def test_augmented_user_privs_method_setting(self):
# user should not be granted any privileges by default, but the augmented privs should grant specific privileges
# Need to test an entity level and entity_type level priv
expected_actions = [LIST, WRITE]
augmented_privileges = {
koalacore.Privilege(
action=LIST,
role=koalacore.PrivilegeConstants.PRIVILEGE_ROLE_USER,
who='sdkjgnsdgjnasgl',
privilege_type=koalacore.PrivilegeConstants.
PRIVILEGE_TYPE_RESOURCE_TYPE,
related_id=0),
koalacore.Privilege(
action=WRITE,
role=koalacore.PrivilegeConstants.PRIVILEGE_ROLE_USER,
who='sdkjgnsdgjnasgl',
privilege_type=koalacore.PrivilegeConstants.
PRIVILEGE_TYPE_OBJECT,
related_id='apdmbdfobninrounbsodibn')
}
sys_user_dict = {
'uid': 'sdkjgnsdgjnasgl',
'resource_type': 'User',
'system_groups': koalacore.PrivilegeConstants.SYSTEM_GROUP_USER
}
entity_sec_dict = {
'uid': 'apdmbdfobninrounbsodibn',
'resource_type': 'User'
}
sys_user = koalacore.AugmentedSecurityObject(**sys_user_dict)
sys_user.grant_augmented_privileges(namespace='User',
privileges=augmented_privileges)
entity_sec_ob = koalacore.AugmentedSecurityObject(**entity_sec_dict)
actions = PrivilegeEvaluator.get_resource_privileges(
credentials=sys_user, resource=entity_sec_ob)
self.assertEqual(
set(actions), set(expected_actions),
'Action list mistmatch - expected: {0} | got: {1}'.format(
expected_actions, actions))
sys_user.revoke_augmented_privileges(namespace='User',
privileges=augmented_privileges)
self.assertEqual(sys_user.augmented_privileges, {'User': set()},
'Augmented privilege mismatch')
def test_augmented_user_privs_invalid(self):
# WRITE priv is defined but incorrectly; only LIST should be granted
expected_actions = [LIST]
augmented_privileges = {
koalacore.Privilege(
action=LIST,
role=koalacore.PrivilegeConstants.PRIVILEGE_ROLE_USER,
who='sdkjgnsdgjnasgl',
privilege_type=koalacore.PrivilegeConstants.
PRIVILEGE_TYPE_RESOURCE_TYPE,
related_id=0),
koalacore.Privilege(
action=WRITE,
role=koalacore.PrivilegeConstants.PRIVILEGE_ROLE_USER,
who='sdkjgnsdgjnasgl',
privilege_type=koalacore.PrivilegeConstants.
PRIVILEGE_TYPE_OBJECT,
related_id=0)
}
sys_user_dict = {
'uid': 'sdkjgnsdgjnasgl',
'resource_type': 'User',
'system_groups': koalacore.PrivilegeConstants.SYSTEM_GROUP_USER,
'augmented_privileges': {
'User': augmented_privileges
}
}
entity_sec_dict = {
'uid': 'apdmbdfobninrounbsodibn',
'resource_type': 'User'
}
sys_user = koalacore.AugmentedSecurityObject(**sys_user_dict)
entity_sec_ob = koalacore.AugmentedSecurityObject(**entity_sec_dict)
actions = PrivilegeEvaluator.get_resource_privileges(
credentials=sys_user, resource=entity_sec_ob)
self.assertEqual(
set(actions), set(expected_actions),
'Action list mistmatch - expected: {0} | got: {1}'.format(
expected_actions, actions))
def test_system_user_privs(self):
expected_actions = [READ, WRITE, DELETE, PASSWD, LIST, QUERY]
sys_user_dict = {
'uid': 0,
'resource_type': 'User',
'system_groups': koalacore.PrivilegeConstants.SYSTEM_GROUP_SYSTEM
}
entity_sec_dict = {
'uid': 'apdmbdfobninrounbsodibn',
'resource_type': 'User'
}
sys_user = koalacore.AugmentedSecurityObject(**sys_user_dict)
entity_sec_ob = koalacore.AugmentedSecurityObject(**entity_sec_dict)
actions = PrivilegeEvaluator.get_resource_privileges(
credentials=sys_user, resource=entity_sec_ob)
self.assertEqual(set(actions), set(expected_actions),
'Action list mistmatch.')
def test_user_self_privs(self):
# user should not be granted any privileges by default
expected_actions = [PASSWD]
sys_user_dict = {
'uid': 'mhcfhxdgfssjgfk',
'resource_type': 'User',
'system_groups': koalacore.PrivilegeConstants.SYSTEM_GROUP_USER
}
entity_sec_dict = {'uid': 'mhcfhxdgfssjgfk', 'resource_type': 'User'}
sys_user = koalacore.AugmentedSecurityObject(**sys_user_dict)
entity_sec_ob = koalacore.AugmentedSecurityObject(**entity_sec_dict)
actions = PrivilegeEvaluator.get_resource_privileges(
credentials=sys_user, resource=entity_sec_ob)
self.assertEqual(
set(actions), set(expected_actions),
'Action list mistmatch - expected: {0} | got: {1}'.format(
expected_actions, actions))
def test_authorise_decorator_as_user(self):
expected_actions = []
sys_user_dict = {
'uid': 'sdkjgnsdgjnasgl',
'resource_type': 'User',
'system_groups': koalacore.PrivilegeConstants.SYSTEM_GROUP_USER
}
entity_sec_dict = {
'uid': 'apdmbdfobninrounbsodibn',
'resource_type': 'User'
}
sys_user = koalacore.AugmentedSecurityObject(**sys_user_dict)
entity_sec_ob = koalacore.AugmentedSecurityObject(**entity_sec_dict)
@koalacore.authorise(action=koalacore.PrivilegeConstants.READ)
def test_func(credentials, resource, **kargs):
return True
with self.assertRaises(koalacore.UnauthorisedCredentials):
test_func(credentials=sys_user, resource=entity_sec_ob)
def test_authorise_decorator_as_admin(self):
expected_actions = [READ, PASSWD, LIST]
sys_user_dict = {
'uid': 'sdkjgnsdgjnasgl',
'resource_type': 'User',
'system_groups': koalacore.PrivilegeConstants.SYSTEM_GROUP_ADMIN
}
entity_sec_dict = {
'uid': 'apdmbdfobninrounbsodibn',
'resource_type': 'User'
}
sys_user = koalacore.AugmentedSecurityObject(**sys_user_dict)
entity_sec_ob = koalacore.AugmentedSecurityObject(**entity_sec_dict)
@koalacore.authorise(action=koalacore.PrivilegeConstants.READ)
def test_func(credentials, resource, **kargs):
return True
returned = test_func(credentials=sys_user, resource=entity_sec_ob)
self.assertTrue(returned, 'Decorated function should return True')
def test_admin_user_privs(self):
expected_actions = [READ, PASSWD, LIST]
sys_user_dict = {
'uid': 'sdkjgnsdgjnasgl',
'resource_type': 'User',
'system_groups': koalacore.PrivilegeConstants.SYSTEM_GROUP_ADMIN
}
entity_sec_dict = {
'uid': 'apdmbdfobninrounbsodibn',
'resource_type': 'User'
}
sys_user = koalacore.AugmentedSecurityObject(**sys_user_dict)
entity_sec_ob = koalacore.AugmentedSecurityObject(**entity_sec_dict)
actions = PrivilegeEvaluator.get_resource_privileges(
credentials=sys_user, resource=entity_sec_ob)
self.assertEqual(
set(actions), set(expected_actions),
'Action list mistmatch - expected: {0} | got: {1}'.format(
expected_actions, actions))
