Permalink
Browse files

Merging vish's http stuff.

Change-Id: Ic38d9ea1c6354a798f32896464691ca64483244a
  • Loading branch information...
joshuamckenty committed Dec 10, 2011
2 parents 2c004f5 + 2026d51 commit 0910abaec702e344688de5fbdad381a435d85157
Showing with 26 additions and 6 deletions.
  1. +1 −1 etc/nova/policy.json
  2. +5 −2 nova/common/policy.py
  3. +20 −3 nova/tests/test_policy.py
View
@@ -1,7 +1,7 @@
{
"compute:get_volume": [["role:compute_admin"], ["tenant_id:%(tenant_id)s", "role:compute_sysadmin"]],
"compute:get_instance": [["role:compute_admin"], ["tenant_id:%(tenant_id)s", "role:compute_sysadmin"]],
- "example:get_google": [["http:http://www.pastebin.com"]],
+ "example:get_http": [["http:http://www.example.com"]],
"example:my_file": [["role:compute_admin"], ["tenant_id:%(tenant_id)s"]],
"true" : [],
"example:allowed" : [],
View
@@ -125,10 +125,13 @@ class HttpBrain(Brain):
def _check_http(self, match, target_dict, cred_dict):
url = match % target_dict
data = {'target': json.dumps(target_dict),
- 'credentials': json.dumps(cred_dict)}
+ 'credentials': json.dumps(cred_dict)}
post_data = urllib.urlencode(data)
f = urllib2.urlopen(url, post_data)
- if f.read():
+ # NOTE(vish): This is to show how we could do remote requests,
+ # but some fancier method for response codes should
+ # probably be defined
+ if f.read() == "True":
return True
return False
View
@@ -17,6 +17,9 @@
"""Test of Policy Engine For Nova"""
+import urllib2
+import StringIO
+
from nova import test
from nova import policy
from nova import exception
@@ -41,16 +44,30 @@ def test_enforce_good_action(self):
policy.enforce(self.context, action, self.target)
def test_enforce_http_check(self):
- action = "example:get_google"
+ action = "example:get_http"
policy.enforce(self.context, action, self.target)
- def test_enforce_http_check(self):
- action = "example:get_google"
+ def test_enforce_http_true(self):
+
+ def fakeurlopen(url, post_data):
+ return StringIO.StringIO("True")
+ self.stubs.Set(urllib2, 'urlopen', fakeurlopen)
+ action = "example:get_http"
context = {}
target = {}
result = policy.enforce(context, action, target)
self.assertEqual(result, None)
+ def test_enforce_http_false(self):
+
+ def fakeurlopen(url, post_data):
+ return StringIO.StringIO("False")
+ self.stubs.Set(urllib2, 'urlopen', fakeurlopen)
+ action = "example:get_http"
+ context = {}
+ target = {}
+ self.assertRaises(exception.PolicyNotAllowed, policy.enforce, context, action, target)
+
def test_templatized_enforcement(self):
target_mine = {'tenant_id' : 'bob'}
target_not_mine = {'tenant_id' : 'fred'}

0 comments on commit 0910aba

Please sign in to comment.