oslopolicy-checker: iterate through rules in sorted order

This makes it easier for folks checking their policies to just execute their rule checks and compare them with the original output. Instead of having to manually pipe the result and sort it. Change-Id: I8d45173578d3b309b97caaa7d4e87cb2aec0e8f2
2018-11-23 14:30:16 +02:00 · 2018-11-23 14:30:16 +02:00 · 66855beae7
commit 66855beae7
parent a102757726
2 changed files with 32 additions and 1 deletions
--- a/oslo_policy/shell.py
+++ b/oslo_policy/shell.py
@ -77,7 +77,7 @@ def tool(policy_file, access_file, apply_rule, is_admin=False,
        rule = rules[apply_rule]
        _try_rule(key, rule, target_data, access_data, o)
        return
-    for key, rule in rules.items():
+    for key, rule in sorted(rules.items()):
        if ":" in key:
            _try_rule(key, rule, target_data, access_data, o)

--- a/oslo_policy/tests/test_shell.py
+++ b/oslo_policy/tests/test_shell.py
@ -27,6 +27,13 @@ class CheckerTestCase(base.PolicyBaseTestCase):
    SAMPLE_POLICY = '''---
 "sample_rule": "role:service"
 "sampleservice:sample_rule": ""
+'''
+
+    SAMPLE_POLICY_UNSORTED = '''---
+"sample_rule": "role:service"
+"sampleservice:sample_rule2": ""
+"sampleservice:sample_rule0": ""
+"sampleservice:sample_rule1": ""
 '''

    def setUp(self):
@ -61,6 +68,30 @@ class CheckerTestCase(base.PolicyBaseTestCase):
            current_rule="sampleservice:sample_rule")

        expected = '''passed: sampleservice:sample_rule
+'''
+        self.assertEqual(expected, stdout.getvalue())
+
+    def test_pass_rule_parameters_sorted(self):
+        self.create_config_file("policy.yaml", self.SAMPLE_POLICY_UNSORTED)
+
+        policy_file = open(self.get_config_file_fullname('policy.yaml'), 'r')
+        access_file = open(self.get_config_file_fullname('access.json'), 'r')
+        apply_rule = None
+        is_admin = False
+        stdout = self._capture_stdout()
+
+        access_data = copy.deepcopy(
+            token_fixture.SCOPED_TOKEN_FIXTURE["token"])
+        access_data['roles'] = [
+            role['name'] for role in access_data['roles']]
+        access_data['project_id'] = access_data['project']['id']
+        access_data['is_admin'] = is_admin
+
+        shell.tool(policy_file, access_file, apply_rule, is_admin)
+
+        expected = '''passed: sampleservice:sample_rule0
+passed: sampleservice:sample_rule1
+passed: sampleservice:sample_rule2
 '''
        self.assertEqual(expected, stdout.getvalue())