-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add unit tests for the
policy.py module
Signed-off-by: Mihaela Balutoiu <mbalutoiu@cloudbasesolutions.com>
- Loading branch information
1 parent
174ace8
commit 8730dac
Showing
1 changed file
with
130 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| # Copyright 2023 Cloudbase Solutions Srl | ||
| # All Rights Reserved. | ||
|
|
||
| from unittest import mock | ||
|
|
||
| from coriolis import policy | ||
| from coriolis.tests import test_base | ||
|
|
||
|
|
||
| class PolicyTestCase(test_base.CoriolisBaseTestCase): | ||
| """Test suite for the Coriolis policy module.""" | ||
|
|
||
| @mock.patch.object(policy, '_ENFORCER') | ||
| def test_reset(self, mock_enforcer): | ||
| result = policy.reset() | ||
|
|
||
| mock_enforcer.clear.assert_called_once_with() | ||
| self.assertEqual(result, None) | ||
| self.assertEqual(policy._ENFORCER, None) | ||
|
|
||
| @mock.patch('oslo_policy.policy.Enforcer') | ||
| @mock.patch.object(policy, 'register_rules') | ||
| @mock.patch.object(policy, 'CONF') | ||
| def test_init(self, mock_conf, mock_register_rules, mock_policy_enforcer): | ||
| mock_enforcer_instance = mock.Mock() | ||
| mock_policy_enforcer.return_value = mock_enforcer_instance | ||
|
|
||
| with mock.patch('coriolis.policy._ENFORCER', None): | ||
| result = policy.init() | ||
|
|
||
| mock_policy_enforcer.assert_called_once_with(mock_conf) | ||
| mock_register_rules.assert_called_once_with(mock_enforcer_instance) | ||
| mock_enforcer_instance.load_rules.assert_called_once_with() | ||
| self.assertEqual(result, None) | ||
|
|
||
| @mock.patch.object(policy, '_ENFORCER') | ||
| def test_init_already_initialized(self, mock_enforcer): | ||
| mock_enforcer_instance = mock.Mock() | ||
| mock_enforcer.return_value = mock_enforcer_instance | ||
|
|
||
| result = policy.init() | ||
| self.assertEqual(result, None) | ||
|
|
||
| @mock.patch.object(policy, 'itertools') | ||
| def test_register_rules(self, mock_itertools): | ||
| mock_enforcer = mock.Mock() | ||
| mock_enforcer.register_defaults.return_value = ['rule1', 'rule2'] | ||
| mock_itertools.chain.return_value = ['rule1', 'rule2', 'rule3'] | ||
|
|
||
| result = policy.register_rules(mock_enforcer) | ||
|
|
||
| mock_enforcer.register_defaults.assert_called_once_with( | ||
| ['rule1', 'rule2', 'rule3']) | ||
| self.assertEqual(result, None) | ||
|
|
||
| @mock.patch.object(policy, 'init') | ||
| def test_get_enforcer(self, mock_init): | ||
| mock_enforcer = mock.Mock() | ||
| policy._ENFORCER = mock_enforcer | ||
|
|
||
| result = policy.get_enforcer() | ||
|
|
||
| mock_init.assert_called_once_with() | ||
| self.assertEqual(result, mock_enforcer) | ||
|
|
||
| @mock.patch.object(policy, 'init') | ||
| def test_get_enforcer_not_initialized(self, mock_init): | ||
| policy._ENFORCER = None | ||
|
|
||
| result = policy.get_enforcer() | ||
|
|
||
| self.assertEqual(result, None) | ||
| mock_init.assert_called_once_with() | ||
|
|
||
| @mock.patch.object(policy, '_ENFORCER') | ||
| def test_check_policy_for_context(self, mock_enforcer): | ||
| mock_enforcer.authorize.return_value = True | ||
|
|
||
| mock_context = mock.Mock() | ||
| mock_context.to_policy_values.return_value = 'test-credentials' | ||
|
|
||
| result = policy.check_policy_for_context( | ||
| mock_context, 'rule', 'target') | ||
|
|
||
| self.assertEqual(result, True) | ||
| mock_enforcer.authorize.assert_called_once_with( | ||
| 'rule', 'target', 'test-credentials', do_raise=True, exc=mock.ANY, | ||
| action='rule') | ||
|
|
||
| @mock.patch.object(policy, '_ENFORCER') | ||
| def test_check_policy_for_context_do_not_raise(self, mock_enforcer): | ||
| mock_enforcer.authorize.return_value = False | ||
|
|
||
| mock_context = mock.Mock() | ||
| mock_context.to_policy_values.return_value = 'test-credentials' | ||
|
|
||
| result = policy.check_policy_for_context( | ||
| mock_context, 'rule', 'target', do_raise=False) | ||
|
|
||
| mock_enforcer.authorize.assert_called_once_with( | ||
| 'rule', 'target', 'test-credentials', do_raise=False, exc=mock.ANY, | ||
| action='rule') | ||
| self.assertEqual(result, False) | ||
|
|
||
| @mock.patch.object(policy, '_ENFORCER') | ||
| def test_check_policy_for_context_not_authorized(self, mock_enforcer): | ||
| mock_enforcer.authorize.side_effect = ( | ||
| policy.exception.PolicyNotAuthorized) | ||
|
|
||
| mock_context = mock.Mock() | ||
| mock_context.to_policy_values.return_value = 'test-credentials' | ||
|
|
||
| self.assertRaises( | ||
| policy.exception.PolicyNotAuthorized, | ||
| policy.check_policy_for_context, mock_context, 'rule', 'target') | ||
|
|
||
| mock_enforcer.authorize.assert_called_once_with( | ||
| 'rule', 'target', 'test-credentials', do_raise=True, exc=mock.ANY, | ||
| action='rule') | ||
|
|
||
| @mock.patch.object(policy, '_ENFORCER') | ||
| def test_check_policy_for_context_custom_exception(self, mock_enforcer): | ||
| mock_enforcer.authorize.side_effect = ValueError | ||
|
|
||
| mock_context = mock.Mock() | ||
| mock_context.to_policy_values.return_value = 'test-credentials' | ||
|
|
||
| self.assertRaises( | ||
| ValueError, policy.check_policy_for_context, mock_context, | ||
| 'rule', 'target', exc=ValueError) |