Merge "Make sure we pass context objects directly to policy enforcement"
This commit is contained in:
commit
0868230f21
|
@ -79,7 +79,7 @@ def enforce(context, action, target):
|
||||||
try:
|
try:
|
||||||
return _ENFORCER.enforce(action,
|
return _ENFORCER.enforce(action,
|
||||||
target,
|
target,
|
||||||
context.to_policy_values(),
|
context,
|
||||||
do_raise=True,
|
do_raise=True,
|
||||||
exc=exception.PolicyNotAuthorized,
|
exc=exception.PolicyNotAuthorized,
|
||||||
action=action)
|
action=action)
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
import os.path
|
import os.path
|
||||||
|
from unittest import mock
|
||||||
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_config import fixture as config_fixture
|
from oslo_config import fixture as config_fixture
|
||||||
|
@ -156,3 +157,25 @@ class PolicyTestCase(test.TestCase):
|
||||||
policy._ENFORCER.register_defaults([rule])
|
policy._ENFORCER.register_defaults([rule])
|
||||||
|
|
||||||
self.assertTrue(policy.enforce(project_context, 'foo', {}))
|
self.assertTrue(policy.enforce(project_context, 'foo', {}))
|
||||||
|
|
||||||
|
def test_enforce_passes_context_objects_to_enforcement(self):
|
||||||
|
fake_context = context.RequestContext(roles=['foo'])
|
||||||
|
action = 'foo'
|
||||||
|
target = {}
|
||||||
|
with mock.patch.object(policy._ENFORCER, 'enforce') as fake_enforce:
|
||||||
|
policy.enforce(fake_context, action, target)
|
||||||
|
fake_enforce.assert_called_once_with(
|
||||||
|
action, target, fake_context, do_raise=True,
|
||||||
|
exc=exception.PolicyNotAuthorized, action=action)
|
||||||
|
|
||||||
|
def test_authorize_passes_context_objects_to_enforcement(self):
|
||||||
|
fake_context = context.RequestContext(project_id='fake-project-id',
|
||||||
|
user_id='fake-user-id',
|
||||||
|
roles=['foo'])
|
||||||
|
action = 'foo'
|
||||||
|
target = {'project_id': 'fake-project-id', 'user_id': 'fake-user-id'}
|
||||||
|
with mock.patch.object(policy._ENFORCER, 'authorize') as fake_authz:
|
||||||
|
fake_context.authorize('foo')
|
||||||
|
fake_authz.assert_called_once_with(
|
||||||
|
action, target, fake_context, do_raise=True,
|
||||||
|
exc=exception.PolicyNotAuthorized, action=action)
|
||||||
|
|
Loading…
Reference in New Issue