Pass in policy name as part of the oslopolicy-check check call

We were not passing the policy name, which made it quite hard to test out external checks given that this is information that is passed in there. This passes that parameter. Change-Id: I217a6545bdf753470e08b39de2c0df08ffa1f82f
2018-10-30 16:11:46 +02:00 · 2018-10-30 16:11:46 +02:00 · d746dfb5f4
parent 11c27de86a
commit d746dfb5f4
2 changed files with 29 additions and 1 deletions
--- a/oslo_policy/shell.py
+++ b/oslo_policy/shell.py
@ -23,7 +23,7 @@ from oslo_policy import policy

 def _try_rule(key, rule, target, access_data, o):
    try:
-        result = rule(target, access_data, o)
+        result = rule(target, access_data, o, current_rule=key)
        if result:
            print("passed: %s" % key)
        else:
--- a/oslo_policy/tests/test_shell.py
+++ b/oslo_policy/tests/test_shell.py
@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+import mock
 from oslo_serialization import jsonutils

 from oslo_policy import shell
@ -34,6 +35,33 @@ class CheckerTestCase(base.PolicyBaseTestCase):
            "access.json",
            jsonutils.dumps(token_fixture.SCOPED_TOKEN_FIXTURE))

+    @mock.patch("oslo_policy._checks.TrueCheck.__call__")
+    def test_pass_rule_parameters(self, call_mock):
+
+        policy_file = open(self.get_config_file_fullname('policy.yaml'), 'r')
+        access_file = open(self.get_config_file_fullname('access.json'), 'r')
+        apply_rule = None
+        is_admin = False
+        stdout = self._capture_stdout()
+
+        access_data = token_fixture.SCOPED_TOKEN_FIXTURE["token"]
+        target = {
+            "project_id": access_data['project']['id']
+        }
+        access_data['roles'] = [
+            role['name'] for role in access_data['roles']]
+        access_data['project_id'] = access_data['project']['id']
+        access_data['is_admin'] = is_admin
+
+        shell.tool(policy_file, access_file, apply_rule, is_admin)
+        call_mock.assert_called_once_with(
+            target, access_data, mock.ANY,
+            current_rule="sampleservice:sample_rule")
+
+        expected = '''passed: sampleservice:sample_rule
+'''
+        self.assertEqual(expected, stdout.getvalue())
+
    def test_all_nonadmin(self):

        policy_file = open(self.get_config_file_fullname('policy.yaml'), 'r')