Merge "Make sure we pass context objects directly to policy enforcement"
This commit is contained in:
Zuul
Gerrit Code Review
commit
0868230f21
@ -79,7 +79,7 @@ def enforce(context, action, target):
|
||||
try:
|
||||
return _ENFORCER.enforce(action,
|
||||
target,
|
||||
context.to_policy_values(),
|
||||
context,
|
||||
do_raise=True,
|
||||
exc=exception.PolicyNotAuthorized,
|
||||
action=action)
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
import os.path
|
||||
from unittest import mock
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_config import fixture as config_fixture
|
||||
@ -156,3 +157,25 @@ class PolicyTestCase(test.TestCase):
|
||||
policy._ENFORCER.register_defaults([rule])
|
||||
|
||||
self.assertTrue(policy.enforce(project_context, 'foo', {}))
|
||||
|
||||
def test_enforce_passes_context_objects_to_enforcement(self):
|
||||
fake_context = context.RequestContext(roles=['foo'])
|
||||
action = 'foo'
|
||||
target = {}
|
||||
with mock.patch.object(policy._ENFORCER, 'enforce') as fake_enforce:
|
||||
policy.enforce(fake_context, action, target)
|
||||
fake_enforce.assert_called_once_with(
|
||||
action, target, fake_context, do_raise=True,
|
||||
exc=exception.PolicyNotAuthorized, action=action)
|
||||
|
||||
def test_authorize_passes_context_objects_to_enforcement(self):
|
||||
fake_context = context.RequestContext(project_id='fake-project-id',
|
||||
user_id='fake-user-id',
|
||||
roles=['foo'])
|
||||
action = 'foo'
|
||||
target = {'project_id': 'fake-project-id', 'user_id': 'fake-user-id'}
|
||||
with mock.patch.object(policy._ENFORCER, 'authorize') as fake_authz:
|
||||
fake_context.authorize('foo')
|
||||
fake_authz.assert_called_once_with(
|
||||
action, target, fake_context, do_raise=True,
|
||||
exc=exception.PolicyNotAuthorized, action=action)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user