horizon/openstack_dashboard/test/api_tests/policy_rest_tests.py
Radomir Dopieralski f5685ebe46 Specify POLICY_CHECK_FUNCTION as a string
We don't want code in our settings.py and local_settings.py, and in
particular we don't want to have to import Python objects from all over
to set them as setting values -- instead, we can specify those as import
path strings. This also solves problems with importing order and loops.

This change is backwards-compatible, in the sense that you can still
import the objects directly and set them as the setting values.

Partially-Implements: blueprint ini-based-configuration
Change-Id: I8a346e55bb98e4e22e0c14a614c45d493d20feb4
2016-11-25 13:06:14 +01:00

78 lines
3.3 KiB
Python

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from django.test.utils import override_settings # noqa
from openstack_dashboard.api.rest import policy
from openstack_dashboard.test import helpers as test
class PolicyRestTestCase(test.TestCase):
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_policy(self, body='{"rules": []}'):
request = self.mock_rest_request(body=body)
response = policy.Policy().post(request)
self.assertStatusCode(response, 200)
self.assertEqual({"allowed": True}, response.json)
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_rule_alone(self):
body = '{"rules": [["compute", "compute:get_all" ]]}'
self.test_policy(body)
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_multiple_rule(self):
body = '{"rules": [["compute", "compute:get_all"],' \
' ["compute", "compute:start"]]}'
self.test_policy(body)
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_rule_with_empty_target(self):
body = '{"rules": [["compute", "compute:get_all"],' \
' ["compute", "compute:start"]],' \
' "target": {}}'
self.test_policy(body)
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_rule_with_target(self):
body = '{"rules": [["compute", "compute:get_all"],' \
' ["compute", "compute:start"]],' \
' "target": {"project_id": "1"}}'
self.test_policy(body)
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_policy_fail(self):
# admin only rule, default test case user should fail
request = self.mock_rest_request(
body='''{"rules": [["compute", "compute:unlock_override"]]}''')
response = policy.Policy().post(request)
self.assertStatusCode(response, 200)
self.assertEqual({"allowed": False}, response.json)
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_policy_error(self):
# admin only rule, default test case user should fail
request = self.mock_rest_request(
body='''{"bad": "compute"}''')
response = policy.Policy().post(request)
self.assertStatusCode(response, 400)
class AdminPolicyRestTestCase(test.BaseAdminViewTests):
@override_settings(POLICY_CHECK_FUNCTION='openstack_auth.policy.check')
def test_rule_with_target(self):
body = '{"rules": [["compute", "compute:unlock_override"]]}'
request = self.mock_rest_request(body=body)
response = policy.Policy().post(request)
self.assertStatusCode(response, 200)
self.assertEqual({"allowed": True}, response.json)