diff options
-rw-r--r-- | oslo_policy/policy.py | 10 | ||||
-rw-r--r-- | oslo_policy/tests/test_generator.py | 4 | ||||
-rw-r--r-- | test-requirements.txt | 2 |
3 files changed, 10 insertions, 6 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index 83e4c0c..2b19a66 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -956,16 +956,20 @@ class Enforcer(object): # If the rule doesn't exist, fail closed result = False else: + # NOTE(moguimar): suppressing [B105:hardcoded_password_string] + # as token_scope is not actually a hardcoded + # token. + # Check the scope of the operation against the possible scope # attributes provided in `creds`. if creds.get('system'): - token_scope = 'system' + token_scope = 'system' # nosec elif creds.get('domain_id'): - token_scope = 'domain' + token_scope = 'domain' # nosec else: # If the token isn't system-scoped or domain-scoped then # we're dealing with a project-scoped token. - token_scope = 'project' + token_scope = 'project' # nosec registered_rule = self.registered_rules.get(rule) if registered_rule and registered_rule.scope_types: diff --git a/oslo_policy/tests/test_generator.py b/oslo_policy/tests/test_generator.py index af6398f..1f74aa3 100644 --- a/oslo_policy/tests/test_generator.py +++ b/oslo_policy/tests/test_generator.py @@ -492,8 +492,8 @@ class GeneratorRaiseErrorTestCase(testtools.TestCase): raise FakeException() fake_ep = FakeEP() - fake_eps = mock.Mock(return_value=[fake_ep]) - with mock.patch('pkg_resources.iter_entry_points', fake_eps): + with mock.patch('stevedore.named.NamedExtensionManager', + side_effect=FakeException()): self.assertRaises(FakeException, generator._generate_sample, fake_ep.name) diff --git a/test-requirements.txt b/test-requirements.txt index 29e6739..3c503c3 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -11,4 +11,4 @@ oslo.context>=2.22.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 # Bandit security code scanner -bandit>=1.1.0,<1.6.0 # Apache-2.0 +bandit>=1.6.0,<1.7.0 # Apache-2.0 |