1
# Copyright 2012 OpenStack, LLC
4
# Licensed under the Apache License, Version 2.0 (the 'License'); you may
5
# not use this file except in compliance with the License. You may obtain
6
# a copy of the License at
8
# http://www.apache.org/licenses/LICENSE-2.0
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an 'AS IS' BASIS, WITHOUT
12
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
# License for the specific language governing permissions and limitations
18
import glance.api.policy
19
from glance.common import exception
21
from glance.tests import utils as test_utils
22
from glance.tests.unit import base
25
class TestPolicyEnforcer(base.IsolatedUnitTest):
26
def test_policy_file_default_rules_default_location(self):
27
enforcer = glance.api.policy.Enforcer()
29
context = glance.context.RequestContext(roles=[])
30
enforcer.enforce(context, 'get_image', {})
32
def test_policy_file_custom_rules_default_location(self):
33
rules = {"get_image": [["false:false"]]}
34
self.set_policy_rules(rules)
36
enforcer = glance.api.policy.Enforcer()
38
context = glance.context.RequestContext(roles=[])
39
self.assertRaises(exception.Forbidden,
40
enforcer.enforce, context, 'get_image', {})
42
def test_policy_file_custom_location(self):
43
self.config(policy_file=os.path.join(self.test_dir, 'gobble.gobble'))
45
rules = {"get_image": [["false:false"]]}
46
self.set_policy_rules(rules)
48
enforcer = glance.api.policy.Enforcer()
50
context = glance.context.RequestContext(roles=[])
51
self.assertRaises(exception.Forbidden,
52
enforcer.enforce, context, 'get_image', {})
55
class TestPolicyEnforcerNoFile(test_utils.BaseTestCase):
56
def test_policy_file_specified_but_not_found(self):
57
"""Missing defined policy file should result in a default ruleset"""
58
self.config(policy_file='gobble.gobble')
59
enforcer = glance.api.policy.Enforcer()
61
context = glance.context.RequestContext(roles=[])
62
enforcer.enforce(context, 'get_image', {})
63
self.assertRaises(exception.Forbidden,
64
enforcer.enforce, context, 'manage_image_cache', {})
66
admin_context = glance.context.RequestContext(roles=['admin'])
67
enforcer.enforce(admin_context, 'manage_image_cache', {})
69
def test_policy_file_default_not_found(self):
70
"""Missing default policy file should result in a default ruleset"""
71
enforcer = glance.api.policy.Enforcer()
73
context = glance.context.RequestContext(roles=[])
74
enforcer.enforce(context, 'get_image', {})
75
self.assertRaises(exception.Forbidden,
76
enforcer.enforce, context, 'manage_image_cache', {})
78
admin_context = glance.context.RequestContext(roles=['admin'])
79
enforcer.enforce(admin_context, 'manage_image_cache', {})