Merge "expose v3policy failure with is_admin_token"

2016-12-16 05:26:46 +00:00 · 2016-12-16 05:26:46 +00:00 · c46ff2b1ab
commit c46ff2b1ab
parent ea521d9219 3845e36f0d
1 changed files with 29 additions and 0 deletions
--- a/keystone/tests/unit/test_policy.py
+++ b/keystone/tests/unit/test_policy.py
@ -15,11 +15,13 @@

 import json
 import os
+import uuid

 from oslo_policy import policy as common_policy
 import six
 from testtools import matchers

+import keystone.conf
 from keystone import exception
 from keystone.policy.backends import rules
 from keystone.tests import unit
@ -27,6 +29,9 @@ from keystone.tests.unit import ksfixtures
 from keystone.tests.unit.ksfixtures import temporaryfile


+CONF = keystone.conf.CONF
+
+
 class PolicyFileTestCase(unit.TestCase):
    def setUp(self):
        # self.tmpfilename should exist before setUp super is called
@ -183,6 +188,30 @@ class PolicyJsonTestCase(unit.TestCase):

        self.assertThat(diffs, matchers.Equals(set()))

+    def test_policies_loads(self):
+        action = 'identity:list_projects'
+        target = {'user_id': uuid.uuid4().hex,
+                  'user.domain_id': uuid.uuid4().hex,
+                  'group.domain_id': uuid.uuid4().hex,
+                  'project.domain_id': uuid.uuid4().hex,
+                  'project_id': uuid.uuid4().hex,
+                  'domain_id': uuid.uuid4().hex}
+        credentials = {'username': uuid.uuid4().hex, 'token': uuid.uuid4().hex,
+                       'project_name': None, 'user_id': uuid.uuid4().hex,
+                       'roles': [u'admin'], 'is_admin': True,
+                       'is_admin_project': True, 'project_id': None,
+                       'domain_id': uuid.uuid4().hex}
+
+        standard_policy = unit.dirs.etc('policy.json')
+        enforcer = common_policy.Enforcer(CONF, policy_file=standard_policy)
+        result = enforcer.enforce(action, target, credentials)
+        self.assertTrue(result)
+
+        domain_policy = unit.dirs.etc('policy.v3cloudsample.json')
+        enforcer = common_policy.Enforcer(CONF, policy_file=domain_policy)
+        self.assertRaises(TypeError, enforcer.enforce,
+                          action, target, credentials)
+
    def test_all_targets_documented(self):
        # All the targets in the sample policy file must be documented in
        # doc/source/policy_mapping.rst.