99 lines
3.2 KiB
Python
99 lines
3.2 KiB
Python
# Copyright 2018 OP5 AB
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from falcon import testing
|
|
|
|
from monasca_common.policy import policy_engine as policy
|
|
from oslo_policy import policy as os_policy
|
|
|
|
from monasca_api.api.core import request
|
|
from monasca_api.tests import base
|
|
import monasca_api.v2.reference.helpers as helpers
|
|
|
|
|
|
class TestGetXTenantOrTenantId(base.BaseApiTestCase):
|
|
def setUp(self):
|
|
super(TestGetXTenantOrTenantId, self).setUp()
|
|
rules = [
|
|
os_policy.RuleDefault("example:allowed", "@"),
|
|
os_policy.RuleDefault("example:denied", "!"),
|
|
os_policy.RuleDefault("example:authorized",
|
|
"role:role_1 or role:role_2")
|
|
]
|
|
policy.reset()
|
|
policy.init()
|
|
policy._ENFORCER.register_defaults(rules)
|
|
|
|
def test_return_tenant_id_on_authorized_roles(self):
|
|
|
|
for role in ['role_1', 'role_2']:
|
|
req_context = self._get_request_context(role)
|
|
self.assertEqual(
|
|
'fake_tenant_id',
|
|
helpers.get_x_tenant_or_tenant_id(
|
|
req_context, ['example:authorized']
|
|
)
|
|
)
|
|
|
|
def test_return_tenant_id_on_allowed_rules(self):
|
|
req_context = self._get_request_context()
|
|
self.assertEqual(
|
|
'fake_tenant_id',
|
|
helpers.get_x_tenant_or_tenant_id(
|
|
req_context,
|
|
['example:allowed']
|
|
)
|
|
)
|
|
|
|
def test_return_project_id_on_unauthorized_role(self):
|
|
req_context = self._get_request_context()
|
|
self.assertEqual('fake_project_id',
|
|
helpers.get_x_tenant_or_tenant_id(
|
|
req_context,
|
|
['example:authorized']))
|
|
|
|
def test_return_project_id_on_denied_rules(self):
|
|
req_context = self._get_request_context()
|
|
self.assertEqual(
|
|
'fake_project_id',
|
|
helpers.get_x_tenant_or_tenant_id(
|
|
req_context,
|
|
['example:denied']
|
|
)
|
|
)
|
|
|
|
def test_return_project_id_on_unavailable_tenant_id(self):
|
|
req_context = self._get_request_context()
|
|
req_context.query_string = ''
|
|
self.assertEqual(
|
|
'fake_project_id',
|
|
helpers.get_x_tenant_or_tenant_id(
|
|
req_context,
|
|
['example:allowed']
|
|
)
|
|
)
|
|
|
|
@staticmethod
|
|
def _get_request_context(role='fake_role'):
|
|
return request.Request(
|
|
testing.create_environ(
|
|
path="/",
|
|
query_string="tenant_id=fake_tenant_id",
|
|
headers={
|
|
"X_PROJECT_ID": "fake_project_id",
|
|
"X_ROLES": role
|
|
}
|
|
)
|
|
)
|