Moves policy setup into a fixture.

The original implemention worked only because of the ordering of the tests. By the time the tests that needed policy.json to be loaded ran it had already been properly loaded. When running certain tests in isolation the policy is not propertly setup, leading to a test failure. Closes-Bug: #1520383 Change-Id: Icd041eb4ed8ddd580f49b4709ca5f05ab7315292
2016-02-10 16:06:03 +00:00 · 2016-02-10 16:06:03 +00:00 · 10773b79ad
commit 10773b79ad
parent 7a0874f6f6
8 changed files with 63 additions and 55 deletions
--- a/keystone/tests/unit/core.py
+++ b/keystone/tests/unit/core.py
@ -53,7 +53,6 @@ from keystone.common.kvs import core as kvs_core
 from keystone.common import sql
 from keystone import exception
 from keystone import notifications
-from keystone.policy.backends import rules
 from keystone.server import common
 from keystone.tests.unit import ksfixtures
 from keystone.version import controllers
@ -81,7 +80,6 @@ TMPDIR = _calc_tmpdir()

 CONF = cfg.CONF
 log.register_options(CONF)
-rules.init()

 IN_MEM_DB_CONN_STRING = 'sqlite://'

@ -519,6 +517,9 @@ class TestCase(BaseTestCase):
    def config_files(self):
        return []

+    def _policy_fixture(self):
+        return ksfixtures.Policy(dirs.etc('policy.json'), self.config_fixture)
+
    def config_overrides(self):
        # NOTE(morganfainberg): enforce config_overrides can only ever be
        # called a single time.
@ -527,8 +528,9 @@ class TestCase(BaseTestCase):

        signing_certfile = 'examples/pki/certs/signing_cert.pem'
        signing_keyfile = 'examples/pki/private/signing_key.pem'
-        self.config_fixture.config(group='oslo_policy',
-                                   policy_file=dirs.etc('policy.json'))
+
+        self.useFixture(self._policy_fixture())
+
        self.config_fixture.config(
            # TODO(morganfainberg): Make Cache Testing a separate test case
            # in tempest, and move it out of the base unit tests.
--- a/keystone/tests/unit/ksfixtures/init.py
+++ b/keystone/tests/unit/ksfixtures/init.py
@ -14,3 +14,4 @@
 from keystone.tests.unit.ksfixtures.auth_plugins import ConfigAuthPlugins  # noqa
 from keystone.tests.unit.ksfixtures.cache import Cache  # noqa
 from keystone.tests.unit.ksfixtures.key_repository import KeyRepository  # noqa
+from keystone.tests.unit.ksfixtures.policy import Policy  # noqa
--- a/keystone/tests/unit/ksfixtures/policy.py
+++ b/keystone/tests/unit/ksfixtures/policy.py
@ -0,0 +1,33 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import fixtures
+from oslo_policy import opts
+
+from keystone.policy.backends import rules
+
+
+class Policy(fixtures.Fixture):
+    """A fixture for working with policy configuration."""
+
+    def __init__(self, policy_file, config_fixture):
+        self._policy_file = policy_file
+        self._config_fixture = config_fixture
+
+    def setUp(self):
+        super(Policy, self).setUp()
+        opts.set_defaults(self._config_fixture.conf)
+        self._config_fixture.config(group='oslo_policy',
+                                    policy_file=self._policy_file)
+        rules.init()
+        self.addCleanup(rules.reset)
--- a/keystone/tests/unit/rest.py
+++ b/keystone/tests/unit/rest.py
@ -17,7 +17,6 @@ from six.moves import http_client
 import webtest

 from keystone.auth import controllers as auth_controllers
-from keystone.policy.backends import rules
 from keystone.tests import unit
 from keystone.tests.unit import default_fixtures
 from keystone.tests.unit.ksfixtures import database
@ -72,12 +71,6 @@ class RestfulTestCase(unit.TestCase):
        self.admin_app = webtest.TestApp(
            self.loadapp(app_conf, name='admin'))
        self.addCleanup(delattr, self, 'admin_app')
-        # Initialize the policy engine and allow us to write to a temp
-        # file in each test to create the policies
-        rules.reset()
-
-        # drop the policy rules
-        self.addCleanup(rules.reset)

    def request(self, app, path, body=None, headers=None, token=None,
                expected_status=None, **kwargs):
--- a/keystone/tests/unit/test_policy.py
+++ b/keystone/tests/unit/test_policy.py
@ -23,22 +23,11 @@ from testtools import matchers
 from keystone import exception
 from keystone.policy.backends import rules
 from keystone.tests import unit
+from keystone.tests.unit import ksfixtures
 from keystone.tests.unit.ksfixtures import temporaryfile


-class BasePolicyTestCase(unit.TestCase):
-    def setUp(self):
-        super(BasePolicyTestCase, self).setUp()
-        rules.reset()
-        self.addCleanup(rules.reset)
-        self.addCleanup(self.clear_cache_safely)
-
-    def clear_cache_safely(self):
-        if rules._ENFORCER:
-            rules._ENFORCER.clear()
-
-
-class PolicyFileTestCase(BasePolicyTestCase):
+class PolicyFileTestCase(unit.TestCase):
    def setUp(self):
        # self.tmpfilename should exist before setUp super is called
        # this is to ensure it is available for the config_fixture in
@ -48,10 +37,8 @@ class PolicyFileTestCase(BasePolicyTestCase):
        super(PolicyFileTestCase, self).setUp()
        self.target = {}

-    def config_overrides(self):
-        super(PolicyFileTestCase, self).config_overrides()
-        self.config_fixture.config(group='oslo_policy',
-                                   policy_file=self.tmpfilename)
+    def _policy_fixture(self):
+        return ksfixtures.Policy(self.tmpfilename, self.config_fixture)

    def test_modified_policy_reloads(self):
        action = "example:test"
@ -75,11 +62,9 @@ class PolicyFileTestCase(BasePolicyTestCase):
                          empty_credentials, action, self.target)


-class PolicyTestCase(BasePolicyTestCase):
+class PolicyTestCase(unit.TestCase):
    def setUp(self):
        super(PolicyTestCase, self).setUp()
-        # NOTE(vish): preload rules to circumvent reloading from file
-        rules.init()
        self.rules = {
            "true": [],
            "example:allowed": [],
@ -144,10 +129,9 @@ class PolicyTestCase(BasePolicyTestCase):
        rules.enforce(admin_credentials, uppercase_action, self.target)


-class DefaultPolicyTestCase(BasePolicyTestCase):
+class DefaultPolicyTestCase(unit.TestCase):
    def setUp(self):
        super(DefaultPolicyTestCase, self).setUp()
-        rules.init()

        self.rules = {
            "default": [],
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -962,11 +962,9 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
                                         user_id=self.userAdminA['id'],
                                         domain_id=self.domainA['id'])

-    def config_overrides(self):
-        super(TestTokenRevokeSelfAndAdmin, self).config_overrides()
-        self.config_fixture.config(
-            group='oslo_policy',
-            policy_file=unit.dirs.etc('policy.v3cloudsample.json'))
+    def _policy_fixture(self):
+        return ksfixtures.Policy(unit.dirs.etc('policy.v3cloudsample.json'),
+                                 self.config_fixture)

    def test_user_revokes_own_token(self):
        user_token = self.get_requested_token(
--- a/keystone/tests/unit/test_v3_filters.py
+++ b/keystone/tests/unit/test_v3_filters.py
@ -19,6 +19,7 @@ from six.moves import range

 from keystone.tests import unit
 from keystone.tests.unit import filtering
+from keystone.tests.unit import ksfixtures
 from keystone.tests.unit.ksfixtures import temporaryfile
 from keystone.tests.unit import test_v3

@ -30,13 +31,14 @@ class IdentityTestFilteredCase(filtering.FilterTests,
                               test_v3.RestfulTestCase):
    """Test filter enforcement on the v3 Identity API."""

+    def _policy_fixture(self):
+        return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
+
    def setUp(self):
        """Setup for Identity Filter Test Cases."""
-        super(IdentityTestFilteredCase, self).setUp()
        self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
        self.tmpfilename = self.tempfile.file_name
-        self.config_fixture.config(group='oslo_policy',
-                                   policy_file=self.tmpfilename)
+        super(IdentityTestFilteredCase, self).setUp()

    def load_sample_data(self):
        """Create sample data for these tests.
--- a/keystone/tests/unit/test_v3_protection.py
+++ b/keystone/tests/unit/test_v3_protection.py
@ -20,8 +20,8 @@ from oslo_serialization import jsonutils
 from six.moves import http_client

 from keystone import exception
-from keystone.policy.backends import rules
 from keystone.tests import unit
+from keystone.tests.unit import ksfixtures
 from keystone.tests.unit.ksfixtures import temporaryfile
 from keystone.tests.unit import test_v3
 from keystone.tests.unit import utils
@ -34,6 +34,9 @@ DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id
 class IdentityTestProtectedCase(test_v3.RestfulTestCase):
    """Test policy enforcement on the v3 Identity API."""

+    def _policy_fixture(self):
+        return ksfixtures.Policy(self.tmpfilename, self.config_fixture)
+
    def setUp(self):
        """Setup for Identity Protection Test Cases.

@ -50,14 +53,9 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
        the default domain.

        """
-        # Ensure that test_v3.RestfulTestCase doesn't load its own
-        # sample data, which would make checking the results of our
-        # tests harder
-        super(IdentityTestProtectedCase, self).setUp()
        self.tempfile = self.useFixture(temporaryfile.SecureTempFile())
        self.tmpfilename = self.tempfile.file_name
-        self.config_fixture.config(group='oslo_policy',
-                                   policy_file=self.tmpfilename)
+        super(IdentityTestProtectedCase, self).setUp()

        # A default auth request we can use - un-scoped user token
        self.auth = self.build_authentication_request(
@ -560,6 +558,10 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
                                      test_v3.AssignmentTestMixin):
    """Test policy enforcement of the sample v3 cloud policy file."""

+    def _policy_fixture(self):
+        return ksfixtures.Policy(unit.dirs.etc('policy.v3cloudsample.json'),
+                                 self.config_fixture)
+
    def setUp(self):
        """Setup for v3 Cloud Policy Sample Test Cases.

@ -585,13 +587,6 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
        # tests harder
        super(IdentityTestv3CloudPolicySample, self).setUp()

-        # Finally, switch to the v3 sample policy file
-        self.addCleanup(rules.reset)
-        rules.reset()
-        self.config_fixture.config(
-            group='oslo_policy',
-            policy_file=unit.dirs.etc('policy.v3cloudsample.json'))
-
        self.config_fixture.config(
            group='resource',
            admin_project_name=self.admin_project['name'])