openstack/ironic
Code Issues Proposed changes

Merge "Remove deprecated ironic.common.policy.enforce()"

Browse Source
This commit is contained in:
Zuul 2017-12-20 13:17:18 +00:00 committed by Gerrit Code Review
commit 49b528101a
2 changed files with 0 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ironic/common/policy.py
View File

@ -458,8 +458,6 @@ def authorize(rule, target, creds, *args, **kwargs):
Checks authorization of a rule against the target and credentials, and Checks authorization of a rule against the target and credentials, and
raises an exception if the rule is not defined. raises an exception if the rule is not defined.
Always returns true if CONF.auth_strategy == noauth. Always returns true if CONF.auth_strategy == noauth.
Beginning with the Newton cycle, this should be used in place of 'enforce'.
""" """
if CONF.auth_strategy == 'noauth': if CONF.auth_strategy == 'noauth':
return True return True
@ -479,23 +477,3 @@ def check(rule, target, creds, *args, **kwargs):
""" """
enforcer = get_enforcer() enforcer = get_enforcer()
return enforcer.enforce(rule, target, creds, *args, **kwargs) return enforcer.enforce(rule, target, creds, *args, **kwargs)
def enforce(rule, target, creds, do_raise=False, exc=None, *args, **kwargs):
"""A shortcut for policy.Enforcer.enforce()
Checks authorization of a rule against the target and credentials.
Always returns true if CONF.auth_strategy == noauth.
"""
# NOTE(deva): this method is obsoleted by authorize(), but retained for
# backwards compatibility in case it has been used downstream.
# It may be removed in the Pike cycle.
LOG.warning("Deprecation warning: calls to ironic.common.policy.enforce() "
"should be replaced with authorize(). This method may be "
"removed in a future release.")
if CONF.auth_strategy == 'noauth':
return True
enforcer = get_enforcer()
return enforcer.enforce(rule, target, creds, do_raise=do_raise,
exc=exc, *args, **kwargs)

19
ironic/tests/unit/common/test_policy.py
View File

@ -118,25 +118,6 @@ class PolicyTestCase(base.TestCase):
oslo_policy.PolicyNotRegistered, oslo_policy.PolicyNotRegistered,
policy.authorize, 'has_bar_role', creds, creds) policy.authorize, 'has_bar_role', creds, creds)
def test_enforce_existing_rule_passes(self):
creds = {'roles': ['foo']}
self.assertTrue(policy.enforce('has_foo_role', creds, creds))
def test_enforce_missing_rule_fails(self):
creds = {'roles': ['foo']}
self.assertFalse(policy.enforce('has_bar_role', creds, creds))
def test_enforce_existing_rule_fails(self):
creds = {'roles': ['bar']}
self.assertFalse(policy.enforce('has_foo_role', creds, creds))
def test_enforce_existing_rule_raises(self):
creds = {'roles': ['bar']}
self.assertRaises(
exception.IronicException,
policy.enforce, 'has_foo_role', creds, creds, True,
exception.IronicException)
@mock.patch.object(cfg, 'CONF', autospec=True) @mock.patch.object(cfg, 'CONF', autospec=True)
@mock.patch.object(policy, 'get_enforcer', autospec=True) @mock.patch.object(policy, 'get_enforcer', autospec=True)
def test_get_oslo_policy_enforcer_no_args(self, mock_gpe, mock_cfg): def test_get_oslo_policy_enforcer_no_args(self, mock_gpe, mock_cfg):