|
1.1.42
by Chuck Short
Import upstream version 2012.2~rc1~20120907.129.f0bd856 |
1 |
# Copyright 2012 OpenStack, LLC
|
2 |
# All Rights Reserved.
|
|
3 |
#
|
|
4 |
# Licensed under the Apache License, Version 2.0 (the 'License'); you may
|
|
5 |
# not use this file except in compliance with the License. You may obtain
|
|
6 |
# a copy of the License at
|
|
7 |
#
|
|
8 |
# http://www.apache.org/licenses/LICENSE-2.0
|
|
9 |
#
|
|
10 |
# Unless required by applicable law or agreed to in writing, software
|
|
11 |
# distributed under the License is distributed on an 'AS IS' BASIS, WITHOUT
|
|
12 |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
13 |
# License for the specific language governing permissions and limitations
|
|
14 |
# under the License.
|
|
15 |
||
16 |
import os.path |
|
17 |
||
18 |
import glance.api.policy |
|
19 |
from glance.common import exception |
|
20 |
import glance.context |
|
21 |
from glance.tests import utils as test_utils |
|
22 |
from glance.tests.unit import base |
|
23 |
||
24 |
||
25 |
class TestPolicyEnforcer(base.IsolatedUnitTest): |
|
26 |
def test_policy_file_default_rules_default_location(self): |
|
27 |
enforcer = glance.api.policy.Enforcer() |
|
28 |
||
29 |
context = glance.context.RequestContext(roles=[]) |
|
30 |
enforcer.enforce(context, 'get_image', {}) |
|
31 |
||
32 |
def test_policy_file_custom_rules_default_location(self): |
|
33 |
rules = {"get_image": [["false:false"]]} |
|
34 |
self.set_policy_rules(rules) |
|
35 |
||
36 |
enforcer = glance.api.policy.Enforcer() |
|
37 |
||
38 |
context = glance.context.RequestContext(roles=[]) |
|
39 |
self.assertRaises(exception.Forbidden, |
|
40 |
enforcer.enforce, context, 'get_image', {}) |
|
41 |
||
42 |
def test_policy_file_custom_location(self): |
|
43 |
self.config(policy_file=os.path.join(self.test_dir, 'gobble.gobble')) |
|
44 |
||
45 |
rules = {"get_image": [["false:false"]]} |
|
46 |
self.set_policy_rules(rules) |
|
47 |
||
48 |
enforcer = glance.api.policy.Enforcer() |
|
49 |
||
50 |
context = glance.context.RequestContext(roles=[]) |
|
51 |
self.assertRaises(exception.Forbidden, |
|
52 |
enforcer.enforce, context, 'get_image', {}) |
|
53 |
||
54 |
||
55 |
class TestPolicyEnforcerNoFile(test_utils.BaseTestCase): |
|
56 |
def test_policy_file_specified_but_not_found(self): |
|
57 |
"""Missing defined policy file should result in a default ruleset"""
|
|
58 |
self.config(policy_file='gobble.gobble') |
|
59 |
enforcer = glance.api.policy.Enforcer() |
|
60 |
||
61 |
context = glance.context.RequestContext(roles=[]) |
|
62 |
enforcer.enforce(context, 'get_image', {}) |
|
63 |
self.assertRaises(exception.Forbidden, |
|
64 |
enforcer.enforce, context, 'manage_image_cache', {}) |
|
65 |
||
66 |
admin_context = glance.context.RequestContext(roles=['admin']) |
|
67 |
enforcer.enforce(admin_context, 'manage_image_cache', {}) |
|
68 |
||
69 |
def test_policy_file_default_not_found(self): |
|
70 |
"""Missing default policy file should result in a default ruleset"""
|
|
71 |
enforcer = glance.api.policy.Enforcer() |
|
72 |
||
73 |
context = glance.context.RequestContext(roles=[]) |
|
74 |
enforcer.enforce(context, 'get_image', {}) |
|
75 |
self.assertRaises(exception.Forbidden, |
|
76 |
enforcer.enforce, context, 'manage_image_cache', {}) |
|
77 |
||
78 |
admin_context = glance.context.RequestContext(roles=['admin']) |
|
79 |
enforcer.enforce(admin_context, 'manage_image_cache', {}) |