Merge "Moves policy setup into a fixture."
This commit is contained in:
commit
7a60566c7d
|
@ -53,7 +53,6 @@ from keystone.common.kvs import core as kvs_core
|
||||||
from keystone.common import sql
|
from keystone.common import sql
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone import notifications
|
from keystone import notifications
|
||||||
from keystone.policy.backends import rules
|
|
||||||
from keystone.server import common
|
from keystone.server import common
|
||||||
from keystone.tests.unit import ksfixtures
|
from keystone.tests.unit import ksfixtures
|
||||||
from keystone.version import controllers
|
from keystone.version import controllers
|
||||||
|
@ -81,7 +80,6 @@ TMPDIR = _calc_tmpdir()
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
log.register_options(CONF)
|
log.register_options(CONF)
|
||||||
rules.init()
|
|
||||||
|
|
||||||
IN_MEM_DB_CONN_STRING = 'sqlite://'
|
IN_MEM_DB_CONN_STRING = 'sqlite://'
|
||||||
|
|
||||||
|
@ -520,6 +518,9 @@ class TestCase(BaseTestCase):
|
||||||
def config_files(self):
|
def config_files(self):
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
def _policy_fixture(self):
|
||||||
|
return ksfixtures.Policy(dirs.etc('policy.json'), self.config_fixture)
|
||||||
|
|
||||||
def config_overrides(self):
|
def config_overrides(self):
|
||||||
# NOTE(morganfainberg): enforce config_overrides can only ever be
|
# NOTE(morganfainberg): enforce config_overrides can only ever be
|
||||||
# called a single time.
|
# called a single time.
|
||||||
|
@ -528,8 +529,9 @@ class TestCase(BaseTestCase):
|
||||||
|
|
||||||
signing_certfile = 'examples/pki/certs/signing_cert.pem'
|
signing_certfile = 'examples/pki/certs/signing_cert.pem'
|
||||||
signing_keyfile = 'examples/pki/private/signing_key.pem'
|
signing_keyfile = 'examples/pki/private/signing_key.pem'
|
||||||
self.config_fixture.config(group='oslo_policy',
|
|
||||||
policy_file=dirs.etc('policy.json'))
|
self.useFixture(self._policy_fixture())
|
||||||
|
|
||||||
self.config_fixture.config(
|
self.config_fixture.config(
|
||||||
# TODO(morganfainberg): Make Cache Testing a separate test case
|
# TODO(morganfainberg): Make Cache Testing a separate test case
|
||||||
# in tempest, and move it out of the base unit tests.
|
# in tempest, and move it out of the base unit tests.
|
||||||
|
|
|
@ -14,3 +14,4 @@
|
||||||
from keystone.tests.unit.ksfixtures.auth_plugins import ConfigAuthPlugins # noqa
|
from keystone.tests.unit.ksfixtures.auth_plugins import ConfigAuthPlugins # noqa
|
||||||
from keystone.tests.unit.ksfixtures.cache import Cache # noqa
|
from keystone.tests.unit.ksfixtures.cache import Cache # noqa
|
||||||
from keystone.tests.unit.ksfixtures.key_repository import KeyRepository # noqa
|
from keystone.tests.unit.ksfixtures.key_repository import KeyRepository # noqa
|
||||||
|
from keystone.tests.unit.ksfixtures.policy import Policy # noqa
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
# implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
import fixtures
|
||||||
|
from oslo_policy import opts
|
||||||
|
|
||||||
|
from keystone.policy.backends import rules
|
||||||
|
|
||||||
|
|
||||||
|
class Policy(fixtures.Fixture):
|
||||||
|
"""A fixture for working with policy configuration."""
|
||||||
|
|
||||||
|
def __init__(self, policy_file, config_fixture):
|
||||||
|
self._policy_file = policy_file
|
||||||
|
self._config_fixture = config_fixture
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(Policy, self).setUp()
|
||||||
|
opts.set_defaults(self._config_fixture.conf)
|
||||||
|
self._config_fixture.config(group='oslo_policy',
|
||||||
|
policy_file=self._policy_file)
|
||||||
|
rules.init()
|
||||||
|
self.addCleanup(rules.reset)
|
|
@ -17,7 +17,6 @@ from six.moves import http_client
|
||||||
import webtest
|
import webtest
|
||||||
|
|
||||||
from keystone.auth import controllers as auth_controllers
|
from keystone.auth import controllers as auth_controllers
|
||||||
from keystone.policy.backends import rules
|
|
||||||
from keystone.tests import unit
|
from keystone.tests import unit
|
||||||
from keystone.tests.unit import default_fixtures
|
from keystone.tests.unit import default_fixtures
|
||||||
from keystone.tests.unit.ksfixtures import database
|
from keystone.tests.unit.ksfixtures import database
|
||||||
|
@ -72,12 +71,6 @@ class RestfulTestCase(unit.TestCase):
|
||||||
self.admin_app = webtest.TestApp(
|
self.admin_app = webtest.TestApp(
|
||||||
self.loadapp(app_conf, name='admin'))
|
self.loadapp(app_conf, name='admin'))
|
||||||
self.addCleanup(delattr, self, 'admin_app')
|
self.addCleanup(delattr, self, 'admin_app')
|
||||||
# Initialize the policy engine and allow us to write to a temp
|
|
||||||
# file in each test to create the policies
|
|
||||||
rules.reset()
|
|
||||||
|
|
||||||
# drop the policy rules
|
|
||||||
self.addCleanup(rules.reset)
|
|
||||||
|
|
||||||
def request(self, app, path, body=None, headers=None, token=None,
|
def request(self, app, path, body=None, headers=None, token=None,
|
||||||
expected_status=None, **kwargs):
|
expected_status=None, **kwargs):
|
||||||
|
|
|
@ -23,22 +23,11 @@ from testtools import matchers
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.policy.backends import rules
|
from keystone.policy.backends import rules
|
||||||
from keystone.tests import unit
|
from keystone.tests import unit
|
||||||
|
from keystone.tests.unit import ksfixtures
|
||||||
from keystone.tests.unit.ksfixtures import temporaryfile
|
from keystone.tests.unit.ksfixtures import temporaryfile
|
||||||
|
|
||||||
|
|
||||||
class BasePolicyTestCase(unit.TestCase):
|
class PolicyFileTestCase(unit.TestCase):
|
||||||
def setUp(self):
|
|
||||||
super(BasePolicyTestCase, self).setUp()
|
|
||||||
rules.reset()
|
|
||||||
self.addCleanup(rules.reset)
|
|
||||||
self.addCleanup(self.clear_cache_safely)
|
|
||||||
|
|
||||||
def clear_cache_safely(self):
|
|
||||||
if rules._ENFORCER:
|
|
||||||
rules._ENFORCER.clear()
|
|
||||||
|
|
||||||
|
|
||||||
class PolicyFileTestCase(BasePolicyTestCase):
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
# self.tmpfilename should exist before setUp super is called
|
# self.tmpfilename should exist before setUp super is called
|
||||||
# this is to ensure it is available for the config_fixture in
|
# this is to ensure it is available for the config_fixture in
|
||||||
|
@ -48,10 +37,8 @@ class PolicyFileTestCase(BasePolicyTestCase):
|
||||||
super(PolicyFileTestCase, self).setUp()
|
super(PolicyFileTestCase, self).setUp()
|
||||||
self.target = {}
|
self.target = {}
|
||||||
|
|
||||||
def config_overrides(self):
|
def _policy_fixture(self):
|
||||||
super(PolicyFileTestCase, self).config_overrides()
|
return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
|
||||||
self.config_fixture.config(group='oslo_policy',
|
|
||||||
policy_file=self.tmpfilename)
|
|
||||||
|
|
||||||
def test_modified_policy_reloads(self):
|
def test_modified_policy_reloads(self):
|
||||||
action = "example:test"
|
action = "example:test"
|
||||||
|
@ -75,11 +62,9 @@ class PolicyFileTestCase(BasePolicyTestCase):
|
||||||
empty_credentials, action, self.target)
|
empty_credentials, action, self.target)
|
||||||
|
|
||||||
|
|
||||||
class PolicyTestCase(BasePolicyTestCase):
|
class PolicyTestCase(unit.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(PolicyTestCase, self).setUp()
|
super(PolicyTestCase, self).setUp()
|
||||||
# NOTE(vish): preload rules to circumvent reloading from file
|
|
||||||
rules.init()
|
|
||||||
self.rules = {
|
self.rules = {
|
||||||
"true": [],
|
"true": [],
|
||||||
"example:allowed": [],
|
"example:allowed": [],
|
||||||
|
@ -144,10 +129,9 @@ class PolicyTestCase(BasePolicyTestCase):
|
||||||
rules.enforce(admin_credentials, uppercase_action, self.target)
|
rules.enforce(admin_credentials, uppercase_action, self.target)
|
||||||
|
|
||||||
|
|
||||||
class DefaultPolicyTestCase(BasePolicyTestCase):
|
class DefaultPolicyTestCase(unit.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(DefaultPolicyTestCase, self).setUp()
|
super(DefaultPolicyTestCase, self).setUp()
|
||||||
rules.init()
|
|
||||||
|
|
||||||
self.rules = {
|
self.rules = {
|
||||||
"default": [],
|
"default": [],
|
||||||
|
|
|
@ -962,11 +962,9 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
||||||
user_id=self.userAdminA['id'],
|
user_id=self.userAdminA['id'],
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
|
|
||||||
def config_overrides(self):
|
def _policy_fixture(self):
|
||||||
super(TestTokenRevokeSelfAndAdmin, self).config_overrides()
|
return ksfixtures.Policy(unit.dirs.etc('policy.v3cloudsample.json'),
|
||||||
self.config_fixture.config(
|
self.config_fixture)
|
||||||
group='oslo_policy',
|
|
||||||
policy_file=unit.dirs.etc('policy.v3cloudsample.json'))
|
|
||||||
|
|
||||||
def test_user_revokes_own_token(self):
|
def test_user_revokes_own_token(self):
|
||||||
user_token = self.get_requested_token(
|
user_token = self.get_requested_token(
|
||||||
|
|
|
@ -19,6 +19,7 @@ from six.moves import range
|
||||||
|
|
||||||
from keystone.tests import unit
|
from keystone.tests import unit
|
||||||
from keystone.tests.unit import filtering
|
from keystone.tests.unit import filtering
|
||||||
|
from keystone.tests.unit import ksfixtures
|
||||||
from keystone.tests.unit.ksfixtures import temporaryfile
|
from keystone.tests.unit.ksfixtures import temporaryfile
|
||||||
from keystone.tests.unit import test_v3
|
from keystone.tests.unit import test_v3
|
||||||
|
|
||||||
|
@ -30,13 +31,14 @@ class IdentityTestFilteredCase(filtering.FilterTests,
|
||||||
test_v3.RestfulTestCase):
|
test_v3.RestfulTestCase):
|
||||||
"""Test filter enforcement on the v3 Identity API."""
|
"""Test filter enforcement on the v3 Identity API."""
|
||||||
|
|
||||||
|
def _policy_fixture(self):
|
||||||
|
return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""Setup for Identity Filter Test Cases."""
|
"""Setup for Identity Filter Test Cases."""
|
||||||
super(IdentityTestFilteredCase, self).setUp()
|
|
||||||
self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
|
self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
|
||||||
self.tmpfilename = self.tempfile.file_name
|
self.tmpfilename = self.tempfile.file_name
|
||||||
self.config_fixture.config(group='oslo_policy',
|
super(IdentityTestFilteredCase, self).setUp()
|
||||||
policy_file=self.tmpfilename)
|
|
||||||
|
|
||||||
def load_sample_data(self):
|
def load_sample_data(self):
|
||||||
"""Create sample data for these tests.
|
"""Create sample data for these tests.
|
||||||
|
|
|
@ -20,8 +20,8 @@ from oslo_serialization import jsonutils
|
||||||
from six.moves import http_client
|
from six.moves import http_client
|
||||||
|
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.policy.backends import rules
|
|
||||||
from keystone.tests import unit
|
from keystone.tests import unit
|
||||||
|
from keystone.tests.unit import ksfixtures
|
||||||
from keystone.tests.unit.ksfixtures import temporaryfile
|
from keystone.tests.unit.ksfixtures import temporaryfile
|
||||||
from keystone.tests.unit import test_v3
|
from keystone.tests.unit import test_v3
|
||||||
from keystone.tests.unit import utils
|
from keystone.tests.unit import utils
|
||||||
|
@ -34,6 +34,9 @@ DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id
|
||||||
class IdentityTestProtectedCase(test_v3.RestfulTestCase):
|
class IdentityTestProtectedCase(test_v3.RestfulTestCase):
|
||||||
"""Test policy enforcement on the v3 Identity API."""
|
"""Test policy enforcement on the v3 Identity API."""
|
||||||
|
|
||||||
|
def _policy_fixture(self):
|
||||||
|
return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""Setup for Identity Protection Test Cases.
|
"""Setup for Identity Protection Test Cases.
|
||||||
|
|
||||||
|
@ -50,14 +53,9 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
|
||||||
the default domain.
|
the default domain.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
# Ensure that test_v3.RestfulTestCase doesn't load its own
|
|
||||||
# sample data, which would make checking the results of our
|
|
||||||
# tests harder
|
|
||||||
super(IdentityTestProtectedCase, self).setUp()
|
|
||||||
self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
|
self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
|
||||||
self.tmpfilename = self.tempfile.file_name
|
self.tmpfilename = self.tempfile.file_name
|
||||||
self.config_fixture.config(group='oslo_policy',
|
super(IdentityTestProtectedCase, self).setUp()
|
||||||
policy_file=self.tmpfilename)
|
|
||||||
|
|
||||||
# A default auth request we can use - un-scoped user token
|
# A default auth request we can use - un-scoped user token
|
||||||
self.auth = self.build_authentication_request(
|
self.auth = self.build_authentication_request(
|
||||||
|
@ -560,6 +558,10 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
|
||||||
test_v3.AssignmentTestMixin):
|
test_v3.AssignmentTestMixin):
|
||||||
"""Test policy enforcement of the sample v3 cloud policy file."""
|
"""Test policy enforcement of the sample v3 cloud policy file."""
|
||||||
|
|
||||||
|
def _policy_fixture(self):
|
||||||
|
return ksfixtures.Policy(unit.dirs.etc('policy.v3cloudsample.json'),
|
||||||
|
self.config_fixture)
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""Setup for v3 Cloud Policy Sample Test Cases.
|
"""Setup for v3 Cloud Policy Sample Test Cases.
|
||||||
|
|
||||||
|
@ -585,13 +587,6 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
|
||||||
# tests harder
|
# tests harder
|
||||||
super(IdentityTestv3CloudPolicySample, self).setUp()
|
super(IdentityTestv3CloudPolicySample, self).setUp()
|
||||||
|
|
||||||
# Finally, switch to the v3 sample policy file
|
|
||||||
self.addCleanup(rules.reset)
|
|
||||||
rules.reset()
|
|
||||||
self.config_fixture.config(
|
|
||||||
group='oslo_policy',
|
|
||||||
policy_file=unit.dirs.etc('policy.v3cloudsample.json'))
|
|
||||||
|
|
||||||
self.config_fixture.config(
|
self.config_fixture.config(
|
||||||
group='resource',
|
group='resource',
|
||||||
admin_project_name=self.admin_project['name'])
|
admin_project_name=self.admin_project['name'])
|
||||||
|
|
Loading…
Reference in New Issue