当前位置: 首页>>代码示例>>Python>>正文


Python policy.json方法代码示例

本文整理汇总了Python中oslo_policy.policy.json方法的典型用法代码示例。如果您正苦于以下问题:Python policy.json方法的具体用法?Python policy.json怎么用?Python policy.json使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在oslo_policy.policy的用法示例。


在下文中一共展示了policy.json方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _add_policy_rules

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def _add_policy_rules(self, property_exp, action, rule):
        """Add policy rules to the policy enforcer.

        For example, if the file listed as property_protection_file has:
        [prop_a]
        create = searchlight_creator
        then the corresponding policy rule would be:
        "prop_a:create": "rule:searchlight_creator"
        where searchlight_creator is defined in policy.json or policy.yaml.
        For example:
        "searchlight_creator": "role:admin or role:searchlight_create_user"
        """
        rule = "rule:%s" % rule
        rule_name = "%s:%s" % (property_exp, action)
        rule_dict = policy.Rules.from_dict({
            rule_name: rule
        })
        self.policy_enforcer.add_rules(rule_dict) 
开发者ID:openstack,项目名称:searchlight,代码行数:20,代码来源:property_utils.py

示例2: test_should_raise_decrypt_secret_with_project_access_disabled

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_should_raise_decrypt_secret_with_project_access_disabled(self):
        """Should raise authz error as secret is marked private.

        As secret is private so project users should not be able to access
        the secret. Admin project user can still access it.
        """
        self.acl_list.pop()  # remove read acl from default setup
        acl_read = models.SecretACL(secret_id=self.secret_id, operation='read',
                                    project_access=False,
                                    user_ids=['anyRandomUserX', 'aclUser1'])
        self.acl_list.append(acl_read)
        self._assert_fail_rbac(['observer', 'creator', 'audit'],
                               self._invoke_on_get,
                               accept='notjsonaccepttype',
                               content_type='application/json',
                               user_id=self.user_id,
                               project_id=self.external_project_id) 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:19,代码来源:test_resources_policy.py

示例3: test_pass_decrypt_secret_for_admin_user_project_access_disabled

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_pass_decrypt_secret_for_admin_user_project_access_disabled(self):
        """Should pass authz for admin role user as secret is marked private.

        Even when secret is private, admin user should still have access to
        the secret.
        """
        self.acl_list.pop()  # remove read acl from default setup
        acl_read = models.SecretACL(secret_id=self.secret_id, operation='read',
                                    project_access=False,
                                    user_ids=['anyRandomUserX', 'aclUser1'])
        self.acl_list.append(acl_read)
        self._assert_pass_rbac(['admin'],
                               self._invoke_on_get,
                               accept='notjsonaccepttype',
                               content_type='application/json',
                               user_id=self.user_id,
                               project_id=self.external_project_id) 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:19,代码来源:test_resources_policy.py

示例4: test_should_raise_decrypt_secret_for_with_project_access_nolist

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_should_raise_decrypt_secret_for_with_project_access_nolist(self):
        """Should raise authz error as secret is marked private.

        As secret is private so project users should not be able to access
        the secret.  This test passes user_ids as empty list, which is a
        valid and common case. Admin project user can still access it.
        """
        self.acl_list.pop()  # remove read acl from default setup
        acl_read = models.SecretACL(secret_id=self.secret_id, operation='read',
                                    project_access=False,
                                    user_ids=[])
        self.acl_list.append(acl_read)
        self._assert_fail_rbac(['observer', 'creator', 'audit'],
                               self._invoke_on_get,
                               accept='notjsonaccepttype',
                               content_type='application/json',
                               user_id=self.user_id,
                               project_id=self.external_project_id) 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:20,代码来源:test_resources_policy.py

示例5: test_should_pass_decrypt_secret_private_enabled_with_read_acl

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_should_pass_decrypt_secret_private_enabled_with_read_acl(self):
        """Should pass authz as user has read acl for private secret.

        Even though secret is private, user with read acl should be able to
        access the secret.
        """
        self.acl_list.pop()  # remove read acl from default setup
        acl_read = models.SecretACL(secret_id=self.secret_id, operation='read',
                                    project_access=False,
                                    user_ids=['anyRandomUserX', 'aclUser1'])
        self.acl_list.append(acl_read)
        self._assert_pass_rbac(['admin', 'observer', 'creator', 'audit',
                                'bogusRole'],
                               self._invoke_on_get,
                               accept='notjsonaccepttype',
                               content_type='application/json',
                               user_id='aclUser1',
                               project_id=self.external_project_id) 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:20,代码来源:test_resources_policy.py

示例6: test_fail_decrypt_secret_for_creator_user_with_different_project

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_fail_decrypt_secret_for_creator_user_with_different_project(self):
        """Check for creator user rule for secret decrypt/get call.

        If token's user is creator of secret but its scoped to different
        project, then he/she is not allowed access to secret when project
        is marked private.
        """
        self.acl_list.pop()  # remove read acl from default setup
        acl_read = models.SecretACL(secret_id=self.secret_id,
                                    operation='write',
                                    project_access=True,
                                    user_ids=['anyRandomUserX', 'aclUser1'])
        self.acl_list.append(acl_read)
        self.resource.controller.secret.creator_id = 'creatorUserX'
        # token user is creator but scoped to project different from secret
        # project so don't allow decrypt secret call to creator of that secret
        self._assert_fail_rbac(['admin', 'observer', 'creator', 'audit',
                                'bogusRole'],
                               self._invoke_on_get,
                               accept='notjsonaccepttype',
                               content_type='application/json',
                               user_id='creatorUserX',
                               project_id='different_project_id') 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:25,代码来源:test_resources_policy.py

示例7: get_enforcer

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def get_enforcer():
    # NOTE(amotoki): This was borrowed from nova/policy.py.
    # This method is for use by oslo.policy CLI scripts. Those scripts need the
    # 'output-file' and 'namespace' options, but having those in sys.argv means
    # loading the tacker config options will fail as those are not expected to
    # be present. So we pass in an arg list with those stripped out.
    conf_args = []
    # Start at 1 because cfg.CONF expects the equivalent of sys.argv[1:]
    i = 1
    while i < len(sys.argv):
        if sys.argv[i].strip('-') in ['namespace', 'output-file']:
            i += 2
            continue
        conf_args.append(sys.argv[i])
        i += 1

    # 'project' must be 'tacker' so that get_enforcer looks at
    # /etc/tacker/policy.json by default.
    cfg.CONF(conf_args, project='tacker')
    init()
    return _ENFORCER 
开发者ID:openstack,项目名称:tacker,代码行数:23,代码来源:policy.py

示例8: test_load_directory_caching_with_files_same

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_load_directory_caching_with_files_same(self, overwrite=True):
        self.enforcer.overwrite = overwrite

        self.create_config_file(
            os.path.join('policy.d', 'a.conf'), POLICY_A_CONTENTS)

        self.enforcer.load_rules(False)
        self.assertIsNotNone(self.enforcer.rules)

        old = six.next(six.itervalues(
            self.enforcer._policy_dir_mtimes))
        self.assertEqual(1, len(self.enforcer._policy_dir_mtimes))

        self.enforcer.load_rules(False)
        self.assertEqual(1, len(self.enforcer._policy_dir_mtimes))
        self.assertEqual(old, six.next(six.itervalues(
            self.enforcer._policy_dir_mtimes)))

        loaded_rules = jsonutils.loads(str(self.enforcer.rules))
        self.assertEqual('is_admin:True', loaded_rules['admin'])
        self.check_loaded_files([
            'policy.json',
            os.path.join('policy.d', 'a.conf'),
        ]) 
开发者ID:openstack,项目名称:oslo.policy,代码行数:26,代码来源:test_policy.py

示例9: test_deprecate_a_policy_for_removal_logs_warning_when_overridden

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_deprecate_a_policy_for_removal_logs_warning_when_overridden(self):
        rule_list = [policy.DocumentedRuleDefault(
            name='foo:bar',
            check_str='role:baz',
            description='Create a foo.',
            operations=[{'path': '/v1/foos/', 'method': 'POST'}],
            deprecated_for_removal=True,
            deprecated_reason=(
                '"foo:bar" is no longer a policy used by the service'
            ),
            deprecated_since='N'
        )]
        expected_msg = (
            'Policy "foo:bar":"role:baz" was deprecated for removal in N. '
            'Reason: "foo:bar" is no longer a policy used by the service. Its '
            'value may be silently ignored in the future.'
        )
        rules = jsonutils.dumps({'foo:bar': 'role:bang'})
        self.create_config_file('policy.json', rules)
        enforcer = policy.Enforcer(self.conf)
        enforcer.register_defaults(rule_list)

        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_called_once_with(expected_msg) 
开发者ID:openstack,项目名称:oslo.policy,代码行数:27,代码来源:test_policy.py

示例10: test_deprecate_name_suppress_does_not_log_warning

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_deprecate_name_suppress_does_not_log_warning(self):
        deprecated_rule = policy.DeprecatedRule(
            name='foo:bar',
            check_str='role:baz'
        )

        rule_list = [policy.DocumentedRuleDefault(
            name='foo:create_bar',
            check_str='role:baz',
            description='Create a bar.',
            operations=[{'path': '/v1/bars/', 'method': 'POST'}],
            deprecated_rule=deprecated_rule,
            deprecated_reason='"foo:bar" is not granular enough.',
            deprecated_since='N'
        )]

        rules = jsonutils.dumps({'foo:bar': 'role:bang'})
        self.create_config_file('policy.json', rules)
        enforcer = policy.Enforcer(self.conf)
        enforcer.suppress_deprecation_warnings = True
        enforcer.register_defaults(rule_list)

        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_not_called() 
开发者ID:openstack,项目名称:oslo.policy,代码行数:27,代码来源:test_policy.py

示例11: test_deprecate_for_removal_suppress_does_not_log_warning

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_deprecate_for_removal_suppress_does_not_log_warning(self):
        rule_list = [policy.DocumentedRuleDefault(
            name='foo:bar',
            check_str='role:baz',
            description='Create a foo.',
            operations=[{'path': '/v1/foos/', 'method': 'POST'}],
            deprecated_for_removal=True,
            deprecated_reason=(
                '"foo:bar" is no longer a policy used by the service'
            ),
            deprecated_since='N'
        )]
        rules = jsonutils.dumps({'foo:bar': 'role:bang'})
        self.create_config_file('policy.json', rules)
        enforcer = policy.Enforcer(self.conf)
        enforcer.suppress_deprecation_warnings = True
        enforcer.register_defaults(rule_list)

        with mock.patch('warnings.warn') as mock_warn:
            enforcer.load_rules()
            mock_warn.assert_not_called() 
开发者ID:openstack,项目名称:oslo.policy,代码行数:23,代码来源:test_policy.py

示例12: get_enforcer

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def get_enforcer():
    # NOTE(amotoki): This was borrowed from nova/policy.py.
    # This method is for use by oslo.policy CLI scripts. Those scripts need the
    # 'output-file' and 'namespace' options, but having those in sys.argv means
    # loading the neutron config options will fail as those are not expected to
    # be present. So we pass in an arg list with those stripped out.
    conf_args = []
    # Start at 1 because cfg.CONF expects the equivalent of sys.argv[1:]
    i = 1
    while i < len(sys.argv):
        if sys.argv[i].strip('-') in ['namespace', 'output-file']:
            i += 2
            continue
        conf_args.append(sys.argv[i])
        i += 1

    # 'project' must be 'neutron' so that get_enforcer looks at
    # /etc/neutron/policy.json by default.
    cfg.CONF(conf_args, project='neutron')
    init()
    return _ROLE_ENFORCER 
开发者ID:openstack,项目名称:neutron-lib,代码行数:23,代码来源:_engine.py

示例13: test_should_pass_create_secret

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_should_pass_create_secret(self):
        self._assert_pass_rbac(['admin', 'creator'], self._invoke_on_post,
                               content_type='application/json') 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:5,代码来源:test_resources_policy.py

示例14: test_should_raise_create_secret

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_should_raise_create_secret(self):
        self._assert_fail_rbac([None, 'audit', 'observer', 'bogus'],
                               self._invoke_on_post,
                               content_type='application/json') 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:6,代码来源:test_resources_policy.py

示例15: test_should_pass_get_secrets

# 需要导入模块: from oslo_policy import policy [as 别名]
# 或者: from oslo_policy.policy import json [as 别名]
def test_should_pass_get_secrets(self):
        self._assert_pass_rbac(['admin', 'observer', 'creator'],
                               self._invoke_on_get,
                               content_type='application/json') 
开发者ID:cloud-security-research,项目名称:sgx-kms,代码行数:6,代码来源:test_resources_policy.py


注:本文中的oslo_policy.policy.json方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。