openstack/deb-mistral
Code Issues Proposed changes
90fa504646
deb-mistral/mistral/tests/unit/api/test_access_control.py
Renat Akhmerov 021caf873f Add KeyCloak OpenID Connect server-side authentication 
* Changed AuthHook for Pecan that implements token validation
* Added another config option to disable SSL verification for
  KeyCloak access tokens
* Added unit tests for successful and failed KeyCloak
  authentication that use request_mock library
* Minor style changes

Change-Id: I87f8d54fc58f82952a4c68831547e6dab320230e
2016-07-08 17:31:06 +07:00

74 lines
2.3 KiB
Python
Raw Blame History

# Copyright 2016 NEC Corporation. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from mistral.api import access_control as acl
from mistral import exceptions as exc
from mistral.tests.unit import base
from mistral.tests.unit.mstrlfixtures import policy_fixtures
class PolicyTestCase(base.BaseTest):
"""Tests whether the configuration of the policy engine is corect."""
def setUp(self):
super(PolicyTestCase, self).setUp()
self.policy = self.useFixture(policy_fixtures.PolicyFixture())
rules = {
"admin_only": "is_admin:True",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"example:admin": "rule:admin_only",
"example:admin_or_owner": "rule:admin_or_owner"
}
self.policy.set_rules(rules)
def test_admin_api_allowed(self):
auth_ctx = base.get_context(default=True, admin=True)
self.assertTrue(
acl.enforce('example:admin', auth_ctx, auth_ctx.to_dict())
)
def test_admin_api_disallowed(self):
auth_ctx = base.get_context(default=True)
self.assertRaises(
exc.NotAllowedException,
acl.enforce,
'example:admin',
auth_ctx,
auth_ctx.to_dict()
)
def test_admin_or_owner_api_allowed(self):
auth_ctx = base.get_context(default=True)
self.assertTrue(
acl.enforce('example:admin_or_owner', auth_ctx, auth_ctx.to_dict())
)
def test_admin_or_owner_api_disallowed(self):
auth_ctx = base.get_context(default=True)
target = {'project_id': 'another'}
self.assertRaises(
exc.NotAllowedException,
acl.enforce,
'example:admin_or_owner',
auth_ctx,
target
)
View Git Blame Copy Permalink