Beispiel #1
0
    def setUpClass(cls):
        super(PacksControllerTestCase, cls).setUpClass()

        cls.pack_db_1 = PackDB(
            name="pack1",
            description="foo",
            version="0.1.0",
            author="foo",
            email="*****@*****.**",
            ref="pack1",
        )
        cls.pack_db_2 = PackDB(
            name="pack2",
            description="foo",
            version="0.1.0",
            author="foo",
            email="*****@*****.**",
            ref="pack2",
        )
        cls.pack_db_3 = PackDB(
            name="pack3-name",
            ref="pack3-ref",
            description="foo",
            version="0.1.0",
            author="foo",
            email="*****@*****.**",
        )
        Pack.add_or_update(cls.pack_db_1)
        Pack.add_or_update(cls.pack_db_2)
        Pack.add_or_update(cls.pack_db_3)
Beispiel #2
0
    def test_uid_is_populated_on_save(self):
        pack_1_db = PackDB(
            ref="test_pack",
            name="test",
            description="foo",
            version="1.0.0",
            author="dev",
            email="*****@*****.**",
        )
        pack_1_db = Pack.add_or_update(pack_1_db)
        pack_1_db.reload()

        self.assertEqual(pack_1_db.uid, "pack:test_pack")

        action_1_db = ActionDB(
            name="local",
            pack="core",
            ref="core.local",
            entry_point="",
            runner_type={"name": "local-shell-cmd"},
        )
        action_1_db = Action.add_or_update(action_1_db)
        action_1_db.reload()

        self.assertEqual(action_1_db.uid, "action:core:local")
Beispiel #3
0
    def setUpClass(cls):
        super(PacksControllerTestCase, cls).setUpClass()

        cls.pack_db_1 = PackDB(name='Pack1', description='foo', version='0.1.0', author='foo',
                               email='*****@*****.**', ref='pack1')
        cls.pack_db_2 = PackDB(name='Pack2', description='foo', version='0.1.0', author='foo',
                               email='*****@*****.**', ref='pack2')
        Pack.add_or_update(cls.pack_db_1)
        Pack.add_or_update(cls.pack_db_2)
    def _insert_common_mock_resources(self):
        pack_1_db = PackDB(name='test_pack_1', ref='test_pack_1', description='',
                           version='0.1.0', author='foo', email='*****@*****.**')
        pack_1_db = Pack.add_or_update(pack_1_db)
        self.resources['pack_1'] = pack_1_db

        pack_2_db = PackDB(name='test_pack_2', ref='test_pack_2', description='',
                           version='0.1.0', author='foo', email='*****@*****.**')
        pack_2_db = Pack.add_or_update(pack_2_db)
        self.resources['pack_2'] = pack_2_db
Beispiel #5
0
    def test_get_uid(self):
        pack_1_db = PackDB(ref='test_pack')
        pack_2_db = PackDB(ref='examples')

        self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack')
        self.assertEqual(pack_2_db.get_uid(), 'pack:examples')

        action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action')
        action_2_db = ActionDB(pack='core', name='local', ref='core.local')
        self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action')
        self.assertEqual(action_2_db.get_uid(), 'action:core:local')
Beispiel #6
0
    def setUp(cls):
        super(PackControllerRBACTestCase, cls).setUp()

        cls.pack_db_1 = PackDB(name='pack1', description='foo', version='0.1.0', author='foo',
                               email='*****@*****.**', ref='pack1')
        cls.pack_db_2 = PackDB(name='pack2', description='foo', version='0.1.0', author='foo',
                               email='*****@*****.**', ref='pack2')
        cls.pack_db_3 = PackDB(name='pack3-name', ref='pack3-ref', description='foo',
                               version='0.1.0', author='foo',
                               email='*****@*****.**')
        Pack.add_or_update(cls.pack_db_1)
        Pack.add_or_update(cls.pack_db_2)
        Pack.add_or_update(cls.pack_db_3)
Beispiel #7
0
    def test_uid_is_populated_on_save(self):
        pack_1_db = PackDB(ref='test_pack', name='test', description='foo', version='1.0',
                           author='dev', email='*****@*****.**')
        pack_1_db = Pack.add_or_update(pack_1_db)
        pack_1_db.reload()

        self.assertEqual(pack_1_db.uid, 'pack:test_pack')

        action_1_db = ActionDB(name='local', pack='core', ref='core.local', entry_point='',
                               runner_type={'name': 'local-shell-cmd'})
        action_1_db = Action.add_or_update(action_1_db)
        action_1_db.reload()

        self.assertEqual(action_1_db.uid, 'action:core:local')
Beispiel #8
0
    def test_uid_is_populated_on_save(self):
        pack_1_db = PackDB(ref='test_pack', name='test', description='foo', version='1.0.0',
                           author='dev', email='*****@*****.**')
        pack_1_db = Pack.add_or_update(pack_1_db)
        pack_1_db.reload()

        self.assertEqual(pack_1_db.uid, 'pack:test_pack')

        action_1_db = ActionDB(name='local', pack='core', ref='core.local', entry_point='',
                               runner_type={'name': 'local-shell-cmd'})
        action_1_db = Action.add_or_update(action_1_db)
        action_1_db.reload()

        self.assertEqual(action_1_db.uid, 'action:core:local')
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))

        # Verify that same set of parameters always results in the same hash
        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash).hexdigest()

        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
        self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')

        policy_db = PolicyDB(pack='dummy', name='policy1')
        self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
Beispiel #10
0
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
Beispiel #11
0
 def test_get_pack_common_libs_path_for_pack_db_no_path_in_pack_db(self):
     pack_model_args = {
         'name': 'Yolo CI',
         'ref': 'yolo_ci',
         'description': 'YOLO CI pack',
         'version': '0.1.0',
         'author': 'Volkswagen'
     }
     pack_db = PackDB(**pack_model_args)
     lib_path = get_pack_common_libs_path_for_pack_db(pack_db)
     self.assertEqual(None, lib_path)
Beispiel #12
0
 def test_get_pack_common_libs_path_for_pack_db_no_path_in_pack_db(self):
     pack_model_args = {
         "name": "Yolo CI",
         "ref": "yolo_ci",
         "description": "YOLO CI pack",
         "version": "0.1.0",
         "author": "Volkswagen",
     }
     pack_db = PackDB(**pack_model_args)
     lib_path = get_pack_common_libs_path_for_pack_db(pack_db)
     self.assertEqual(None, lib_path)
Beispiel #13
0
 def test_get_pack_common_libs_path_for_pack_db(self):
     pack_model_args = {
         'name': 'Yolo CI',
         'ref': 'yolo_ci',
         'description': 'YOLO CI pack',
         'version': '0.1.0',
         'author': 'Volkswagen',
         'path': '/opt/stackstorm/packs/yolo_ci/'
     }
     pack_db = PackDB(**pack_model_args)
     lib_path = get_pack_common_libs_path_for_pack_db(pack_db)
     self.assertEqual('/opt/stackstorm/packs/yolo_ci/lib', lib_path)
Beispiel #14
0
 def test_get_pack_common_libs_path_for_pack_db(self):
     pack_model_args = {
         "name": "Yolo CI",
         "ref": "yolo_ci",
         "description": "YOLO CI pack",
         "version": "0.1.0",
         "author": "Volkswagen",
         "path": "/opt/stackstorm/packs/yolo_ci/",
     }
     pack_db = PackDB(**pack_model_args)
     lib_path = get_pack_common_libs_path_for_pack_db(pack_db)
     self.assertEqual("/opt/stackstorm/packs/yolo_ci/lib", lib_path)
Beispiel #15
0
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))

        # Verify that same set of parameters always results in the same hash
        parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}, 'b': u'unicode'}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash).hexdigest()

        parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'b': u'unicode', 'd': {'g': 1, 'h': 2}}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
Beispiel #16
0
    def test_get_uid(self):
        pack_1_db = PackDB(ref='test_pack')
        pack_2_db = PackDB(ref='examples')

        self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack')
        self.assertEqual(pack_2_db.get_uid(), 'pack:examples')

        action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action')
        action_2_db = ActionDB(pack='core', name='local', ref='core.local')
        self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action')
        self.assertEqual(action_2_db.get_uid(), 'action:core:local')
Beispiel #17
0
    def test_get_uid(self):
        pack_1_db = PackDB(ref="test_pack")
        pack_2_db = PackDB(ref="examples")

        self.assertEqual(pack_1_db.get_uid(), "pack:test_pack")
        self.assertEqual(pack_2_db.get_uid(), "pack:examples")

        action_1_db = ActionDB(pack="examples",
                               name="my_action",
                               ref="examples.my_action")
        action_2_db = ActionDB(pack="core", name="local", ref="core.local")
        self.assertEqual(action_1_db.get_uid(), "action:examples:my_action")
        self.assertEqual(action_2_db.get_uid(), "action:core:local")
Beispiel #18
0
    def test_get_uid(self):
        pack_db = PackDB(ref="ma_pack")
        self.assertEqual(pack_db.get_uid(), "pack:ma_pack")
        self.assertTrue(pack_db.has_valid_uid())

        sensor_type_db = SensorTypeDB(name="sname", pack="spack")
        self.assertEqual(sensor_type_db.get_uid(), "sensor_type:spack:sname")
        self.assertTrue(sensor_type_db.has_valid_uid())

        action_db = ActionDB(name="aname", pack="apack", runner_type={})
        self.assertEqual(action_db.get_uid(), "action:apack:aname")
        self.assertTrue(action_db.has_valid_uid())

        rule_db = RuleDB(name="rname", pack="rpack")
        self.assertEqual(rule_db.get_uid(), "rule:rpack:rname")
        self.assertTrue(rule_db.has_valid_uid())

        trigger_type_db = TriggerTypeDB(name="ttname", pack="ttpack")
        self.assertEqual(trigger_type_db.get_uid(), "trigger_type:ttpack:ttname")
        self.assertTrue(trigger_type_db.has_valid_uid())

        trigger_db = TriggerDB(name="tname", pack="tpack")
        self.assertTrue(trigger_db.get_uid().startswith("trigger:tpack:tname:"))

        # Verify that same set of parameters always results in the same hash
        parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()

        parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {"b": "unicode", "c": [1, 2, 3], "d": {"h": 2, "g": 1}, "a": 1}
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = OrderedDict(
            {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
        )
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        policy_type_db = PolicyTypeDB(resource_type="action", name="concurrency")
        self.assertEqual(policy_type_db.get_uid(), "policy_type:action:concurrency")
        self.assertTrue(policy_type_db.has_valid_uid())

        policy_db = PolicyDB(pack="dummy", name="policy1")
        self.assertEqual(policy_db.get_uid(), "policy:dummy:policy1")

        api_key_db = ApiKeyDB(key_hash="valid")
        self.assertEqual(api_key_db.get_uid(), "api_key:valid")
        self.assertTrue(api_key_db.has_valid_uid())

        api_key_db = ApiKeyDB()
        self.assertEqual(api_key_db.get_uid(), "api_key:")
        self.assertFalse(api_key_db.has_valid_uid())
Beispiel #19
0
    def user_has_resource_db_permission(self, user_db, resource_db,
                                        permission_type):
        log_context = {
            'user_db': user_db,
            'resource_db': resource_db,
            'permission_type': permission_type,
            'resolver': self.__class__.__name__
        }
        self._log('Checking user resource permissions', extra=log_context)

        # First check the system role permissions
        has_system_role_permission = self._user_has_system_role_permission(
            user_db=user_db, permission_type=permission_type)

        if has_system_role_permission:
            self._log('Found a matching grant via system role',
                      extra=log_context)
            return True

        # Check custom roles
        rule_spec = getattr(resource_db, 'rule', None)
        rule_uid = rule_spec.uid
        rule_id = rule_spec.id
        rule_pack = ResourceReference.get_pack(rule_spec.ref)

        if not rule_uid or not rule_id or not rule_pack:
            LOG.error(
                'Rule UID or ID or PACK not present in enforcement object. ' +
                ('UID = %s, ID = %s, PACK = %s' %
                 (rule_uid, rule_id, rule_pack)) +
                'Cannot assess access permissions without it. Defaulting to DENY.'
            )
            return False

        # TODO: Add utility methods for constructing uids from parts
        pack_db = PackDB(ref=rule_pack)
        rule_pack_uid = pack_db.get_uid()

        rule_permission_type = None
        if permission_type == PermissionType.RULE_ENFORCEMENT_VIEW:
            rule_permission_type = PermissionType.RULE_VIEW
        elif permission_type == PermissionType.RULE_ENFORCEMENT_LIST:
            rule_permission_type = PermissionType.RULE_LIST
        else:
            raise ValueError('Invalid permission type: %s' % (permission_type))

        permission_types = [PermissionType.RULE_ALL, rule_permission_type]

        view_permission_type = PermissionType.get_permission_type(
            resource_type=ResourceType.RULE, permission_name='view')

        if rule_permission_type == view_permission_type:
            permission_types = (
                RulePermissionsResolver.view_grant_permission_types[:] +
                [rule_permission_type])

        # Check grants on the pack of the rule to which enforcement belongs to
        resource_types = [ResourceType.PACK]
        permission_grants = get_all_permission_grants_for_user(
            user_db=user_db,
            resource_uid=rule_pack_uid,
            resource_types=resource_types,
            permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the enforcement rule parent pack',
                      extra=log_context)
            return True

        # Check grants on the rule the enforcement belongs to
        resource_types = [ResourceType.RULE]
        permission_grants = get_all_permission_grants_for_user(
            user_db=user_db,
            resource_uid=rule_uid,
            resource_types=resource_types,
            permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the enforcement\'s rule.',
                      extra=log_context)
            return True

        self._log('No matching grants found', extra=log_context)
        return False
Beispiel #20
0
    def user_has_resource_db_permission(self, user_db, resource_db, permission_type):
        log_context = {
            'user_db': user_db,
            'resource_db': resource_db,
            'permission_type': permission_type,
            'resolver': self.__class__.__name__
        }
        self._log('Checking user resource permissions', extra=log_context)

        # First check the system role permissions
        has_system_role_permission = self._user_has_system_role_permission(
            user_db=user_db, permission_type=permission_type)

        if has_system_role_permission:
            self._log('Found a matching grant via system role', extra=log_context)
            return True

        # Check custom roles
        rule_spec = getattr(resource_db, 'rule', None)
        rule_uid = rule_spec.uid
        rule_id = rule_spec.id
        rule_pack = ResourceReference.get_pack(rule_spec.ref)

        if not rule_uid or not rule_id or not rule_pack:
            LOG.error('Rule UID or ID or PACK not present in enforcement object. ' +
                      ('UID = %s, ID = %s, PACK = %s' % (rule_uid, rule_id, rule_pack)) +
                      'Cannot assess access permissions without it. Defaulting to DENY.')
            return False

        # TODO: Add utility methods for constructing uids from parts
        pack_db = PackDB(ref=rule_pack)
        rule_pack_uid = pack_db.get_uid()

        rule_permission_type = None
        if permission_type == PermissionType.RULE_ENFORCEMENT_VIEW:
            rule_permission_type = PermissionType.RULE_VIEW
        elif permission_type == PermissionType.RULE_ENFORCEMENT_LIST:
            rule_permission_type = PermissionType.RULE_LIST
        else:
            raise ValueError('Invalid permission type: %s' % (permission_type))

        permission_types = [PermissionType.RULE_ALL, rule_permission_type]

        view_permission_type = PermissionType.get_permission_type(resource_type=ResourceType.RULE,
                                                                  permission_name='view')

        if rule_permission_type == view_permission_type:
            permission_types = (RulePermissionsResolver.view_grant_permission_types[:] +
                                [rule_permission_type])

        # Check grants on the pack of the rule to which enforcement belongs to
        resource_types = [ResourceType.PACK]
        permission_grants = get_all_permission_grants_for_user(user_db=user_db,
                                                               resource_uid=rule_pack_uid,
                                                               resource_types=resource_types,
                                                               permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the enforcement rule parent pack', extra=log_context)
            return True

        # Check grants on the rule the enforcement belongs to
        resource_types = [ResourceType.RULE]
        permission_grants = get_all_permission_grants_for_user(user_db=user_db,
                                                               resource_uid=rule_uid,
                                                               resource_types=resource_types,
                                                               permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the enforcement\'s rule.', extra=log_context)
            return True

        self._log('No matching grants found', extra=log_context)
        return False
Beispiel #21
0
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
        self.assertTrue(pack_db.has_valid_uid())

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
        self.assertTrue(sensor_type_db.has_valid_uid())

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')
        self.assertTrue(action_db.has_valid_uid())

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
        self.assertTrue(rule_db.has_valid_uid())

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
        self.assertTrue(trigger_type_db.has_valid_uid())

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))

        # Verify that same set of parameters always results in the same hash
        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()

        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
        self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')
        self.assertTrue(policy_type_db.has_valid_uid())

        policy_db = PolicyDB(pack='dummy', name='policy1')
        self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')

        api_key_db = ApiKeyDB(key_hash='valid')
        self.assertEqual(api_key_db.get_uid(), 'api_key:valid')
        self.assertTrue(api_key_db.has_valid_uid())

        api_key_db = ApiKeyDB()
        self.assertEqual(api_key_db.get_uid(), 'api_key:')
        self.assertFalse(api_key_db.has_valid_uid())
Beispiel #22
0
    def user_has_resource_db_permission(self, user_db, resource_db, permission_type):
        log_context = {
            'user_db': user_db,
            'resource_db': resource_db,
            'permission_type': permission_type,
            'resolver': self.__class__.__name__
        }
        self._log('Checking user resource permissions', extra=log_context)

        # First check the system role permissions
        has_system_role_permission = self._user_has_system_role_permission(
            user_db=user_db, permission_type=permission_type)

        if has_system_role_permission:
            self._log('Found a matching grant via system role', extra=log_context)
            return True

        # Check custom roles
        action = resource_db['action']

        # TODO: Add utility methods for constructing uids from parts
        pack_db = PackDB(ref=action['pack'])

        action_uid = action['uid']
        action_pack_uid = pack_db.get_uid()

        # Note: "action_execute" also grants / implies "execution_re_run" and "execution_stop"
        if permission_type == PermissionType.EXECUTION_VIEW:
            action_permission_type = PermissionType.ACTION_VIEW
        elif permission_type in [PermissionType.EXECUTION_RE_RUN,
                                 PermissionType.EXECUTION_STOP]:
            action_permission_type = PermissionType.ACTION_EXECUTE
        elif permission_type == PermissionType.EXECUTION_ALL:
            action_permission_type = PermissionType.ACTION_ALL
        else:
            raise ValueError('Invalid permission type: %s' % (permission_type))

        # Check grants on the pack of the action to which execution belongs to
        resource_types = [ResourceType.PACK]
        permission_types = [PermissionType.ACTION_ALL, action_permission_type]
        permission_grants = get_all_permission_grants_for_user(user_db=user_db,
                                                               resource_uid=action_pack_uid,
                                                               resource_types=resource_types,
                                                               permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the execution action parent pack', extra=log_context)
            return True

        # Check grants on the action the execution belongs to
        resource_types = [ResourceType.ACTION]
        permission_types = [PermissionType.ACTION_ALL, action_permission_type]
        permission_grants = get_all_permission_grants_for_user(user_db=user_db,
                                                               resource_uid=action_uid,
                                                               resource_types=resource_types,
                                                               permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the execution action', extra=log_context)
            return True

        self._log('No matching grants found', extra=log_context)
        return False
Beispiel #23
0
import os
import time

from mock import (MagicMock, Mock, patch)
import unittest2

from st2reactor.container.process_container import ProcessSensorContainer
from st2common.util import concurrency
from st2common.models.db.pack import PackDB
from st2common.persistence.pack import Pack

import st2tests.config as tests_config
tests_config.parse_args()

MOCK_PACK_DB = PackDB(ref='wolfpack',
                      name='wolf pack',
                      description='',
                      path='/opt/stackstorm/packs/wolfpack/')


class ProcessContainerTests(unittest2.TestCase):
    def test_no_sensors_dont_quit(self):
        process_container = ProcessSensorContainer(None, poll_interval=0.1)
        process_container_thread = concurrency.spawn(process_container.run)
        concurrency.sleep(0.5)
        self.assertEqual(process_container.running(), 0)
        self.assertEqual(process_container.stopped(), False)
        process_container.shutdown()
        process_container_thread.kill()

    @patch.object(ProcessSensorContainer, '_get_sensor_id',
                  MagicMock(return_value='wolfpack.StupidSensor'))
Beispiel #24
0
    def user_has_resource_db_permission(self, user_db, resource_db,
                                        permission_type):
        log_context = {
            'user_db': user_db,
            'resource_db': resource_db,
            'permission_type': permission_type,
            'resolver': self.__class__.__name__
        }
        self._log('Checking user resource permissions', extra=log_context)

        # First check the system role permissions
        has_system_role_permission = self._user_has_system_role_permission(
            user_db=user_db, permission_type=permission_type)

        if has_system_role_permission:
            self._log('Found a matching grant via system role',
                      extra=log_context)
            return True

        # Check custom roles
        action = resource_db['action']

        # TODO: Add utility methods for constructing uids from parts
        pack_db = PackDB(ref=action['pack'])

        action_uid = action['uid']
        action_pack_uid = pack_db.get_uid()

        # Note: "action_execute" also grants / implies "execution_re_run" and "execution_stop"
        if permission_type == PermissionType.EXECUTION_VIEW:
            action_permission_type = PermissionType.ACTION_VIEW
        elif permission_type in [
                PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP
        ]:
            action_permission_type = PermissionType.ACTION_EXECUTE
        elif permission_type == PermissionType.EXECUTION_ALL:
            action_permission_type = PermissionType.ACTION_ALL
        else:
            raise ValueError('Invalid permission type: %s' % (permission_type))

        # Check grants on the pack of the action to which execution belongs to
        resource_types = [ResourceType.PACK]
        permission_types = [PermissionType.ACTION_ALL, action_permission_type]
        permission_grants = get_all_permission_grants_for_user(
            user_db=user_db,
            resource_uid=action_pack_uid,
            resource_types=resource_types,
            permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the execution action parent pack',
                      extra=log_context)
            return True

        # Check grants on the action the execution belongs to
        resource_types = [ResourceType.ACTION]
        permission_types = [PermissionType.ACTION_ALL, action_permission_type]
        permission_grants = get_all_permission_grants_for_user(
            user_db=user_db,
            resource_uid=action_uid,
            resource_types=resource_types,
            permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the execution action',
                      extra=log_context)
            return True

        self._log('No matching grants found', extra=log_context)
        return False
Beispiel #25
0
from mock import MagicMock, Mock, patch
import unittest2

from st2reactor.container.process_container import ProcessSensorContainer
from st2common.util import concurrency
from st2common.models.db.pack import PackDB
from st2common.persistence.pack import Pack

import st2tests.config as tests_config

tests_config.parse_args()

MOCK_PACK_DB = PackDB(
    ref="wolfpack",
    name="wolf pack",
    description="",
    path="/opt/stackstorm/packs/wolfpack/",
)


class ProcessContainerTests(unittest2.TestCase):
    def test_no_sensors_dont_quit(self):
        process_container = ProcessSensorContainer(None, poll_interval=0.1)
        process_container_thread = concurrency.spawn(process_container.run)
        concurrency.sleep(0.5)
        self.assertEqual(process_container.running(), 0)
        self.assertEqual(process_container.stopped(), False)
        process_container.shutdown()
        process_container_thread.kill()

    @patch.object(