openstack/ironic
Code Issues Proposed changes
8105ba2660
ironic/ironic/tests/unit/policy_fixture.py
Devananda van der Veen c7da7a6925 Add keystone policy support to Ironic 
Implements more fine-grained policy support within our API service,
following the oslo policy-in-code spec, while maintaining compatibility
with the previous default policy.json file. An empty policy.json file is
included, along with a sample file listig all supported policy settings
and their default values.

A new tox target "genpolicy" has been added to ease automation of
sample policy file generation.

All calls to policy.enforce() have been replaced with with
policy.authorize() to avoid silent failures when a rule is undefined,
because enforce() does not raise() if the target rule does not exist.

  NOTE: policy.enforce() is not removed by this patch, but a deprecation
  warning will be logged if it this method is invoked.

Updates unit test coverage for the new authorize() method, as well as
more general unit test updates for some of the new rules.

Partial-bug: #1526752
Change-Id: Ie4398f840601d027e2fe209c17d854421687c7b7
2016-08-04 12:43:20 +00:00

47 lines
1.6 KiB
Python
Raw Blame History

# Copyright 2012 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
import fixtures
from oslo_config import cfg
from oslo_policy import opts as policy_opts
from ironic.common import policy as ironic_policy
CONF = cfg.CONF
# NOTE(deva): We ship a default that always masks passwords, but for testing
# we need to override that default to ensure passwords can be
# made visible by operators that choose to do so.
policy_data = """
{
"show_password": "tenant:admin"
}
"""
class PolicyFixture(fixtures.Fixture):
def setUp(self):
super(PolicyFixture, self).setUp()
self.policy_dir = self.useFixture(fixtures.TempDir())
self.policy_file_name = os.path.join(self.policy_dir.path,
'policy.json')
with open(self.policy_file_name, 'w') as policy_file:
policy_file.write(policy_data)
policy_opts.set_defaults(CONF)
CONF.set_override('policy_file', self.policy_file_name, 'oslo_policy')
ironic_policy._ENFORCER = None
self.addCleanup(ironic_policy.get_enforcer().clear)
View Git Blame Copy Permalink