diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-07-30 14:21:27 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-07-30 14:21:27 +0000 |
| commit | f58c936582a17cffcdcdb5bf624f24d574abaf0a (patch) | |
| tree | 79d1b7c24678ce19c4da4240a840c29fbf3576eb /tests | |
| parent | df53b596491563aa1681d4ad21fd1ade1108d2e3 (diff) | |
| parent | 3626b6db91ce1e897d1993fb4e13ac4237d04b7f (diff) | |
| download | oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.tar.gz oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.tar.xz oslo-f58c936582a17cffcdcdb5bf624f24d574abaf0a.zip | |
Merge "Fix policy default_rule issue"
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/unit/test_policy.py | 47 |
1 files changed, 38 insertions, 9 deletions
diff --git a/tests/unit/test_policy.py b/tests/unit/test_policy.py index b7d38a3..2ccf71e 100644 --- a/tests/unit/test_policy.py +++ b/tests/unit/test_policy.py @@ -170,6 +170,44 @@ class EnforcerTest(PolicyBaseTestCase): creds = {'roles': ''} self.assertEqual(self.enforcer.enforce(action, {}, creds), True) + def test_enforcer_with_default_rule(self): + rules_json = """{ + "deny_stack_user": "not role:stack_user", + "cloudwatch:PutMetricData": "" + }""" + rules = policy.Rules.load_json(rules_json) + default_rule = policy.TrueCheck() + enforcer = policy.Enforcer(default_rule=default_rule) + enforcer.set_rules(rules) + action = "cloudwatch:PutMetricData" + creds = {'roles': ''} + self.assertEqual(enforcer.enforce(action, {}, creds), True) + + def test_enforcer_force_reload_true(self): + self.enforcer.set_rules({'test': 'test'}) + self.enforcer.load_rules(force_reload=True) + self.assertNotIn({'test': 'test'}, self.enforcer.rules) + self.assertIn('default', self.enforcer.rules) + self.assertIn('admin', self.enforcer.rules) + + def test_enforcer_force_reload_false(self): + self.enforcer.set_rules({'test': 'test'}) + self.enforcer.load_rules(force_reload=False) + self.assertIn('test', self.enforcer.rules) + self.assertNotIn('default', self.enforcer.rules) + self.assertNotIn('admin', self.enforcer.rules) + + def test_enforcer_overwrite_rules(self): + self.enforcer.set_rules({'test': 'test'}) + self.enforcer.set_rules({'test': 'test1'}, overwrite=True) + self.assertEquals(self.enforcer.rules, {'test': 'test1'}) + + def test_enforcer_update_rules(self): + self.enforcer.set_rules({'test': 'test'}) + self.enforcer.set_rules({'test1': 'test1'}, overwrite=False) + self.assertEquals(self.enforcer.rules, {'test': 'test', + 'test1': 'test1'}) + class FakeCheck(policy.BaseCheck): def __init__(self, result=None): @@ -187,24 +225,15 @@ class FakeCheck(policy.BaseCheck): class CheckFunctionTestCase(PolicyBaseTestCase): def test_check_explicit(self): - self.enforcer.load_rules() - self.enforcer.rules = None rule = FakeCheck() result = self.enforcer.enforce(rule, "target", "creds") - self.assertEqual(result, ("target", "creds", self.enforcer)) - self.assertEqual(self.enforcer.rules, None) def test_check_no_rules(self): - self.enforcer.load_rules() - self.enforcer.rules = None result = self.enforcer.enforce('rule', "target", "creds") - self.assertEqual(result, False) - self.assertEqual(self.enforcer.rules, None) def test_check_missing_rule(self): - self.enforcer.rules = {} result = self.enforcer.enforce('rule', 'target', 'creds') self.assertEqual(result, False) |