From 66855beae74a34229345018dcfec299ca82cae25 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Fri, 23 Nov 2018 14:30:16 +0200 Subject: [PATCH] oslopolicy-checker: iterate through rules in sorted order This makes it easier for folks checking their policies to just execute their rule checks and compare them with the original output. Instead of having to manually pipe the result and sort it. Change-Id: I8d45173578d3b309b97caaa7d4e87cb2aec0e8f2 --- oslo_policy/shell.py | 2 +- oslo_policy/tests/test_shell.py | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/oslo_policy/shell.py b/oslo_policy/shell.py index fe143fb4..3fda8de6 100644 --- a/oslo_policy/shell.py +++ b/oslo_policy/shell.py @@ -77,7 +77,7 @@ def tool(policy_file, access_file, apply_rule, is_admin=False, rule = rules[apply_rule] _try_rule(key, rule, target_data, access_data, o) return - for key, rule in rules.items(): + for key, rule in sorted(rules.items()): if ":" in key: _try_rule(key, rule, target_data, access_data, o) diff --git a/oslo_policy/tests/test_shell.py b/oslo_policy/tests/test_shell.py index 0d7fe648..3a915ffe 100644 --- a/oslo_policy/tests/test_shell.py +++ b/oslo_policy/tests/test_shell.py @@ -27,6 +27,13 @@ class CheckerTestCase(base.PolicyBaseTestCase): SAMPLE_POLICY = '''--- "sample_rule": "role:service" "sampleservice:sample_rule": "" +''' + + SAMPLE_POLICY_UNSORTED = '''--- +"sample_rule": "role:service" +"sampleservice:sample_rule2": "" +"sampleservice:sample_rule0": "" +"sampleservice:sample_rule1": "" ''' def setUp(self): @@ -61,6 +68,30 @@ class CheckerTestCase(base.PolicyBaseTestCase): current_rule="sampleservice:sample_rule") expected = '''passed: sampleservice:sample_rule +''' + self.assertEqual(expected, stdout.getvalue()) + + def test_pass_rule_parameters_sorted(self): + self.create_config_file("policy.yaml", self.SAMPLE_POLICY_UNSORTED) + + policy_file = open(self.get_config_file_fullname('policy.yaml'), 'r') + access_file = open(self.get_config_file_fullname('access.json'), 'r') + apply_rule = None + is_admin = False + stdout = self._capture_stdout() + + access_data = copy.deepcopy( + token_fixture.SCOPED_TOKEN_FIXTURE["token"]) + access_data['roles'] = [ + role['name'] for role in access_data['roles']] + access_data['project_id'] = access_data['project']['id'] + access_data['is_admin'] = is_admin + + shell.tool(policy_file, access_file, apply_rule, is_admin) + + expected = '''passed: sampleservice:sample_rule0 +passed: sampleservice:sample_rule1 +passed: sampleservice:sample_rule2 ''' self.assertEqual(expected, stdout.getvalue())