89d226916c
We have a HttpCheck that can check rules by calling a remote server. However currently it just supports "http://" and not "https://". In this patch, we add a HttpsCheck so we can support "https://" urls as well. In addition to ensure security, we add options to: * Specify a ca cert to validate the server * Specify cert/key to allow server to validate the client Another quirk was that currently the payload is being sent using 'application/x-www-form-urlencoded' as the content-type. We add another option to send the payload as 'application/json'. Add this same support to the HttpCheck as well. Change-Id: Ic9c5249555fb45010a92432a504c84ad3fbb9ea1
56 lines
2.1 KiB
Python
56 lines
2.1 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import json
|
|
|
|
from oslo_policy import fixture
|
|
from oslo_policy import policy as oslo_policy
|
|
from oslo_policy.tests import base as test_base
|
|
|
|
|
|
class FixtureTestCase(test_base.PolicyBaseTestCase):
|
|
def test_enforce_http_true(self):
|
|
self.assertTrue(self._test_enforce_http(True))
|
|
|
|
def test_enforce_http_false(self):
|
|
self.assertFalse(self._test_enforce_http(False))
|
|
|
|
def _test_enforce_http(self, return_value):
|
|
self.useFixture(fixture.HttpCheckFixture(return_value=return_value))
|
|
action = self.getUniqueString()
|
|
rules_json = {
|
|
action: "http:" + self.getUniqueString()
|
|
}
|
|
rules = oslo_policy.Rules.load(json.dumps(rules_json))
|
|
self.enforcer.set_rules(rules)
|
|
return self.enforcer.enforce(rule=action,
|
|
target={},
|
|
creds={})
|
|
|
|
def test_enforce_https_true(self):
|
|
self.assertTrue(self._test_enforce_http(True))
|
|
|
|
def test_enforce_https_false(self):
|
|
self.assertFalse(self._test_enforce_http(False))
|
|
|
|
def _test_enforce_https(self, return_value):
|
|
self.useFixture(fixture.HttpsCheckFixture(return_value=return_value))
|
|
action = self.getUniqueString()
|
|
rules_json = {
|
|
action: "https:" + self.getUniqueString()
|
|
}
|
|
rules = oslo_policy.Rules.load(json.dumps(rules_json))
|
|
self.enforcer.set_rules(rules)
|
|
return self.enforcer.enforce(rule=action,
|
|
target={},
|
|
creds={})
|