当前位置: 首页>>代码示例>>Python>>正文


Python policy.RuleDefault方法代码示例

本文整理汇总了Python中oslo_policy.policy.RuleDefault方法的典型用法代码示例。如果您正苦于以下问题:Python policy.RuleDefault方法的具体用法?Python policy.RuleDefault怎么用?Python policy.RuleDefault使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在oslo_policy.policy的用法示例。


在下文中一共展示了policy.RuleDefault方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: test_modified_policy_reloads

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
        with tempfile.NamedTemporaryFile(mode='w', delete=True) as tmp:
            self.conf.load_raw_values(
                group='oslo_policy', policy_file=tmp.name)

            tmp.write('{"example:test": ""}')
            tmp.flush()

            self.context = context.Context('fake', 'fake')

            rule = oslo_policy.RuleDefault('example:test', "")
            policy.get_enforcer().register_defaults([rule])

            action = "example:test"
            policy.get_enforcer().authorize(action, self.target, self.context)

            tmp.seek(0)
            tmp.write('{"example:test": "!"}')
            tmp.flush()
            policy.get_enforcer().load_rules(True)
            self.assertRaises(exceptions.PolicyForbidden,
                              policy.get_enforcer().authorize,
                              action, self.target, self.context) 
开发者ID:openstack,项目名称:octavia,代码行数:25,代码来源:test_policy.py

示例2: setUp

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
        super(PolicyTestCase, self).setUp()
        rules = [
            common_policy.RuleDefault("true", '@'),
            common_policy.RuleDefault("test:allowed", '@'),
            common_policy.RuleDefault("test:denied", "!"),
            common_policy.RuleDefault("test:my_file",
                                      "role:compute_admin or "
                                      "project_id:%(project_id)s"),
            common_policy.RuleDefault("test:early_and_fail", "! and @"),
            common_policy.RuleDefault("test:early_or_success", "@ or !"),
            common_policy.RuleDefault("test:lowercase_admin",
                                      "role:admin"),
            common_policy.RuleDefault("test:uppercase_admin",
                                      "role:ADMIN"),
        ]
        policy.reset()
        policy.init()
        # before a policy rule can be used, its default has to be registered.
        policy._ENFORCER.register_defaults(rules)
        self.context = context.RequestContext('fake', 'fake', roles=['member'])
        self.target = {}
        self.addCleanup(policy.reset) 
开发者ID:openstack,项目名称:manila,代码行数:25,代码来源:test_policy.py

示例3: test_modified_policy_reloads

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')

            self.flags(policy_file=tmpfilename, group='oslo_policy')

            # NOTE(Dinesh_Bhor): context construction invokes policy check to
            # determine is_admin or not. As a side-effect, policy reset is
            # needed here to flush existing policy cache.
            policy.reset()
            policy.init()
            rule = oslo_policy.RuleDefault('example:test', "")
            policy._ENFORCER.register_defaults([rule])

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": ""}')
            policy.authorize(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": "!"}')
            policy._ENFORCER.load_rules(True)
            self.assertRaises(exception.PolicyNotAuthorized, policy.authorize,
                              self.context, action, self.target) 
开发者ID:openstack,项目名称:masakari,代码行数:25,代码来源:test_policy.py

示例4: setUp

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
        super(PolicyTestCase, self).setUp()
        rules = [
            oslo_policy.RuleDefault("true", '@'),
            oslo_policy.RuleDefault("example:allowed", '@'),
            oslo_policy.RuleDefault("example:denied", "!"),
            oslo_policy.RuleDefault("example:get_http",
                                    "http://www.example.com"),
            oslo_policy.RuleDefault("example:my_file",
                                    "role:compute_admin or "
                                    "project_id:%(project_id)s"),
            oslo_policy.RuleDefault("example:early_and_fail", "! and @"),
            oslo_policy.RuleDefault("example:early_or_success", "@ or !"),
            oslo_policy.RuleDefault("example:lowercase_admin",
                                    "role:admin or role:sysadmin"),
            oslo_policy.RuleDefault("example:uppercase_admin",
                                    "role:ADMIN or role:sysadmin"),
        ]
        policy.reset()
        policy.init()
        # before a policy rule can be used, its default has to be registered.
        policy._ENFORCER.register_defaults(rules)
        self.context = context.RequestContext('fake', 'fake', roles=['member'])
        self.target = {} 
开发者ID:openstack,项目名称:masakari,代码行数:26,代码来源:test_policy.py

示例5: test_modified_policy_reloads

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')
            self.fixture.config(policy_file=tmpfilename, group='oslo_policy')
            rule = oslo_policy.RuleDefault('example:test', "")
            policy.reset()
            policy.init()
            policy._ENFORCER.register_defaults([rule])

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": ""}')
            policy.authorize(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": "!"}')
            policy._ENFORCER.load_rules(True)
            self.assertRaises(policy.PolicyNotAuthorized,
                              policy.authorize,
                              self.context, action, self.target) 
开发者ID:openstack,项目名称:cloudkitty,代码行数:21,代码来源:test_policy.py

示例6: setUp

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
        super(PolicyTestCase, self).setUp()
        rules = [
            oslo_policy.RuleDefault("true", '@'),
            oslo_policy.RuleDefault("test:allowed", '@'),
            oslo_policy.RuleDefault("test:denied", "!"),
            oslo_policy.RuleDefault("test:early_and_fail", "! and @"),
            oslo_policy.RuleDefault("test:early_or_success", "@ or !"),
            oslo_policy.RuleDefault("test:lowercase_admin",
                                    "role:admin"),
            oslo_policy.RuleDefault("test:uppercase_admin",
                                    "role:ADMIN"),
        ]
        CONF(args=[], project='cloudkitty', default_config_files=[])
        # before a policy rule can be used, its default has to be registered.
        policy.reset()
        policy.init()
        policy._ENFORCER.register_defaults(rules)
        self.context = context.RequestContext(user_id='fake',
                                              project_id='fake',
                                              roles=['member'])
        self.target = {}
        self.addCleanup(policy.reset) 
开发者ID:openstack,项目名称:cloudkitty,代码行数:25,代码来源:test_policy.py

示例7: test_modified_policy_reloads

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
        tmp_file = \
            self.create_tempfiles(files=[('policies', '{}')], ext='.yaml')[0]
        base.BaseTestCase.conf_override(policy_file=tmp_file,
                                        group='oslo_policy')

        policy_engine.reset()
        policy_engine.init()

        action = 'example:test'
        rule = os_policy.RuleDefault(action, '')
        policy_engine._ENFORCER.register_defaults([rule])

        with open(tmp_file, 'w') as policy_file:
            policy_file.write('{"example:test": ""}')
        policy_engine.authorize(self.context, action, self.target)

        with open(tmp_file, 'w') as policy_file:
            policy_file.write('{"example:test": "!"}')
        policy_engine._ENFORCER.load_rules(True)
        self.assertRaises(os_policy.PolicyNotAuthorized,
                          policy_engine.authorize,
                          self.context, action, self.target) 
开发者ID:openstack,项目名称:monasca-api,代码行数:25,代码来源:test_policy.py

示例8: test_modified_policy_reloads

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
        tmp_file = \
            self.create_tempfiles(files=[('policies', '{}')], ext='.yaml')[0]
        base.BaseTestCase.conf_override(policy_file=tmp_file,
                                        group='oslo_policy')

        policy.reset()
        policy.init()
        action = 'example:test'
        rule = os_policy.RuleDefault(action, '')
        policy._ENFORCER.register_defaults([rule])

        with open(tmp_file, 'w') as policy_file:
            policy_file.write('{"example:test": ""}')
        policy.authorize(self.context, action, self.target)

        with open(tmp_file, 'w') as policy_file:
            policy_file.write('{"example:test": "!"}')
        policy._ENFORCER.load_rules(True)
        self.assertRaises(os_policy.PolicyNotAuthorized, policy.authorize,
                          self.context, action, self.target) 
开发者ID:openstack,项目名称:monasca-api,代码行数:23,代码来源:test_policy.py

示例9: _test_scenario_with_opts_registered

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def _test_scenario_with_opts_registered(self, scenario, *args, **kwargs):
        # This test registers some rules, calls the scenario and then checks
        # the registered rules. The scenario should be a method which loads
        # policy files containing POLICY_*_CONTENTS defined above. They should
        # be loaded on the self.enforcer object.

        # This should be overridden by the policy file
        self.enforcer.register_default(policy.RuleDefault(name='admin',
                                       check_str='is_admin:False'))
        # This is not in the policy file, only registered
        self.enforcer.register_default(policy.RuleDefault(name='owner',
                                       check_str='role:owner'))

        scenario(*args, **kwargs)

        self.assertIn('owner', self.enforcer.rules)
        self.assertEqual('role:owner', str(self.enforcer.rules['owner']))
        self.assertEqual('is_admin:True', str(self.enforcer.rules['admin']))
        self.assertIn('owner', self.enforcer.registered_rules)
        self.assertIn('admin', self.enforcer.registered_rules)
        self.assertNotIn('default', self.enforcer.registered_rules)
        self.assertNotIn('owner', self.enforcer.file_rules)
        self.assertIn('admin', self.enforcer.file_rules)
        self.assertIn('default', self.enforcer.file_rules) 
开发者ID:openstack,项目名称:oslo.policy,代码行数:26,代码来源:test_policy.py

示例10: test_enforcer_keep_use_conf_flag_after_reload_opts_registered

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_enforcer_keep_use_conf_flag_after_reload_opts_registered(self):
        # This test does not use _test_scenario_with_opts_registered because
        # it loads all rules and then dumps them to a policy file and reloads.
        # That breaks the ability to differentiate between registered and file
        # loaded policies.

        # This should be overridden by the policy file
        self.enforcer.register_default(policy.RuleDefault(name='admin',
                                       check_str='is_admin:False'))
        # This is not in the policy file, only registered
        self.enforcer.register_default(policy.RuleDefault(name='owner',
                                       check_str='role:owner'))

        self.test_enforcer_keep_use_conf_flag_after_reload()

        self.assertIn('owner', self.enforcer.rules)
        self.assertEqual('role:owner', str(self.enforcer.rules['owner']))
        self.assertEqual('is_admin:True', str(self.enforcer.rules['admin'])) 
开发者ID:openstack,项目名称:oslo.policy,代码行数:20,代码来源:test_policy.py

示例11: test_enforcer_raises_invalid_scope_with_system_scope_type

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_enforcer_raises_invalid_scope_with_system_scope_type(self):
        self.conf.set_override('enforce_scope', True, group='oslo_policy')
        rule = policy.RuleDefault(
            name='fake_rule', check_str='role:test', scope_types=['system']
        )
        self.enforcer.register_default(rule)

        # model a domain-scoped token, which should fail enforcement
        ctx = context.RequestContext(domain_id='fake')
        target_dict = {}
        self.assertRaises(
            policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
            target_dict, ctx
        )

        # model a project-scoped token, which should fail enforcement
        ctx = context.RequestContext(project_id='fake')
        self.assertRaises(
            policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
            target_dict, ctx
        ) 
开发者ID:openstack,项目名称:oslo.policy,代码行数:23,代码来源:test_policy.py

示例12: test_enforcer_raises_invalid_scope_with_domain_scope_type

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_enforcer_raises_invalid_scope_with_domain_scope_type(self):
        self.conf.set_override('enforce_scope', True, group='oslo_policy')
        rule = policy.RuleDefault(
            name='fake_rule', check_str='role:test', scope_types=['domain']
        )
        self.enforcer.register_default(rule)

        # model a system-scoped token, which should fail enforcement
        ctx = context.RequestContext(system_scope='all')
        target_dict = {}
        self.assertRaises(
            policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
            target_dict, ctx
        )

        # model a project-scoped token, which should fail enforcement
        ctx = context.RequestContext(project_id='fake')
        self.assertRaises(
            policy.InvalidScope, self.enforcer.enforce, 'fake_rule',
            target_dict, ctx
        ) 
开发者ID:openstack,项目名称:oslo.policy,代码行数:23,代码来源:test_policy.py

示例13: test_modified_policy_reloads

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def test_modified_policy_reloads(self):
        with utils.tempdir() as tmpdir:
            tmpfilename = os.path.join(tmpdir, 'policy')
            self.fixture.config(policy_file=tmpfilename, group='oslo_policy')
            policy.reset()
            policy.init()
            rule = oslo_policy.RuleDefault('example:test', "")
            policy._ENFORCER.register_defaults([rule])

            action = "example:test"
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": ""}')
            policy.authorize(self.context, action, self.target)
            with open(tmpfilename, "w") as policyfile:
                policyfile.write('{"example:test": "!"}')
            policy._ENFORCER.load_rules(True)
            self.assertRaises(exception.PolicyNotAuthorized,
                              policy.authorize,
                              self.context, action, self.target) 
开发者ID:openstack,项目名称:karbor,代码行数:21,代码来源:test_policy.py

示例14: setUp

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
        super(PolicyTestCase, self).setUp()
        rules = [
            oslo_policy.RuleDefault("true", '@'),
            oslo_policy.RuleDefault("test:allowed", '@'),
            oslo_policy.RuleDefault("test:denied", "!"),
            oslo_policy.RuleDefault("test:my_file",
                                    "role:compute_admin or "
                                    "project_id:%(project_id)s"),
            oslo_policy.RuleDefault("test:early_and_fail", "! and @"),
            oslo_policy.RuleDefault("test:early_or_success", "@ or !"),
            oslo_policy.RuleDefault("test:lowercase_admin",
                                    "role:admin"),
            oslo_policy.RuleDefault("test:uppercase_admin",
                                    "role:ADMIN"),
        ]
        policy.reset()
        policy.init()
        # before a policy rule can be used, its default has to be registered.
        policy._ENFORCER.register_defaults(rules)
        self.context = context.RequestContext('fake', 'fake', roles=['member'])
        self.target = {}
        self.addCleanup(policy.reset) 
开发者ID:openstack,项目名称:karbor,代码行数:25,代码来源:test_policy.py

示例15: setUp

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import RuleDefault [as 别名]
def setUp(self):
        super(PolicyTestCase, self).setUp()

        self.conf = self.useFixture(oslo_fixture.Config())
        # diltram: this one must be removed after fixing issue in oslo.config
        # https://bugs.launchpad.net/oslo.config/+bug/1645868
        self.conf.conf.__call__(args=[])
        policy.reset()
        self.context = context.Context('fake', 'fake', roles=['member'])

        self.rules = [
            oslo_policy.RuleDefault("true", "@"),
            oslo_policy.RuleDefault("example:allowed", "@"),
            oslo_policy.RuleDefault("example:denied", "!"),
            oslo_policy.RuleDefault("example:get_http",
                                    "http://www.example.com"),
            oslo_policy.RuleDefault("example:my_file",
                                    "role:compute_admin or "
                                    "project_id:%(project_id)s"),
            oslo_policy.RuleDefault("example:early_and_fail", "! and @"),
            oslo_policy.RuleDefault("example:early_or_success", "@ or !"),
            oslo_policy.RuleDefault("example:lowercase_admin",
                                    "role:admin or role:sysadmin"),
            oslo_policy.RuleDefault("example:uppercase_admin",
                                    "role:ADMIN or role:sysadmin"),
        ]
        policy.get_enforcer().register_defaults(self.rules)
        self.target = {} 
开发者ID:openstack,项目名称:octavia,代码行数:30,代码来源:test_policy.py


注:本文中的oslo_policy.policy.RuleDefault方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。