Merge "Check proper config option to see if scope is enforced or not"
This commit is contained in:
commit
37ddc2cbae
@ -124,7 +124,7 @@ class ContextBase(oslo_context.RequestContext):
|
||||
if 'admin' not in [x.lower() for x in context.roles]:
|
||||
context.roles = context.roles + ["admin"]
|
||||
|
||||
if cfg.CONF.oslo_policy.enforce_new_defaults:
|
||||
if cfg.CONF.oslo_policy.enforce_scope:
|
||||
context.system_scope = 'all'
|
||||
|
||||
return context
|
||||
|
@ -178,7 +178,7 @@ def model_query_scope_is_project(context, model):
|
||||
# TODO(slaweq): Remove that old is_admin check and always check scopes
|
||||
# when old, deprecated rules will be removed and only rules with new
|
||||
# personas will be supported
|
||||
if cfg.CONF.oslo_policy.enforce_new_defaults:
|
||||
if cfg.CONF.oslo_policy.enforce_scope:
|
||||
# Unless a context is a system_scope token, query should be scoped to a
|
||||
# single project_id
|
||||
return context.system_scope != 'all'
|
||||
|
@ -91,8 +91,7 @@ class TestUtils(base.BaseTestCase):
|
||||
mock_populate.assert_called_once_with({'name': 'n'})
|
||||
|
||||
def test_model_query_scope_is_project_admin_old_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', False, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', False, group='oslo_policy')
|
||||
ctx = context.Context(
|
||||
project_id='some project',
|
||||
is_admin=True,
|
||||
@ -108,8 +107,7 @@ class TestUtils(base.BaseTestCase):
|
||||
utils.model_query_scope_is_project(ctx, model))
|
||||
|
||||
def test_model_query_scope_is_project_advsvc_old_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', False, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', False, group='oslo_policy')
|
||||
ctx = context.Context(
|
||||
project_id='some project',
|
||||
is_admin=False,
|
||||
@ -125,8 +123,7 @@ class TestUtils(base.BaseTestCase):
|
||||
utils.model_query_scope_is_project(ctx, model))
|
||||
|
||||
def test_model_query_scope_is_project_regular_user_old_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', False, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', False, group='oslo_policy')
|
||||
ctx = context.Context(
|
||||
project_id='some project',
|
||||
is_admin=False,
|
||||
@ -142,8 +139,7 @@ class TestUtils(base.BaseTestCase):
|
||||
utils.model_query_scope_is_project(ctx, model))
|
||||
|
||||
def test_model_query_scope_is_project_system_scope_old_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', False, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', False, group='oslo_policy')
|
||||
ctx = context.Context(system_scope='all')
|
||||
model = mock.Mock(project_id='project')
|
||||
|
||||
@ -156,8 +152,7 @@ class TestUtils(base.BaseTestCase):
|
||||
utils.model_query_scope_is_project(ctx, model))
|
||||
|
||||
def test_model_query_scope_is_project_admin_new_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', True, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', True, group='oslo_policy')
|
||||
ctx = context.Context(
|
||||
project_id='some project',
|
||||
is_admin=True,
|
||||
@ -173,8 +168,7 @@ class TestUtils(base.BaseTestCase):
|
||||
utils.model_query_scope_is_project(ctx, model))
|
||||
|
||||
def test_model_query_scope_is_project_advsvc_new_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', True, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', True, group='oslo_policy')
|
||||
ctx = context.Context(
|
||||
project_id='some project',
|
||||
is_admin=False,
|
||||
@ -190,8 +184,7 @@ class TestUtils(base.BaseTestCase):
|
||||
utils.model_query_scope_is_project(ctx, model))
|
||||
|
||||
def test_model_query_scope_is_project_regular_user_new_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', True, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', True, group='oslo_policy')
|
||||
ctx = context.Context(
|
||||
project_id='some project',
|
||||
is_admin=False,
|
||||
@ -207,8 +200,7 @@ class TestUtils(base.BaseTestCase):
|
||||
utils.model_query_scope_is_project(ctx, model))
|
||||
|
||||
def test_model_query_scope_is_project_system_scope_new_defaults(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', True, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', True, group='oslo_policy')
|
||||
ctx = context.Context(
|
||||
system_scope='all')
|
||||
model = mock.Mock(project_id='project')
|
||||
|
@ -151,8 +151,7 @@ class TestNeutronContext(_base.BaseTestCase):
|
||||
self.assertTrue(elevated2_ctx.is_admin)
|
||||
|
||||
def test_neutron_context_elevated_system_scope_for_new_policies(self):
|
||||
cfg.CONF.set_override(
|
||||
'enforce_new_defaults', True, group='oslo_policy')
|
||||
cfg.CONF.set_override('enforce_scope', True, group='oslo_policy')
|
||||
ctx = context.Context('user_id', 'tenant_id')
|
||||
self.assertFalse(ctx.is_admin)
|
||||
self.assertNotEqual('all', ctx.system_scope)
|
||||
|
Loading…
Reference in New Issue
Block a user