本文整理汇总了Python中oslo_policy.policy.RuleDefault方法的典型用法代码示例。如果您正苦于以下问题:Python policy.RuleDefault方法的具体用法?Python policy.RuleDefault怎么用?Python policy.RuleDefault使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类oslo_policy.policy
的用法示例。
在下文中一共展示了policy.RuleDefault方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_modified_policy_reloads
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
with tempfile.NamedTemporaryFile(mode='w', delete=True) as tmp:
self.conf.load_raw_values(
group='oslo_policy', policy_file=tmp.name)
tmp.write('{"example:test": ""}')
tmp.flush()
self.context = context.Context('fake', 'fake')
rule = oslo_policy.RuleDefault('example:test', "")
policy.get_enforcer().register_defaults([rule])
action = "example:test"
policy.get_enforcer().authorize(action, self.target, self.context)
tmp.seek(0)
tmp.write('{"example:test": "!"}')
tmp.flush()
policy.get_enforcer().load_rules(True)
self.assertRaises(exceptions.PolicyForbidden,
policy.get_enforcer().authorize,
action, self.target, self.context)
示例2: setUp
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
super(PolicyTestCase, self).setUp()
rules = [
common_policy.RuleDefault("true", '@'),
common_policy.RuleDefault("test:allowed", '@'),
common_policy.RuleDefault("test:denied", "!"),
common_policy.RuleDefault("test:my_file",
"role:compute_admin or "
"project_id:%(project_id)s"),
common_policy.RuleDefault("test:early_and_fail", "! and @"),
common_policy.RuleDefault("test:early_or_success", "@ or !"),
common_policy.RuleDefault("test:lowercase_admin",
"role:admin"),
common_policy.RuleDefault("test:uppercase_admin",
"role:ADMIN"),
]
policy.reset()
policy.init()
# before a policy rule can be used, its default has to be registered.
policy._ENFORCER.register_defaults(rules)
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
self.addCleanup(policy.reset)
示例3: test_modified_policy_reloads
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
with utils.tempdir() as tmpdir:
tmpfilename = os.path.join(tmpdir, 'policy')
self.flags(policy_file=tmpfilename, group='oslo_policy')
# NOTE(Dinesh_Bhor): context construction invokes policy check to
# determine is_admin or not. As a side-effect, policy reset is
# needed here to flush existing policy cache.
policy.reset()
policy.init()
rule = oslo_policy.RuleDefault('example:test', "")
policy._ENFORCER.register_defaults([rule])
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": ""}')
policy.authorize(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": "!"}')
policy._ENFORCER.load_rules(True)
self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
self.context, action, self.target)
示例4: setUp
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
super(PolicyTestCase, self).setUp()
rules = [
oslo_policy.RuleDefault("true", '@'),
oslo_policy.RuleDefault("example:allowed", '@'),
oslo_policy.RuleDefault("example:denied", "!"),
oslo_policy.RuleDefault("example:get_http",
"http://www.example.com"),
oslo_policy.RuleDefault("example:my_file",
"role:compute_admin or "
"project_id:%(project_id)s"),
oslo_policy.RuleDefault("example:early_and_fail", "! and @"),
oslo_policy.RuleDefault("example:early_or_success", "@ or !"),
oslo_policy.RuleDefault("example:lowercase_admin",
"role:admin or role:sysadmin"),
oslo_policy.RuleDefault("example:uppercase_admin",
"role:ADMIN or role:sysadmin"),
]
policy.reset()
policy.init()
# before a policy rule can be used, its default has to be registered.
policy._ENFORCER.register_defaults(rules)
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
示例5: test_modified_policy_reloads
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
with utils.tempdir() as tmpdir:
tmpfilename = os.path.join(tmpdir, 'policy')
self.fixture.config(policy_file=tmpfilename, group='oslo_policy')
rule = oslo_policy.RuleDefault('example:test', "")
policy.reset()
policy.init()
policy._ENFORCER.register_defaults([rule])
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": ""}')
policy.authorize(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": "!"}')
policy._ENFORCER.load_rules(True)
self.assertRaises(policy.PolicyNotAuthorized,
policy.authorize,
self.context, action, self.target)
示例6: setUp
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
super(PolicyTestCase, self).setUp()
rules = [
oslo_policy.RuleDefault("true", '@'),
oslo_policy.RuleDefault("test:allowed", '@'),
oslo_policy.RuleDefault("test:denied", "!"),
oslo_policy.RuleDefault("test:early_and_fail", "! and @"),
oslo_policy.RuleDefault("test:early_or_success", "@ or !"),
oslo_policy.RuleDefault("test:lowercase_admin",
"role:admin"),
oslo_policy.RuleDefault("test:uppercase_admin",
"role:ADMIN"),
]
CONF(args=[], project='cloudkitty', default_config_files=[])
# before a policy rule can be used, its default has to be registered.
policy.reset()
policy.init()
policy._ENFORCER.register_defaults(rules)
self.context = context.RequestContext(user_id='fake',
project_id='fake',
roles=['member'])
self.target = {}
self.addCleanup(policy.reset)
示例7: test_modified_policy_reloads
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
tmp_file = \
self.create_tempfiles(files=[('policies', '{}')], ext='.yaml')[0]
base.BaseTestCase.conf_override(policy_file=tmp_file,
group='oslo_policy')
policy_engine.reset()
policy_engine.init()
action = 'example:test'
rule = os_policy.RuleDefault(action, '')
policy_engine._ENFORCER.register_defaults([rule])
with open(tmp_file, 'w') as policy_file:
policy_file.write('{"example:test": ""}')
policy_engine.authorize(self.context, action, self.target)
with open(tmp_file, 'w') as policy_file:
policy_file.write('{"example:test": "!"}')
policy_engine._ENFORCER.load_rules(True)
self.assertRaises(os_policy.PolicyNotAuthorized,
policy_engine.authorize,
self.context, action, self.target)
示例8: test_modified_policy_reloads
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
tmp_file = \
self.create_tempfiles(files=[('policies', '{}')], ext='.yaml')[0]
base.BaseTestCase.conf_override(policy_file=tmp_file,
group='oslo_policy')
policy.reset()
policy.init()
action = 'example:test'
rule = os_policy.RuleDefault(action, '')
policy._ENFORCER.register_defaults([rule])
with open(tmp_file, 'w') as policy_file:
policy_file.write('{"example:test": ""}')
policy.authorize(self.context, action, self.target)
with open(tmp_file, 'w') as policy_file:
policy_file.write('{"example:test": "!"}')
policy._ENFORCER.load_rules(True)
self.assertRaises(os_policy.PolicyNotAuthorized, policy.authorize,
self.context, action, self.target)
示例9: _test_scenario_with_opts_registered
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def _test_scenario_with_opts_registered(self, scenario, *args, **kwargs):
# This test registers some rules, calls the scenario and then checks
# the registered rules. The scenario should be a method which loads
# policy files containing POLICY_*_CONTENTS defined above. They should
# be loaded on the self.enforcer object.
# This should be overridden by the policy file
self.enforcer.register_default(policy.RuleDefault(name='admin',
check_str='is_admin:False'))
# This is not in the policy file, only registered
self.enforcer.register_default(policy.RuleDefault(name='owner',
check_str='role:owner'))
scenario(*args, **kwargs)
self.assertIn('owner', self.enforcer.rules)
self.assertEqual('role:owner', str(self.enforcer.rules['owner']))
self.assertEqual('is_admin:True', str(self.enforcer.rules['admin']))
self.assertIn('owner', self.enforcer.registered_rules)
self.assertIn('admin', self.enforcer.registered_rules)
self.assertNotIn('default', self.enforcer.registered_rules)
self.assertNotIn('owner', self.enforcer.file_rules)
self.assertIn('admin', self.enforcer.file_rules)
self.assertIn('default', self.enforcer.file_rules)
示例10: test_enforcer_keep_use_conf_flag_after_reload_opts_registered
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_enforcer_keep_use_conf_flag_after_reload_opts_registered(self):
# This test does not use _test_scenario_with_opts_registered because
# it loads all rules and then dumps them to a policy file and reloads.
# That breaks the ability to differentiate between registered and file
# loaded policies.
# This should be overridden by the policy file
self.enforcer.register_default(policy.RuleDefault(name='admin',
check_str='is_admin:False'))
# This is not in the policy file, only registered
self.enforcer.register_default(policy.RuleDefault(name='owner',
check_str='role:owner'))
self.test_enforcer_keep_use_conf_flag_after_reload()
self.assertIn('owner', self.enforcer.rules)
self.assertEqual('role:owner', str(self.enforcer.rules['owner']))
self.assertEqual('is_admin:True', str(self.enforcer.rules['admin']))
示例11: test_enforcer_raises_invalid_scope_with_system_scope_type
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_enforcer_raises_invalid_scope_with_system_scope_type(self):
self.conf.set_override('enforce_scope', True, group='oslo_policy')
rule = policy.RuleDefault(
name='fake_rule', check_str='role:test', scope_types=['system']
)
self.enforcer.register_default(rule)
# model a domain-scoped token, which should fail enforcement
ctx = context.RequestContext(domain_id='fake')
target_dict = {}
self.assertRaises(
policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
target_dict, ctx
)
# model a project-scoped token, which should fail enforcement
ctx = context.RequestContext(project_id='fake')
self.assertRaises(
policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
target_dict, ctx
)
示例12: test_enforcer_raises_invalid_scope_with_domain_scope_type
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_enforcer_raises_invalid_scope_with_domain_scope_type(self):
self.conf.set_override('enforce_scope', True, group='oslo_policy')
rule = policy.RuleDefault(
name='fake_rule', check_str='role:test', scope_types=['domain']
)
self.enforcer.register_default(rule)
# model a system-scoped token, which should fail enforcement
ctx = context.RequestContext(system_scope='all')
target_dict = {}
self.assertRaises(
policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
target_dict, ctx
)
# model a project-scoped token, which should fail enforcement
ctx = context.RequestContext(project_id='fake')
self.assertRaises(
policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
target_dict, ctx
)
示例13: test_modified_policy_reloads
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
with utils.tempdir() as tmpdir:
tmpfilename = os.path.join(tmpdir, 'policy')
self.fixture.config(policy_file=tmpfilename, group='oslo_policy')
policy.reset()
policy.init()
rule = oslo_policy.RuleDefault('example:test', "")
policy._ENFORCER.register_defaults([rule])
action = "example:test"
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": ""}')
policy.authorize(self.context, action, self.target)
with open(tmpfilename, "w") as policyfile:
policyfile.write('{"example:test": "!"}')
policy._ENFORCER.load_rules(True)
self.assertRaises(exception.PolicyNotAuthorized,
policy.authorize,
self.context, action, self.target)
示例14: setUp
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
super(PolicyTestCase, self).setUp()
rules = [
oslo_policy.RuleDefault("true", '@'),
oslo_policy.RuleDefault("test:allowed", '@'),
oslo_policy.RuleDefault("test:denied", "!"),
oslo_policy.RuleDefault("test:my_file",
"role:compute_admin or "
"project_id:%(project_id)s"),
oslo_policy.RuleDefault("test:early_and_fail", "! and @"),
oslo_policy.RuleDefault("test:early_or_success", "@ or !"),
oslo_policy.RuleDefault("test:lowercase_admin",
"role:admin"),
oslo_policy.RuleDefault("test:uppercase_admin",
"role:ADMIN"),
]
policy.reset()
policy.init()
# before a policy rule can be used, its default has to be registered.
policy._ENFORCER.register_defaults(rules)
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
self.addCleanup(policy.reset)
示例15: setUp
# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
super(PolicyTestCase, self).setUp()
self.conf = self.useFixture(oslo_fixture.Config())
# diltram: this one must be removed after fixing issue in oslo.config
# https://bugs.launchpad.net/oslo.config/+bug/1645868
self.conf.conf.__call__(args=[])
policy.reset()
self.context = context.Context('fake', 'fake', roles=['member'])
self.rules = [
oslo_policy.RuleDefault("true", "@"),
oslo_policy.RuleDefault("example:allowed", "@"),
oslo_policy.RuleDefault("example:denied", "!"),
oslo_policy.RuleDefault("example:get_http",
"http://www.example.com"),
oslo_policy.RuleDefault("example:my_file",
"role:compute_admin or "
"project_id:%(project_id)s"),
oslo_policy.RuleDefault("example:early_and_fail", "! and @"),
oslo_policy.RuleDefault("example:early_or_success", "@ or !"),
oslo_policy.RuleDefault("example:lowercase_admin",
"role:admin or role:sysadmin"),
oslo_policy.RuleDefault("example:uppercase_admin",
"role:ADMIN or role:sysadmin"),
]
policy.get_enforcer().register_defaults(self.rules)
self.target = {}