diff options
Diffstat (limited to 'keystone-moon/keystone/tests/unit/test_policy.py')
| -rw-r--r-- | keystone-moon/keystone/tests/unit/test_policy.py | 41 |
1 files changed, 8 insertions, 33 deletions
diff --git a/keystone-moon/keystone/tests/unit/test_policy.py b/keystone-moon/keystone/tests/unit/test_policy.py index 686e2b70..d6e911e9 100644 --- a/keystone-moon/keystone/tests/unit/test_policy.py +++ b/keystone-moon/keystone/tests/unit/test_policy.py @@ -23,22 +23,11 @@ from testtools import matchers from keystone import exception from keystone.policy.backends import rules from keystone.tests import unit +from keystone.tests.unit import ksfixtures from keystone.tests.unit.ksfixtures import temporaryfile -class BasePolicyTestCase(unit.TestCase): - def setUp(self): - super(BasePolicyTestCase, self).setUp() - rules.reset() - self.addCleanup(rules.reset) - self.addCleanup(self.clear_cache_safely) - - def clear_cache_safely(self): - if rules._ENFORCER: - rules._ENFORCER.clear() - - -class PolicyFileTestCase(BasePolicyTestCase): +class PolicyFileTestCase(unit.TestCase): def setUp(self): # self.tmpfilename should exist before setUp super is called # this is to ensure it is available for the config_fixture in @@ -48,10 +37,8 @@ class PolicyFileTestCase(BasePolicyTestCase): super(PolicyFileTestCase, self).setUp() self.target = {} - def config_overrides(self): - super(PolicyFileTestCase, self).config_overrides() - self.config_fixture.config(group='oslo_policy', - policy_file=self.tmpfilename) + def _policy_fixture(self): + return ksfixtures.Policy(self.tmpfilename, self.config_fixture) def test_modified_policy_reloads(self): action = "example:test" @@ -65,21 +52,10 @@ class PolicyFileTestCase(BasePolicyTestCase): self.assertRaises(exception.ForbiddenAction, rules.enforce, empty_credentials, action, self.target) - def test_invalid_policy_raises_error(self): - action = "example:test" - empty_credentials = {} - invalid_json = '{"example:test": [],}' - with open(self.tmpfilename, "w") as policyfile: - policyfile.write(invalid_json) - self.assertRaises(ValueError, rules.enforce, - empty_credentials, action, self.target) - -class PolicyTestCase(BasePolicyTestCase): +class PolicyTestCase(unit.TestCase): def setUp(self): super(PolicyTestCase, self).setUp() - # NOTE(vish): preload rules to circumvent reloading from file - rules.init() self.rules = { "true": [], "example:allowed": [], @@ -137,17 +113,16 @@ class PolicyTestCase(BasePolicyTestCase): def test_ignore_case_role_check(self): lowercase_action = "example:lowercase_admin" uppercase_action = "example:uppercase_admin" - # NOTE(dprince) we mix case in the Admin role here to ensure + # NOTE(dprince): We mix case in the Admin role here to ensure # case is ignored admin_credentials = {'roles': ['AdMiN']} rules.enforce(admin_credentials, lowercase_action, self.target) rules.enforce(admin_credentials, uppercase_action, self.target) -class DefaultPolicyTestCase(BasePolicyTestCase): +class DefaultPolicyTestCase(unit.TestCase): def setUp(self): super(DefaultPolicyTestCase, self).setUp() - rules.init() self.rules = { "default": [], @@ -160,7 +135,7 @@ class DefaultPolicyTestCase(BasePolicyTestCase): # its enforce() method even though rules has been initialized via # set_rules(). To make it easier to do our tests, we're going to # monkeypatch load_roles() so it does nothing. This seem like a bug in - # Oslo policy as we shoudn't have to reload the rules if they have + # Oslo policy as we shouldn't have to reload the rules if they have # already been set using set_rules(). self._old_load_rules = rules._ENFORCER.load_rules self.addCleanup(setattr, rules._ENFORCER, 'load_rules', |