From 55b4e51e8cd5b6875c7d384589ec188638b8a255 Mon Sep 17 00:00:00 2001 From: Matthew Edmonds Date: Wed, 16 Nov 2016 16:41:12 -0500 Subject: [PATCH] update policy UT fixtures RoleBasedPolicyFixture is opening a policy file specified by a conf setting. This only works for NoDbTestCase today because of the way TestCase sets up CONF. And now that policy has moved into code, we really have no reason to read from a file here. We should read defaults from the code. This makes that change. Change-Id: I8feba7d694cc0f2971b0fb0dbe0409c90809df98 --- nova/tests/unit/policy_fixture.py | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/nova/tests/unit/policy_fixture.py b/nova/tests/unit/policy_fixture.py index 9c9badb1ac27..7b614e9c7366 100644 --- a/nova/tests/unit/policy_fixture.py +++ b/nova/tests/unit/policy_fixture.py @@ -100,16 +100,13 @@ class PolicyFixture(RealPolicyFixture): class RoleBasedPolicyFixture(RealPolicyFixture): - """Load a modified policy which allows all actions only be a single roll. + """Load a modified policy which allows all actions only by a single role. This fixture can be used for testing role based permissions as it provides a version of the policy which stomps over all previous declaration and makes every action only available to a single role. - NOTE(sdague): we could probably do this simpler by only loading a - single default rule. - """ def __init__(self, role="admin", *args, **kwargs): @@ -117,17 +114,12 @@ class RoleBasedPolicyFixture(RealPolicyFixture): self.role = role def _prepare_policy(self): - with open(CONF.oslo_policy.policy_file) as fp: - policy = fp.read() - policy = jsonutils.loads(policy) - self.add_missing_default_rules(policy) - - # Convert all actions to require specified role - for action in policy: - policy[action] = 'role:%s' % self.role + # Convert all actions to require the specified role + policy = {} + for rule in policies.list_rules(): + policy[rule.name] = 'role:%s' % self.role self.policy_dir = self.useFixture(fixtures.TempDir()) - self.policy_file = os.path.join(self.policy_dir.path, - 'policy.json') + self.policy_file = os.path.join(self.policy_dir.path, 'policy.json') with open(self.policy_file, 'w') as f: jsonutils.dump(policy, f)