Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Early exit tests for both OR and AND

Change-Id: I7ff06cdb5d4875b4d6c8a239470bd205c6e7ef23
  • Loading branch information...
commit eeea292c29c75ee8072a183577c23c78f52410b9 1 parent 12543fa
@joshuamckenty authored
Showing with 22 additions and 16 deletions.
  1. +4 −1 etc/nova/policy.json
  2. +18 −15 nova/tests/test_policy.py
View
5 etc/nova/policy.json
@@ -3,6 +3,9 @@
"compute:get_instance": [["role:compute_admin"], ["tenant_id:%(tenant_id)s", "role:compute_sysadmin"]],
"example:get_google": [["http:http://pastebin.com/"], ["role:compute_sysadmin"]],
"example:my_file": [["role:compute_admin"], ["tenant_id:%(tenant_id)s"]],
+ "true" : [],
"example:allowed" : [],
- "example:denied" : [["false:false"]]
+ "example:denied" : [["false:false"]],
+ "example:early_and_fail" : [["false:false", "rule:true"]],
+ "example:early_or_success" : [["rule:true"], ["false:false"]]
}
View
33 nova/tests/test_policy.py
@@ -23,32 +23,35 @@
class PolicyCheckTestCase(test.TestCase):
+ def setUp(self):
+ super(PolicyCheckTestCase, self).setUp()
+ self.context = {'tenant_id' : 'bob'}
+ self.target = {}
def test_enforce_bad_action_throws(self):
- context = {}
action = "example:denied"
- target = {}
- self.assertRaises(exception.PolicyNotAllowed, policy.enforce, context, action, target)
+ self.assertRaises(exception.PolicyNotAllowed, policy.enforce, self.context, action, self.target)
def test_enforce_good_action(self):
- context = {}
action = "example:allowed"
- target = {}
- result = policy.enforce(context, action, target)
- self.assertEqual(result, None)
+ policy.enforce(self.context, action, self.target)
def test_enforce_http_check(self):
action = "example:get_google"
- context = {}
- target = {}
- result = policy.enforce(context, action, target)
- self.assertEqual(result, None)
+ policy.enforce(self.context, action, self.target)
def test_templatized_enforcement(self):
- context = {'tenant_id' : 'bob'}
target_mine = {'tenant_id' : 'bob'}
target_not_mine = {'tenant_id' : 'fred'}
action = "example:my_file"
- result = policy.enforce(context, action, target_mine)
- self.assertEqual(result, None)
- self.assertRaises(exception.PolicyNotAllowed, policy.enforce, context, action, target_not_mine)
+ policy.enforce(self.context, action, target_mine)
+ self.assertRaises(exception.PolicyNotAllowed, policy.enforce, self.context, action, target_not_mine)
+
+ def test_early_AND_enforcement(self):
+ action = "example:early_and_fail"
+ self.assertRaises(exception.PolicyNotAllowed, policy.enforce, self.context, action, self.target)
+
+ def test_early_OR_enforcement(self):
+ action = "example:early_or_success"
+ policy.enforce(self.context, action, self.target)
+
Please sign in to comment.
Something went wrong with that request. Please try again.