diff options
| author | Zuul <zuul@review.openstack.org> | 2018-12-03 14:25:04 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2018-12-03 14:25:04 +0000 |
| commit | 21f3ba6695b0ceb8c2f969153801dc777c0ebdce (patch) | |
| tree | b3d8f0af5cdabb81dc4ca240002b7085f00d0494 | |
| parent | 3cef033be56db8adda1ec38a73f2e9c90ec519c1 (diff) | |
| parent | 66855beae74a34229345018dcfec299ca82cae25 (diff) | |
| download | oslo-policy-21f3ba6695b0ceb8c2f969153801dc777c0ebdce.tar.gz | |
Merge "oslopolicy-checker: iterate through rules in sorted order"1.42.0
| -rw-r--r-- | oslo_policy/shell.py | 2 | ||||
| -rw-r--r-- | oslo_policy/tests/test_shell.py | 31 |
2 files changed, 32 insertions, 1 deletions
diff --git a/oslo_policy/shell.py b/oslo_policy/shell.py index fe143fb..3fda8de 100644 --- a/oslo_policy/shell.py +++ b/oslo_policy/shell.py @@ -77,7 +77,7 @@ def tool(policy_file, access_file, apply_rule, is_admin=False, rule = rules[apply_rule] _try_rule(key, rule, target_data, access_data, o) return - for key, rule in rules.items(): + for key, rule in sorted(rules.items()): if ":" in key: _try_rule(key, rule, target_data, access_data, o) diff --git a/oslo_policy/tests/test_shell.py b/oslo_policy/tests/test_shell.py index 0d7fe64..3a915ff 100644 --- a/oslo_policy/tests/test_shell.py +++ b/oslo_policy/tests/test_shell.py @@ -29,6 +29,13 @@ class CheckerTestCase(base.PolicyBaseTestCase): "sampleservice:sample_rule": "" ''' + SAMPLE_POLICY_UNSORTED = '''--- +"sample_rule": "role:service" +"sampleservice:sample_rule2": "" +"sampleservice:sample_rule0": "" +"sampleservice:sample_rule1": "" +''' + def setUp(self): super(CheckerTestCase, self).setUp() self.create_config_file("policy.yaml", self.SAMPLE_POLICY) @@ -64,6 +71,30 @@ class CheckerTestCase(base.PolicyBaseTestCase): ''' self.assertEqual(expected, stdout.getvalue()) + def test_pass_rule_parameters_sorted(self): + self.create_config_file("policy.yaml", self.SAMPLE_POLICY_UNSORTED) + + policy_file = open(self.get_config_file_fullname('policy.yaml'), 'r') + access_file = open(self.get_config_file_fullname('access.json'), 'r') + apply_rule = None + is_admin = False + stdout = self._capture_stdout() + + access_data = copy.deepcopy( + token_fixture.SCOPED_TOKEN_FIXTURE["token"]) + access_data['roles'] = [ + role['name'] for role in access_data['roles']] + access_data['project_id'] = access_data['project']['id'] + access_data['is_admin'] = is_admin + + shell.tool(policy_file, access_file, apply_rule, is_admin) + + expected = '''passed: sampleservice:sample_rule0 +passed: sampleservice:sample_rule1 +passed: sampleservice:sample_rule2 +''' + self.assertEqual(expected, stdout.getvalue()) + @mock.patch("oslo_policy._checks.TrueCheck.__call__") def test_pass_rule_parameters_with_custom_target(self, call_mock): apply_rule = None |