diff options
| author | Jenkins <jenkins@review.openstack.org> | 2016-01-07 12:50:29 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2016-01-07 12:50:29 +0000 |
| commit | 8d65ff6de5b7613a049fa6b4d2eaebcaded0fe5f (patch) | |
| tree | 9da7df6648a4c8926fcb965c602702d5339b2452 | |
| parent | 127d4f94c294c6d084d88177666002d8145a22be (diff) | |
| parent | 50da9acaeaeeb49b82706b33e4e500a64b0cb801 (diff) | |
| download | oslo-policy-8d65ff6de5b7613a049fa6b4d2eaebcaded0fe5f.tar.gz | |
Merge "Don't crash on RoleCheck when roles not present"1.3.0
| -rw-r--r-- | oslo_policy/_checks.py | 4 | ||||
| -rw-r--r-- | oslo_policy/tests/test_checks.py | 5 |
2 files changed, 8 insertions, 1 deletions
diff --git a/oslo_policy/_checks.py b/oslo_policy/_checks.py index 8038b6c..51c5529 100644 --- a/oslo_policy/_checks.py +++ b/oslo_policy/_checks.py @@ -218,7 +218,9 @@ class RoleCheck(Check): # While doing RoleCheck if key not # present in Target return false return False - return match.lower() in [x.lower() for x in creds['roles']] + if 'roles' in creds: + return match.lower() in [x.lower() for x in creds['roles']] + return False @register('http') diff --git a/oslo_policy/tests/test_checks.py b/oslo_policy/tests/test_checks.py index f438b64..3a490b9 100644 --- a/oslo_policy/tests/test_checks.py +++ b/oslo_policy/tests/test_checks.py @@ -92,6 +92,11 @@ class RoleCheckTestCase(base.PolicyBaseTestCase): target_dict = dict(target=dict(role=dict())) self.assertFalse(check(target_dict, cred_dict, self.enforcer)) + def test_no_roles_case(self): + check = _checks.RoleCheck('role', 'spam') + + self.assertFalse(check({}, {}, self.enforcer)) + class HttpCheckTestCase(base.PolicyBaseTestCase): |