Python oslo_policy.policy.DocumentedRuleDefault() Examples
The following are 28
code examples of oslo_policy.policy.DocumentedRuleDefault().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
oslo_policy.policy
, or try the search function
.
Example #1
Source File: test_sphinxext.py From oslo.policy with Apache License 2.0 | 6 votes |
def test_with_operations(self): results = '\n'.join(list(sphinxext._format_policy_section( 'foo', [policy.DocumentedRuleDefault( 'rule_a', '@', 'My sample rule', [ {'method': 'GET', 'path': '/foo'}, {'method': 'POST', 'path': '/some'}])] ))) self.assertEqual(textwrap.dedent(""" foo === ``rule_a`` :Default: ``@`` :Operations: - **GET** ``/foo`` - **POST** ``/some`` My sample rule """).lstrip(), results)
Example #2
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 6 votes |
def test_deprecated_policy_must_include_deprecated_since(self): deprecated_rule = policy.DeprecatedRule( name='foo:bar', check_str='rule:baz' ) self.assertRaises( ValueError, policy.DocumentedRuleDefault, name='foo:bar', check_str='rule:baz', description='Create a foo.', operations=[{'path': '/v1/foos/', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='Some reason.' )
Example #3
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 6 votes |
def test_suppress_default_change_warnings_flag_not_log_warning(self): deprecated_rule = policy.DeprecatedRule( name='foo:create_bar', check_str='role:fizz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:bang', description='Create a bar.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"role:bang" is a better default', deprecated_since='N' )] enforcer = policy.Enforcer(self.conf) enforcer.suppress_default_change_warnings = True enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_not_called()
Example #4
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 6 votes |
def test_deprecate_name_suppress_does_not_log_warning(self): deprecated_rule = policy.DeprecatedRule( name='foo:bar', check_str='role:baz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:baz', description='Create a bar.', operations=[{'path': '/v1/bars/', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"foo:bar" is not granular enough.', deprecated_since='N' )] rules = jsonutils.dumps({'foo:bar': 'role:bang'}) self.create_config_file('policy.json', rules) enforcer = policy.Enforcer(self.conf) enforcer.suppress_deprecation_warnings = True enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_not_called()
Example #5
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 6 votes |
def test_deprecate_check_str_suppress_does_not_log_warning(self): deprecated_rule = policy.DeprecatedRule( name='foo:create_bar', check_str='role:fizz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:bang', description='Create a bar.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"role:bang" is a better default', deprecated_since='N' )] enforcer = policy.Enforcer(self.conf) enforcer.suppress_deprecation_warnings = True enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_not_called()
Example #6
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 6 votes |
def test_deprecate_a_policy_for_removal_does_not_log_warning(self): # We should only log a warning for operators if they are supplying an # override for a policy that is deprecated for removal. rule_list = [policy.DocumentedRuleDefault( name='foo:bar', check_str='role:baz', description='Create a foo.', operations=[{'path': '/v1/foos/', 'method': 'POST'}], deprecated_for_removal=True, deprecated_reason=( '"foo:bar" is no longer a policy used by the service' ), deprecated_since='N' )] enforcer = policy.Enforcer(self.conf) enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_not_called()
Example #7
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 6 votes |
def test_deprecate_a_policy_for_removal_logs_warning_when_overridden(self): rule_list = [policy.DocumentedRuleDefault( name='foo:bar', check_str='role:baz', description='Create a foo.', operations=[{'path': '/v1/foos/', 'method': 'POST'}], deprecated_for_removal=True, deprecated_reason=( '"foo:bar" is no longer a policy used by the service' ), deprecated_since='N' )] expected_msg = ( 'Policy "foo:bar":"role:baz" was deprecated for removal in N. ' 'Reason: "foo:bar" is no longer a policy used by the service. Its ' 'value may be silently ignored in the future.' ) rules = jsonutils.dumps({'foo:bar': 'role:bang'}) self.create_config_file('policy.json', rules) enforcer = policy.Enforcer(self.conf) enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_called_once_with(expected_msg)
Example #8
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_operation_must_have_path(self): invalid_op = [{'method': 'POST'}] self.assertRaises(policy.InvalidRuleDefault, policy.DocumentedRuleDefault, name='foo', check_str='rule:foo', description='foo_api', operations=invalid_op)
Example #9
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_operation_must_contain_method_and_path_only(self): invalid_op = [{'path': '/some/path/', 'method': 'GET', 'break': 'me'}] self.assertRaises(policy.InvalidRuleDefault, policy.DocumentedRuleDefault, name='foo', check_str='rule:foo', description='foo_api', operations=invalid_op)
Example #10
Source File: test_generator.py From oslo.policy with Apache License 2.0 | 5 votes |
def setUp(self): super(UpgradePolicyTestCase, self).setUp() policy_json_contents = jsonutils.dumps({ "deprecated_name": "rule:admin" }) self.create_config_file('policy.json', policy_json_contents) deprecated_policy = policy.DeprecatedRule( name='deprecated_name', check_str='rule:admin' ) self.new_policy = policy.DocumentedRuleDefault( name='new_policy_name', check_str='rule:admin', description='test_policy', operations=[{'path': '/test', 'method': 'GET'}], deprecated_rule=deprecated_policy, deprecated_reason='test', deprecated_since='Stein' ) self.extensions = [] ext = stevedore.extension.Extension(name='test_upgrade', entry_point=None, plugin=None, obj=[self.new_policy]) self.extensions.append(ext) # Just used for cli opt parsing self.local_conf = cfg.ConfigOpts()
Example #11
Source File: policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def __init__(self, name, check_str, description, operations, deprecated_rule=None, deprecated_for_removal=False, deprecated_reason=None, deprecated_since=None, scope_types=None): super(DocumentedRuleDefault, self).__init__( name, check_str, description, deprecated_rule=deprecated_rule, deprecated_for_removal=deprecated_for_removal, deprecated_reason=deprecated_reason, deprecated_since=deprecated_since, scope_types=scope_types ) self.operations = operations
Example #12
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_operation_must_be_list_of_dicts(self): invalid_op = ['invalid_op'] self.assertRaises(policy.InvalidRuleDefault, policy.DocumentedRuleDefault, name='foo', check_str='rule:foo', description='foo_api', operations=invalid_op)
Example #13
Source File: generator.py From oslo.policy with Apache License 2.0 | 5 votes |
def _format_rule_default_json(default): """Create a json node from policy.RuleDefault or policy.DocumentedRuleDefault. :param default: A policy.RuleDefault or policy.DocumentedRuleDefault object :returns: A string containing a json representation of the RuleDefault """ return ('"%(name)s": "%(check_str)s"' % {'name': default.name, 'check_str': default.check_str})
Example #14
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_operation_must_be_list(self): invalid_op = 'invalid_op' self.assertRaises(policy.InvalidRuleDefault, policy.DocumentedRuleDefault, name='foo', check_str='rule:foo', description='foo_api', operations=invalid_op)
Example #15
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_operation_not_empty_list(self): invalid_op = [] self.assertRaises(policy.InvalidRuleDefault, policy.DocumentedRuleDefault, name='foo', check_str='rule:foo', description='foo_api', operations=invalid_op)
Example #16
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_description_not_empty(self): invalid_desc = '' self.assertRaises(policy.InvalidRuleDefault, policy.DocumentedRuleDefault, name='foo', check_str='rule:foo', description=invalid_desc, operations=[{'path': '/foo/', 'method': 'GET'}])
Example #17
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_contain_operations(self): opt = policy.DocumentedRuleDefault( name='foo', check_str='rule:foo', description='foo_api', operations=[{'path': '/foo/', 'method': 'GET'}]) self.assertEqual(1, len(opt.operations))
Example #18
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_enforce_new_defaults_no_old_check_string(self): self.conf.set_override('enforce_new_defaults', True, group='oslo_policy') deprecated_rule = policy.DeprecatedRule( name='foo:create_bar', check_str='role:fizz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:bang', description='Create a bar.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"role:bang" is a better default', deprecated_since='N' )] enforcer = policy.Enforcer(self.conf) enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_not_called() self.assertTrue( enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}) ) self.assertFalse( enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}) ) self.assertFalse( enforcer.enforce('foo:create_bar', {}, {'roles': ['baz']}) )
Example #19
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_override_deprecated_policy_with_new_rule(self): # Simulate an operator overriding a deprecated policy with a reference # to the new policy, as done by the sample policy generator. rules = jsonutils.dumps({'old_rule': 'rule:new_rule'}) self.create_config_file('policy.json', rules) # Deprecate the policy name in favor of something better. deprecated_rule = policy.DeprecatedRule( name='old_rule', check_str='role:bang' ) rule_list = [policy.DocumentedRuleDefault( name='new_rule', check_str='role:bang', description='Replacement for old_rule.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"old_rule" is a bad name', deprecated_since='N' )] self.enforcer.register_defaults(rule_list) # Make sure the override supplied by the operator using the old policy # name is used in favor of the old or new default. self.assertFalse( self.enforcer.enforce('new_rule', {}, {'roles': ['fizz']}) ) self.assertTrue( self.enforcer.enforce('new_rule', {}, {'roles': ['bang']}) ) # Verify that we didn't overwrite the new rule. self.assertEqual('bang', self.enforcer.rules['new_rule'].match)
Example #20
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_override_deprecated_policy_with_new_name(self): # Simulate an operator overriding a policy using the new policy name rules = jsonutils.dumps({'foo:create_bar': 'role:bazz'}) self.create_config_file('policy.json', rules) # Deprecate the policy name and check string in favor of something # better. deprecated_rule = policy.DeprecatedRule( name='foo:bar', check_str='role:fizz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:bang', description='Create a bar.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"role:bang" is a better default', deprecated_since='N' )] self.enforcer.register_defaults(rule_list) # Make sure the override supplied by the operator is being used in # place of either default value. self.assertFalse( self.enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}) ) self.assertFalse( self.enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}) ) self.assertTrue( self.enforcer.enforce('foo:create_bar', {}, {'roles': ['bazz']}) )
Example #21
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_deprecated_policy_must_include_deprecated_reason(self): self.assertRaises( ValueError, policy.DocumentedRuleDefault, name='foo:bar', check_str='rule:baz', description='Create a foo.', operations=[{'path': '/v1/foos/', 'method': 'POST'}], deprecated_for_removal=True, deprecated_since='N' )
Example #22
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_deprecated_rule_requires_deprecated_rule_object(self): self.assertRaises( ValueError, policy.DocumentedRuleDefault, name='foo:bar', check_str='rule:baz', description='Create a foo.', operations=[{'path': '/v1/foos/', 'method': 'POST'}], deprecated_rule='foo:bar', deprecated_reason='Some reason.' )
Example #23
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_deprecated_policy_for_removal_must_include_deprecated_since(self): self.assertRaises( ValueError, policy.DocumentedRuleDefault, name='foo:bar', check_str='rule:baz', description='Create a foo.', operations=[{'path': '/v1/foos/', 'method': 'POST'}], deprecated_for_removal=True, deprecated_reason='Some reason.' )
Example #24
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_deprecate_an_empty_policy_check_string(self): deprecated_rule = policy.DeprecatedRule( name='foo:create_bar', check_str='' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:bang', description='Create a bar.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='because of reasons', deprecated_since='N' )] enforcer = policy.Enforcer(self.conf) enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_called_once() enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}, do_raise=True) enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}, do_raise=True)
Example #25
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_deprecate_a_policy_check_string(self): deprecated_rule = policy.DeprecatedRule( name='foo:create_bar', check_str='role:fizz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:bang', description='Create a bar.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"role:bang" is a better default', deprecated_since='N' )] enforcer = policy.Enforcer(self.conf) enforcer.register_defaults(rule_list) expected_msg = ( 'Policy "foo:create_bar":"role:fizz" was deprecated in N in favor ' 'of "foo:create_bar":"role:bang". Reason: "role:bang" is a better ' 'default. Either ensure your deployment is ready for the new ' 'default or copy/paste the deprecated policy into your policy ' 'file and maintain it manually.' ) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules() mock_warn.assert_called_once_with(expected_msg) self.assertTrue( enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}) ) self.assertTrue( enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}) ) self.assertFalse( enforcer.enforce('foo:create_bar', {}, {'roles': ['baz']}) )
Example #26
Source File: test_sphinxext.py From oslo.policy with Apache License 2.0 | 5 votes |
def test_with_scope_types(self): operations = [ {'method': 'GET', 'path': '/foo'}, {'method': 'POST', 'path': '/some'} ] scope_types = ['bar'] rule = policy.DocumentedRuleDefault( 'rule_a', '@', 'My sample rule', operations, scope_types=scope_types ) results = '\n'.join(list(sphinxext._format_policy_section( 'foo', [rule] ))) self.assertEqual(textwrap.dedent(""" foo === ``rule_a`` :Default: ``@`` :Operations: - **GET** ``/foo`` - **POST** ``/some`` :Scope Types: - **bar** My sample rule """).lstrip(), results)
Example #27
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 4 votes |
def test_override_both_new_and_old_policy(self): # Simulate an operator overriding a policy using both the the new and # old policy names. The following doesn't make a whole lot of sense # because the overrides are conflicting, but we want to make sure that # oslo.policy uses foo:create_bar instead of foo:bar. rules_dict = { 'foo:create_bar': 'role:bazz', 'foo:bar': 'role:wee' } rules = jsonutils.dumps(rules_dict) self.create_config_file('policy.json', rules) # Deprecate the policy name and check string in favor of something # better. deprecated_rule = policy.DeprecatedRule( name='foo:bar', check_str='role:fizz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:bang', description='Create a bar.', operations=[{'path': '/v1/bars', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason='"role:bang" is a better default', deprecated_since='N' )] self.enforcer.register_defaults(rule_list) # The default check string for the old policy name foo:bar should fail self.assertFalse( self.enforcer.enforce('foo:create_bar', {}, {'roles': ['fizz']}) ) # The default check string for the new policy name foo:create_bar # should fail self.assertFalse( self.enforcer.enforce('foo:create_bar', {}, {'roles': ['bang']}) ) # The override for the old policy name foo:bar should fail self.assertFalse( self.enforcer.enforce('foo:create_bar', {}, {'roles': ['wee']}) ) # The override for foo:create_bar should pass self.assertTrue( self.enforcer.enforce('foo:create_bar', {}, {'roles': ['bazz']}) )
Example #28
Source File: test_policy.py From oslo.policy with Apache License 2.0 | 4 votes |
def test_deprecate_a_policy_name(self): deprecated_rule = policy.DeprecatedRule( name='foo:bar', check_str='role:baz' ) rule_list = [policy.DocumentedRuleDefault( name='foo:create_bar', check_str='role:baz', description='Create a bar.', operations=[{'path': '/v1/bars/', 'method': 'POST'}], deprecated_rule=deprecated_rule, deprecated_reason=( '"foo:bar" is not granular enough. If your deployment has ' 'overridden "foo:bar", ensure you override the new policies ' 'with same role or rule. Not doing this will require the ' 'service to assume the new defaults for "foo:bar:create", ' '"foo:bar:update", "foo:bar:list", and "foo:bar:delete", ' 'which might be backwards incompatible for your deployment' ), deprecated_since='N' )] expected_msg = ( 'Policy "foo:bar":"role:baz" was deprecated in N in favor of ' '"foo:create_bar":"role:baz". Reason: "foo:bar" is not granular ' 'enough. If your deployment has overridden "foo:bar", ensure you ' 'override the new policies with same role or rule. Not doing this ' 'will require the service to assume the new defaults for ' '"foo:bar:create", "foo:bar:update", "foo:bar:list", and ' '"foo:bar:delete", which might be backwards incompatible for your ' 'deployment. Either ensure your deployment is ready for the new ' 'default or copy/paste the deprecated policy into your policy ' 'file and maintain it manually.' ) rules = jsonutils.dumps({'foo:bar': 'role:bang'}) self.create_config_file('policy.json', rules) enforcer = policy.Enforcer(self.conf) enforcer.register_defaults(rule_list) with mock.patch('warnings.warn') as mock_warn: enforcer.load_rules(True) mock_warn.assert_called_once_with(expected_msg)