diff options
author | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-08-20 10:25:21 -0700 |
---|---|---|
committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-08-20 10:25:21 -0700 |
commit | 454693d250e7085cefef30e1b43608477f34a345 (patch) | |
tree | 9c364a66014b9756c0cf1b7bb8d5d02c5d1f19e3 /tests | |
parent | f7b87701444d035e82ae6ac6954e8ad84aab5baf (diff) | |
download | oslo-454693d250e7085cefef30e1b43608477f34a345.tar.gz oslo-454693d250e7085cefef30e1b43608477f34a345.tar.xz oslo-454693d250e7085cefef30e1b43608477f34a345.zip |
Allow non-string items in the creds dict.
The generic checking in policy allows us to match against data from the
creds_dict using a very simple syntax. For example, in policy.json if
you had something like:
"some_action": [["project_id:foo"]]
it would only allow project foo to perform that action, but something
like:
"some_action": [["is_admin:True"]]
where is_admin is a boolean fails.
This modifies the check to convert the value to unicode before
attempting to compare it. It includes a test.
Fixes bug 1039132
Change-Id: I0e53a6ea2709212d4a1536f901bcf1e717a232ca
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit/test_policy.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/unit/test_policy.py b/tests/unit/test_policy.py index e7f391f..5d77a6f 100644 --- a/tests/unit/test_policy.py +++ b/tests/unit/test_policy.py @@ -406,6 +406,13 @@ class CheckTestCase(unittest.TestCase): self.assertEqual(result, True) + def test_generic_boolean(self): + result = policy._check_generic(None, "is_admin", "True", + {}, + dict(is_admin=True)) + + self.assertEqual(result, True) + def test_generic_no_key(self): result = policy._check_generic(None, "tenant", "%(tenant_id)s", dict(tenant_id="spam"), |