Merge "Moves policy setup into a fixture."

keystone/tests/unit/core.py

@@ -53,7 +53,6 @@ from keystone.common.kvs import core as kvs_core
 from keystone.common import sql
 from keystone import exception
 from keystone import notifications
-from keystone.policy.backends import rules
 from keystone.server import common
 from keystone.tests.unit import ksfixtures
 from keystone.version import controllers
@@ -81,7 +80,6 @@ TMPDIR = _calc_tmpdir()
 
 CONF = cfg.CONF
 log.register_options(CONF)
-rules.init()
 
 IN_MEM_DB_CONN_STRING = 'sqlite://'
 
@@ -520,6 +518,9 @@ class TestCase(BaseTestCase):
     def config_files(self):
         return []
 
+    def _policy_fixture(self):
+        return ksfixtures.Policy(dirs.etc('policy.json'), self.config_fixture)
+
     def config_overrides(self):
         # NOTE(morganfainberg): enforce config_overrides can only ever be
         # called a single time.
@@ -528,8 +529,9 @@ class TestCase(BaseTestCase):
 
         signing_certfile = 'examples/pki/certs/signing_cert.pem'
         signing_keyfile = 'examples/pki/private/signing_key.pem'
-        self.config_fixture.config(group='oslo_policy',
+
-                                   policy_file=dirs.etc('policy.json'))
+        self.useFixture(self._policy_fixture())
+
         self.config_fixture.config(
             # TODO(morganfainberg): Make Cache Testing a separate test case
             # in tempest, and move it out of the base unit tests.

keystone/tests/unit/ksfixtures/__init__.py

@@ -14,3 +14,4 @@
 from keystone.tests.unit.ksfixtures.auth_plugins import ConfigAuthPlugins  # noqa
 from keystone.tests.unit.ksfixtures.cache import Cache  # noqa
 from keystone.tests.unit.ksfixtures.key_repository import KeyRepository  # noqa
+from keystone.tests.unit.ksfixtures.policy import Policy  # noqa

keystone/tests/unit/ksfixtures/policy.py

@@ -0,0 +1,33 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import fixtures
+from oslo_policy import opts
+
+from keystone.policy.backends import rules
+
+
+class Policy(fixtures.Fixture):
+    """A fixture for working with policy configuration."""
+
+    def __init__(self, policy_file, config_fixture):
+        self._policy_file = policy_file
+        self._config_fixture = config_fixture
+
+    def setUp(self):
+        super(Policy, self).setUp()
+        opts.set_defaults(self._config_fixture.conf)
+        self._config_fixture.config(group='oslo_policy',
+                                    policy_file=self._policy_file)
+        rules.init()
+        self.addCleanup(rules.reset)

keystone/tests/unit/rest.py

@@ -17,7 +17,6 @@ from six.moves import http_client
 import webtest
 
 from keystone.auth import controllers as auth_controllers
-from keystone.policy.backends import rules
 from keystone.tests import unit
 from keystone.tests.unit import default_fixtures
 from keystone.tests.unit.ksfixtures import database
@@ -72,12 +71,6 @@ class RestfulTestCase(unit.TestCase):
         self.admin_app = webtest.TestApp(
             self.loadapp(app_conf, name='admin'))
         self.addCleanup(delattr, self, 'admin_app')
-        # Initialize the policy engine and allow us to write to a temp
-        # file in each test to create the policies
-        rules.reset()
-
-        # drop the policy rules
-        self.addCleanup(rules.reset)
 
     def request(self, app, path, body=None, headers=None, token=None,
                 expected_status=None, **kwargs):

keystone/tests/unit/test_policy.py

@@ -23,22 +23,11 @@ from testtools import matchers
 from keystone import exception
 from keystone.policy.backends import rules
 from keystone.tests import unit
+from keystone.tests.unit import ksfixtures
 from keystone.tests.unit.ksfixtures import temporaryfile
 
 
-class BasePolicyTestCase(unit.TestCase):
+class PolicyFileTestCase(unit.TestCase):
-    def setUp(self):
-        super(BasePolicyTestCase, self).setUp()
-        rules.reset()
-        self.addCleanup(rules.reset)
-        self.addCleanup(self.clear_cache_safely)
-
-    def clear_cache_safely(self):
-        if rules._ENFORCER:
-            rules._ENFORCER.clear()
-
-
-class PolicyFileTestCase(BasePolicyTestCase):
     def setUp(self):
         # self.tmpfilename should exist before setUp super is called
         # this is to ensure it is available for the config_fixture in
@@ -48,10 +37,8 @@ class PolicyFileTestCase(BasePolicyTestCase):
         super(PolicyFileTestCase, self).setUp()
         self.target = {}
 
-    def config_overrides(self):
+    def _policy_fixture(self):
-        super(PolicyFileTestCase, self).config_overrides()
+        return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
-        self.config_fixture.config(group='oslo_policy',
-                                   policy_file=self.tmpfilename)
 
     def test_modified_policy_reloads(self):
         action = "example:test"
@@ -75,11 +62,9 @@ class PolicyFileTestCase(BasePolicyTestCase):
                           empty_credentials, action, self.target)
 
 
-class PolicyTestCase(BasePolicyTestCase):
+class PolicyTestCase(unit.TestCase):
     def setUp(self):
         super(PolicyTestCase, self).setUp()
-        # NOTE(vish): preload rules to circumvent reloading from file
-        rules.init()
         self.rules = {
             "true": [],
             "example:allowed": [],
@@ -144,10 +129,9 @@ class PolicyTestCase(BasePolicyTestCase):
         rules.enforce(admin_credentials, uppercase_action, self.target)
 
 
-class DefaultPolicyTestCase(BasePolicyTestCase):
+class DefaultPolicyTestCase(unit.TestCase):
     def setUp(self):
         super(DefaultPolicyTestCase, self).setUp()
-        rules.init()
 
         self.rules = {
             "default": [],

keystone/tests/unit/test_v3_auth.py

@@ -962,11 +962,9 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
                                          user_id=self.userAdminA['id'],
                                          domain_id=self.domainA['id'])
 
-    def config_overrides(self):
+    def _policy_fixture(self):
-        super(TestTokenRevokeSelfAndAdmin, self).config_overrides()
+        return ksfixtures.Policy(unit.dirs.etc('policy.v3cloudsample.json'),
-        self.config_fixture.config(
+                                 self.config_fixture)
-            group='oslo_policy',
-            policy_file=unit.dirs.etc('policy.v3cloudsample.json'))
 
     def test_user_revokes_own_token(self):
         user_token = self.get_requested_token(

keystone/tests/unit/test_v3_filters.py

@@ -19,6 +19,7 @@ from six.moves import range
 
 from keystone.tests import unit
 from keystone.tests.unit import filtering
+from keystone.tests.unit import ksfixtures
 from keystone.tests.unit.ksfixtures import temporaryfile
 from keystone.tests.unit import test_v3
 
@@ -30,13 +31,14 @@ class IdentityTestFilteredCase(filtering.FilterTests,
                                test_v3.RestfulTestCase):
     """Test filter enforcement on the v3 Identity API."""
 
+    def _policy_fixture(self):
+        return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
+
     def setUp(self):
         """Setup for Identity Filter Test Cases."""
-        super(IdentityTestFilteredCase, self).setUp()
         self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
         self.tmpfilename = self.tempfile.file_name
-        self.config_fixture.config(group='oslo_policy',
+        super(IdentityTestFilteredCase, self).setUp()
-                                   policy_file=self.tmpfilename)
 
     def load_sample_data(self):
         """Create sample data for these tests.

keystone/tests/unit/test_v3_protection.py

@@ -20,8 +20,8 @@ from oslo_serialization import jsonutils
 from six.moves import http_client
 
 from keystone import exception
-from keystone.policy.backends import rules
 from keystone.tests import unit
+from keystone.tests.unit import ksfixtures
 from keystone.tests.unit.ksfixtures import temporaryfile
 from keystone.tests.unit import test_v3
 from keystone.tests.unit import utils
@@ -34,6 +34,9 @@ DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id
 class IdentityTestProtectedCase(test_v3.RestfulTestCase):
     """Test policy enforcement on the v3 Identity API."""
 
+    def _policy_fixture(self):
+        return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
+
     def setUp(self):
         """Setup for Identity Protection Test Cases.
 
@@ -50,14 +53,9 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
         the default domain.
 
         """
-        # Ensure that test_v3.RestfulTestCase doesn't load its own
-        # sample data, which would make checking the results of our
-        # tests harder
-        super(IdentityTestProtectedCase, self).setUp()
         self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
         self.tmpfilename = self.tempfile.file_name
-        self.config_fixture.config(group='oslo_policy',
+        super(IdentityTestProtectedCase, self).setUp()
-                                   policy_file=self.tmpfilename)
 
         # A default auth request we can use - un-scoped user token
         self.auth = self.build_authentication_request(
@@ -560,6 +558,10 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
                                       test_v3.AssignmentTestMixin):
     """Test policy enforcement of the sample v3 cloud policy file."""
 
+    def _policy_fixture(self):
+        return ksfixtures.Policy(unit.dirs.etc('policy.v3cloudsample.json'),
+                                 self.config_fixture)
+
     def setUp(self):
         """Setup for v3 Cloud Policy Sample Test Cases.
 
@@ -585,13 +587,6 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
         # tests harder
         super(IdentityTestv3CloudPolicySample, self).setUp()
 
-        # Finally, switch to the v3 sample policy file
-        self.addCleanup(rules.reset)
-        rules.reset()
-        self.config_fixture.config(
-            group='oslo_policy',
-            policy_file=unit.dirs.etc('policy.v3cloudsample.json'))
-
         self.config_fixture.config(
             group='resource',
             admin_project_name=self.admin_project['name'])