diff options
| author | Jenkins <jenkins@review.openstack.org> | 2017-02-07 12:31:22 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2017-02-07 12:31:22 +0000 |
| commit | 9e3d46b1707152094cc2c2bdd45e22898d79140c (patch) | |
| tree | 9425928983a1b8d411cee43eb9fc82d87a787e49 | |
| parent | 3b86352dd2cab84145c37440296dd867ee3b596a (diff) | |
| parent | 74c2a42a92721d343b27f3b776e40d1ee38d146e (diff) | |
| download | oslo-policy-9e3d46b1707152094cc2c2bdd45e22898d79140c.tar.gz | |
Merge "Add optional exception for check_rules"
| -rw-r--r-- | oslo_policy/policy.py | 12 | ||||
| -rw-r--r-- | oslo_policy/tests/test_policy.py | 18 |
2 files changed, 28 insertions, 2 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index 4d5d6ff..1a3781c 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -314,6 +314,13 @@ class PolicyNotRegistered(Exception): super(PolicyNotRegistered, self).__init__(msg) +class InvalidDefinitionError(Exception): + def __init__(self, names): + msg = _('Policies %(names)s are not well defined. Check logs for ' + 'more details.') % {'names': names} + super(InvalidDefinitionError, self).__init__(msg) + + def parse_file_contents(data): """Parse the raw contents of a policy file. @@ -541,7 +548,7 @@ class Enforcer(object): # Detect and log obvious incorrect rule definitions self.check_rules() - def check_rules(self): + def check_rules(self, raise_on_violation=False): """Look for rule definitions that are obviously incorrect.""" undefined_checks = [] cyclic_checks = [] @@ -561,6 +568,9 @@ class Enforcer(object): LOG.warning(_LW('Policies %(names)s are part of a cyclical ' 'reference.'), {'names': cyclic_checks}) + if raise_on_violation and violation: + raise InvalidDefinitionError(undefined_checks + cyclic_checks) + return not violation def _undefined_check(self, check): diff --git a/oslo_policy/tests/test_policy.py b/oslo_policy/tests/test_policy.py index 56d8f76..12d0c85 100644 --- a/oslo_policy/tests/test_policy.py +++ b/oslo_policy/tests/test_policy.py @@ -841,7 +841,7 @@ class EnforcerCheckRulesTest(base.PolicyBaseTestCase): def test_no_violations(self): self.create_config_file('policy.json', POLICY_JSON_CONTENTS) self.enforcer.load_rules(True) - self.assertTrue(self.enforcer.check_rules()) + self.assertTrue(self.enforcer.check_rules(raise_on_violation=True)) def test_undefined_rule(self): rules = jsonutils.dumps({'foo': 'rule:bar'}) @@ -850,6 +850,14 @@ class EnforcerCheckRulesTest(base.PolicyBaseTestCase): self.assertFalse(self.enforcer.check_rules()) + def test_undefined_rule_raises(self): + rules = jsonutils.dumps({'foo': 'rule:bar'}) + self.create_config_file('policy.json', rules) + self.enforcer.load_rules(True) + + self.assertRaises(policy.InvalidDefinitionError, + self.enforcer.check_rules, raise_on_violation=True) + def test_cyclical_rules(self): rules = jsonutils.dumps({'foo': 'rule:bar', 'bar': 'rule:foo'}) self.create_config_file('policy.json', rules) @@ -857,6 +865,14 @@ class EnforcerCheckRulesTest(base.PolicyBaseTestCase): self.assertFalse(self.enforcer.check_rules()) + def test_cyclical_rules_raises(self): + rules = jsonutils.dumps({'foo': 'rule:bar', 'bar': 'rule:foo'}) + self.create_config_file('policy.json', rules) + self.enforcer.load_rules(True) + + self.assertRaises(policy.InvalidDefinitionError, + self.enforcer.check_rules, raise_on_violation=True) + def test_complex_cyclical_rules_false(self): rules = jsonutils.dumps({'foo': 'rule:bar', 'bar': 'rule:baz and role:admin', |