917eaf845a2ea17 (diff) | |
download | keystone-f3d2a462209a9f2dd3faa1c5ca271f304eaa16d5.tar.gz keystone-f3d2a462209a9f2dd3faa1c5ca271f304eaa16d5.tar.xz keystone-f3d2a462209a9f2dd3faa1c5ca271f304eaa16d5.zip |
flatten payload for policy
allows the policy rules to run over a JSON payload.
Nestes values en up in dotted notation
Change-Id: I9a2ec870c79369d308a23cd742aaeda25400f33a
Diffstat (limited to 'tests/test_v3_protection.py')
-rw-r--r-- | tests/test_v3_protection.py | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/tests/test_v3_protection.py b/tests/test_v3_protection.py index bda73415..999dfa86 100644 --- a/tests/test_v3_protection.py +++ b/tests/test_v3_protection.py @@ -15,6 +15,7 @@ # License for the specific language governing permissions and limitations # under the License. +import json import tempfile import uuid @@ -130,20 +131,25 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase): def test_list_users_protected_by_domain(self): """GET /users?domain_id=mydomain (protected)""" - raise nose.exc.SkipTest('Blocked by incomplete ' - 'domain scoping in v3/auth') # Update policy to protect by domain, and then use a domain # scoped token new_policy = """{"identity:list_users": ["domain_id:%(domain_id)s"]}""" with open(self.tmpfilename, "w") as policyfile: policyfile.write(new_policy) - self.auth['scope'] = {'domain': []} - self.auth['domain']['id'] = self.domainA['id'] + self.auth['scope'] = {'domain': {'id': self.domainA['id']}} url_by_name = '/users?domain_id=%s' % self.user1['domain_id'] r = self.get(url_by_name, auth=self.auth) # We should only get back one user, the one in DomainA id_list = self._get_id_list_from_ref_list(r.body.get('users')) - self.assertIn(self.user2['id'], id_list) + self.assertIn(self.user1['id'], id_list) - # TODO (henry-nash) Add some more tests to cover the various likely - # protection filters + def test_get_user_protected_match_id(self): + """GET /users/{id} (match payload)""" + # Tests the flattening of the payload + policy = {"identity:get_user": [["user_id:%(user_id)s"]]} + with open(self.tmpfilename, "w") as policyfile: + policyfile.write(json.dumps(policy)) + url_by_name = '/users/%s' % self.user1['id'] + r = self.get(url_by_name, auth=self.auth) + body = r.body + self.assertEquals(self.user1['id'], body['user']['id']) |