Merge "trivial: remove unnecessary grouping in base policies"
This commit is contained in:
commit
66f5c8d6e1
@ -14,12 +14,12 @@ from oslo_policy import policy
|
||||
|
||||
# Generic check string for checking if a user is authorized on a particular
|
||||
# project, specifically with the member role.
|
||||
PROJECT_MEMBER = 'role:member and (project_id:%(project_id)s)'
|
||||
PROJECT_MEMBER = 'role:member and project_id:%(project_id)s'
|
||||
# Generic check string for checking if a user is authorized on a particular
|
||||
# project but with read-only access. For example, this persona would be able to
|
||||
# list private images owned by a project but cannot make any writeable changes
|
||||
# to those images.
|
||||
PROJECT_READER = 'role:reader and (project_id:%(project_id)s)'
|
||||
PROJECT_READER = 'role:reader and project_id:%(project_id)s'
|
||||
|
||||
# Make sure the member_id of the supplied target matches the project_id from
|
||||
# the context object, which is derived from keystone tokens.
|
||||
|
@ -1062,9 +1062,13 @@ class TestContextPolicyEnforcer(base.IsolatedUnitTest):
|
||||
class TestDefaultPolicyCheckStrings(base.IsolatedUnitTest):
|
||||
|
||||
def test_project_member_check_string(self):
|
||||
expected = 'role:member and (project_id:%(project_id)s)'
|
||||
expected = 'role:member and project_id:%(project_id)s'
|
||||
self.assertEqual(expected, base_policy.PROJECT_MEMBER)
|
||||
|
||||
def test_admin_or_project_member_check_string(self):
|
||||
expected = 'role:admin or (role:member and project_id:%(project_id)s)'
|
||||
self.assertEqual(expected, base_policy.ADMIN_OR_PROJECT_MEMBER)
|
||||
|
||||
def test_project_member_download_image_check_string(self):
|
||||
expected = (
|
||||
'role:member and (project_id:%(project_id)s or '
|
||||
@ -1077,9 +1081,13 @@ class TestDefaultPolicyCheckStrings(base.IsolatedUnitTest):
|
||||
)
|
||||
|
||||
def test_project_reader_check_string(self):
|
||||
expected = 'role:reader and (project_id:%(project_id)s)'
|
||||
expected = 'role:reader and project_id:%(project_id)s'
|
||||
self.assertEqual(expected, base_policy.PROJECT_READER)
|
||||
|
||||
def test_admin_or_project_reader_check_string(self):
|
||||
expected = 'role:admin or (role:reader and project_id:%(project_id)s)'
|
||||
self.assertEqual(expected, base_policy.ADMIN_OR_PROJECT_READER)
|
||||
|
||||
def test_project_reader_get_image_check_string(self):
|
||||
expected = (
|
||||
'role:reader and (project_id:%(project_id)s or '
|
||||
|
Loading…
Reference in New Issue
Block a user