openstack
/
nova
Code Issues Proposed changes

update policy UT fixtures 

RoleBasedPolicyFixture is opening a policy file specified by a conf
setting. This only works for NoDbTestCase today because of the way
TestCase sets up CONF. And now that policy has moved into code, we
really have no reason to read from a file here. We should read
defaults from the code. This makes that change.

Change-Id: I8feba7d694cc0f2971b0fb0dbe0409c90809df98
This commit is contained in:
Matthew Edmonds 2016-11-16 16:41:12 -05:00
parent f09ff27dff
commit 55b4e51e8c
1 changed files with 6 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nova/tests/unit/policy_fixture.py
View File

@ -100,16 +100,13 @@ class PolicyFixture(RealPolicyFixture):
class RoleBasedPolicyFixture(RealPolicyFixture):
"""Load a modified policy which allows all actions only be a single roll.
"""Load a modified policy which allows all actions only by a single role.
This fixture can be used for testing role based permissions as it
provides a version of the policy which stomps over all previous
declaration and makes every action only available to a single
role.
NOTE(sdague): we could probably do this simpler by only loading a
single default rule.
"""
def __init__(self, role="admin", *args, **kwargs):
@ -117,17 +114,12 @@ class RoleBasedPolicyFixture(RealPolicyFixture):
self.role = role
def _prepare_policy(self):
with open(CONF.oslo_policy.policy_file) as fp:
policy = fp.read()
policy = jsonutils.loads(policy)
self.add_missing_default_rules(policy)
# Convert all actions to require specified role
for action in policy:
policy[action] = 'role:%s' % self.role
# Convert all actions to require the specified role
policy = {}
for rule in policies.list_rules():
policy[rule.name] = 'role:%s' % self.role
self.policy_dir = self.useFixture(fixtures.TempDir())
self.policy_file = os.path.join(self.policy_dir.path,
'policy.json')
self.policy_file = os.path.join(self.policy_dir.path, 'policy.json')
with open(self.policy_file, 'w') as f:
jsonutils.dump(policy, f)