Add test for enforce with rule doesn't exist

The coverage report showed that there was no test covering the case where the policy file wasn't empty and a rule that doesn't exist was used. Change-Id: I260f111e4371367ddb0cfc7793e275f4a2df6b45
author: Brant Knudson <bknudson@us.ibm.com> 2015-10-13 11:03:07 -0500
committer: Brant Knudson <bknudson@us.ibm.com> 2015-10-13 11:03:07 -0500
commit: 3ce9b0c10cac2f8eadf48f9957a6d9da9079a210 (patch)
tree: b8ebc4beb95a082fde09001912dfe159bcb9a545
parent: 307ce3cedd19fa3bb9b911a795098d31eabdebb0 (diff)
download: oslo-policy-3ce9b0c10cac2f8eadf48f9957a6d9da9079a210.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/oslo_policy/tests/test_policy.py b/oslo_policy/tests/test_policy.py
index 52a793c..ccfcdf5 100644
--- a/oslo_policy/tests/test_policy.py
+++ b/oslo_policy/tests/test_policy.py
@@ -481,6 +481,16 @@ class CheckFunctionTestCase(base.PolicyBaseTestCase):
 
         self.assertEqual(('target', 'creds', self.enforcer), result)
 
+    def test_check_rule_not_exist_not_empty_policy_file(self):
+        # If the rule doesn't exist, then enforce() fails rather than KeyError.
+
+        # This test needs a non-empty file otherwise the code short-circuits.
+        self.create_config_file('policy.json', jsonutils.dumps({"a_rule": []}))
+        self.enforcer.default_rule = None
+        self.enforcer.load_rules()
+        result = self.enforcer.enforce('rule', 'target', 'creds')
+        self.assertFalse(result)
+
     def test_check_raise_default(self):
         # When do_raise=True and exc is not used then PolicyNotAuthorized is
         # raised.
author	Brant Knudson <bknudson@us.ibm.com>	2015-10-13 11:03:07 -0500
committer	Brant Knudson <bknudson@us.ibm.com>	2015-10-13 11:03:07 -0500
commit	3ce9b0c10cac2f8eadf48f9957a6d9da9079a210 (patch)
tree	b8ebc4beb95a082fde09001912dfe159bcb9a545
parent	307ce3cedd19fa3bb9b911a795098d31eabdebb0 (diff)
download	oslo-policy-3ce9b0c10cac2f8eadf48f9957a6d9da9079a210.tar.gz