def test_delete_policies(db):
model = model_helper.add_model(model_id=uuid4().hex)
model_id = next(iter(model))
policy_name1 = uuid4().hex
value = {
"name": policy_name1,
"model_id": model_id,
"genre": "authz",
"description": "test",
}
policies = policy_helper.add_policies(value=value)
policy_id1 = list(policies.keys())[0]
policy_name2 = uuid4().hex
value = {
"name": policy_name2,
"model_id": model_id,
"genre": "authz",
"description": "test",
}
policies = policy_helper.add_policies(value=value)
policy_id2 = list(policies.keys())[0]
assert policy_id1 != policy_id2
policy_helper.delete_policies(policy_id1)
policies = policy_helper.get_policies()
assert policy_id1 not in policies
def test_perimeter_add_same_subject_perimeter_id_with_new_policy_id():
client = utilities.register_client()
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
name = "testuser"
perimeter_id = uuid4().hex
data = {
"name": name + uuid4().hex,
"description": "description of {}".format(name),
"password": "******".format(name),
"email": "{}@moon".format(name)
}
add_subjects(client,
policy_id1,
data['name'],
perimeter_id=perimeter_id,
data=data)
policies2 = policy_helper.add_policies()
policy_id2 = list(policies2.keys())[0]
req, subjects = add_subjects(client,
policy_id2,
data['name'],
perimeter_id=perimeter_id,
data=data)
value = list(subjects["subjects"].values())[0]
assert req.status_code == 200
assert value["name"]
assert value["email"]
assert len(value['policy_list']) == 2
assert policy_id1 in value['policy_list']
assert policy_id2 in value['policy_list']
def get_policy_id():
from helpers import policy_helper
value = {
"name": "test_policy" + uuid4().hex,
"model_id": "",
"genre": "authz",
"description": "test",
}
policy_helper.add_policies(value=value)
req = policy_helper.get_policies()
policy_id = list(req.keys())[0]
return policy_id
def test_add_policies_twice_with_same_id(db):
policy_id = 'policy_id_1'
model = model_helper.add_model(model_id=uuid4().hex)
model_id = next(iter(model))
value = {
"name": "test_policy",
"model_id": model_id,
"genre": "authz",
"description": "test",
}
policy_helper.add_policies(policy_id, value)
with pytest.raises(PolicyExisting) as exception_info:
policy_helper.add_policies(policy_id, value)
assert str(exception_info.value) == '409: Policy Already Exists'
def test_add_policies_twice_with_same_name(db):
model = model_helper.add_model(model_id=uuid4().hex)
model_id = next(iter(model))
policy_name=uuid4().hex
value = {
"name": policy_name,
"model_id": model_id,
"genre": "authz",
"description": "test",
}
policy_helper.add_policies(value=value)
with pytest.raises(Exception) as exception_info:
policy_helper.add_policies(value=value)
assert str(exception_info.value) == '409: Policy Already Exists'
assert str(exception_info.value.description)== 'Policy name Existed'
def test_perimeter_add_same_subject_perimeter_id_with_different_name():
client = utilities.register_client()
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
perimeter_id = uuid4().hex
add_subjects(client, policy_id1, "testuser", perimeter_id=perimeter_id)
policies2 = policy_helper.add_policies()
policy_id2 = list(policies2.keys())[0]
req, subjects = add_subjects(client,
policy_id2,
"testuser",
perimeter_id=perimeter_id)
assert req.status_code == 400
assert json.loads(
req.data)["message"] == '400: Perimeter content is invalid.'
def test_perimeter_add_same_subject_name_with_same_policy_id():
client = utilities.register_client()
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
perimeter_id = uuid4().hex
name = "testuser" + uuid4().hex
data = {
"name": name,
"description": "description of {}".format(name),
"password": "******".format(name),
"email": "{}@moon".format(name)
}
req, subjects = add_subjects(client,
policy_id1,
None,
perimeter_id=perimeter_id,
data=data)
value = list(subjects["subjects"].values())[0]
data = {
"name": value['name'],
"description": "description of {}".format(value['name']),
"password": "******".format(value['name']),
"email": "{}@moon".format(value['name'])
}
req, subjects = add_subjects(client, policy_id1, None, data=data)
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_perimeter_update_object_name_with_existed_one():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data1 = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data1)
value1 = list(objects["objects"].values())[0]
name = 'testuser' + uuid4().hex
data2 = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data2)
value2 = list(objects["objects"].values())[0]
perimeter_id2 = value2['id']
data3 = {'name': value1['name']}
req = client.patch("/objects/{}".format(perimeter_id2),
data=json.dumps(data3),
headers={'Content-Type': 'application/json'})
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Object Existing'
def test_perimeter_update_object_description_and_name():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data)
value1 = list(objects["objects"].values())[0]
perimeter_id = value1['id']
data = {
'name': value1['name'] + "update",
'description': value1['description'] + "update"
}
req = client.patch("/objects/{}".format(perimeter_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
objects = utilities.get_json(req.data)
value2 = list(objects["objects"].values())[0]
assert req.status_code == 200
assert value1['name'] + 'update' == value2['name']
assert value1['id'] == value2['id']
assert value1['description'] + 'update' == value2['description']
def test_update_policy_name_with_existed_one(db):
policies = policy_helper.add_policies()
policy_id1 = list(policies.keys())[0]
policy_name = uuid4().hex
value = {
"name": policy_name,
"model_id": policies[policy_id1]['model_id'],
"genre": "authz",
"description": "test-3",
}
policy_helper.add_policies(value=value)
with pytest.raises(PolicyExisting) as exception_info:
policy_helper.update_policy(policy_id=policy_id1,value=value)
assert str(exception_info.value) == '409: Policy Already Exists'
assert str(exception_info.value.description)== 'Policy name Existed'
def test_perimeter_delete_object():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
object_id = builder.create_object(policy_id)
req = client.delete("/policies/{}/objects/{}".format(policy_id, object_id))
assert req.status_code == 200
def get_policy_id(model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1", category_prefix=""):
category_helper.add_subject_category(
category_prefix + "subject_category_id1",
value={"name": category_prefix + "subject_category_id1",
"description": "description 1"})
category_helper.add_subject_category(
category_prefix + "subject_category_id2",
value={"name": category_prefix + "subject_category_id2",
"description": "description 1"})
category_helper.add_object_category(
category_prefix + "object_category_id1",
value={"name": category_prefix + "object_category_id1",
"description": "description 1"})
category_helper.add_action_category(
category_prefix + "action_category_id1",
value={"name": category_prefix + "action_category_id1",
"description": "description 1"})
meta_rule = meta_rule_helper.add_meta_rule(value=create_meta_rule(meta_rule_name, category_prefix))
meta_rule_id = list(meta_rule.keys())[0]
model = model_helper.add_model(value=create_model(meta_rule_id, model_name))
model_id = list(model.keys())[0]
value = create_policy(model_id, policy_name)
policy = policy_helper.add_policies(value=value)
assert policy
policy_id = list(policy.keys())[0]
return policy_id
def test_perimeter_update_subject_wrong_id():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, subjects = add_subjects(client,
policy_id=policy_id1,
name='testuser',
data=data)
value1 = list(subjects["subjects"].values())[0]
perimeter_id = value1['id']
data = {
'name': value1['name'] + "update",
'description': value1['description'] + "update"
}
req = client.patch("/subjects/{}".format(perimeter_id + "wrong"),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
assert req.status_code == 400
assert json.loads(
req.data)["message"] == '400: Perimeter content is invalid.'
def test_delete_model_assigned_to_policy(db):
model_value1 = {"name": "MLS", "description": "test", "meta_rules": []}
models = model_helper.add_model(value=model_value1)
assert isinstance(models, dict)
assert models
assert len(models.keys()) == 1
model_id = list(models.keys())[0]
value = {
"name": "test_policy",
"model_id": model_id,
"genre": "authz",
"description": "test",
}
policy_helper.add_policies(value=value)
with pytest.raises(DeleteModelWithPolicy) as exception_info:
model_helper.delete_models(uuid=model_id)
assert str(exception_info.value) == '400: Model With Policy Error'
def test_delete_policies():
client = utilities.register_client()
policy = policy_helper.add_policies()
policy_id = list(policy.keys())[0]
req = client.delete("/policies/{}".format(policy_id))
assert req.status_code == 200
def test_perimeter_delete_subject():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
req, subjects = add_subjects(client, policy_id, "testuser")
subject_id = list(subjects["subjects"].values())[0]["id"]
req = client.delete("/policies/{}/subjects/{}".format(
policy_id, subject_id))
assert req.status_code == 200
def test_perimeter_add_subject():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
req, subjects = add_subjects(client, policy_id, "testuser")
value = list(subjects["subjects"].values())[0]
assert req.status_code == 200
assert value["name"]
assert value["email"]
def test_delete_actions_without_policy():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
action_id = builder.create_action(policy_id)
req = client.delete("/actions/{}".format(action_id))
assert req.status_code == 400
assert json.loads(req.data)["message"] == "400: Policy Unknown"
def test_perimeter_add_subject_invalid_policy_id():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
name = "testuser"
data = {
"name": name + uuid4().hex,
"description": "description of {}".format(name),
"password": "******".format(name),
"email": "{}@moon".format(name)
}
req, subjects = add_subjects(client, policy_id + "0", "testuser", data)
assert req.status_code == 400
assert json.loads(req.data)["message"] == '400: Policy Unknown'
def test_update_policy(db):
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
value = {
"name": "test_policy4",
"model_id": policies[policy_id]['model_id'],
"genre": "authz",
"description": "test-3",
}
updated_policy = policy_helper.update_policy(policy_id, value)
assert updated_policy
for key in ("genre", "name", "model_id", "description"):
assert key in updated_policy[policy_id]
assert updated_policy[policy_id][key] == value[key]
def test_delete_policies_with_action_perimeter(db):
policies = policy_helper.add_policies()
policy_id1 = list(policies.keys())[0]
value = {
"name": "test_act",
"security_pipeline": [policy_id1],
"keystone_project_id": "keystone_project_id1",
"description": "...",
}
data_helper.add_action(policy_id=policy_id1, value=value)
with pytest.raises(DeletePolicyWithPerimeter) as exception_info:
policy_helper.delete_policies(policy_id1)
assert '400: Policy With Perimeter Error' == str(exception_info.value)
def test_delete_policies_with_pdp(db):
policies = policy_helper.add_policies()
policy_id1 = list(policies.keys())[0]
pdp_id = "pdp_id1"
value = {
"name": "test_pdp",
"security_pipeline": [policy_id1],
"keystone_project_id": "keystone_project_id1",
"description": "...",
}
pdp_helper.add_pdp(pdp_id=pdp_id, value=value)
with pytest.raises(DeletePolicyWithPdp) as exception_info:
policy_helper.delete_policies(policy_id1)
assert str(exception_info.value) == '400: Policy With PDP Error'
assert 'Cannot delete policy with pdp' == exception_info.value.description
def test_perimeter_add_same_action_name_with_same_policy_id():
client = utilities.register_client()
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
req, action = add_actions(client, "testuser", policy_id=policy_id1)
value1 = list(action["actions"].values())[0]
data = {
"name": value1['name'],
"description": "description of {}".format('testuser'),
}
req, action = add_actions(client,
'testuser',
policy_id=policy_id1,
data=data)
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_add_policies(db):
model = model_helper.add_model(model_id=uuid4().hex)
model_id = next(iter(model))
value = {
"name": "test_policy",
"model_id": model_id,
"genre": "authz",
"description": "test",
}
policies = policy_helper.add_policies(value=value)
assert isinstance(policies, dict)
assert policies
assert len(policies.keys()) == 1
policy_id = list(policies.keys())[0]
for key in ("genre", "name", "model_id", "description"):
assert key in policies[policy_id]
assert policies[policy_id][key] == value[key]
def test_perimeter_update_subject_name():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
req, subjects = add_subjects(client, policy_id, "testuser")
value1 = list(subjects["subjects"].values())[0]
perimeter_id = value1['id']
data = {'name': value1['name'] + "update"}
req = client.patch("/subjects/{}".format(perimeter_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
subjects = utilities.get_json(req.data)
value2 = list(subjects["subjects"].values())[0]
assert req.status_code == 200
assert value1['name'] + 'update' == value2['name']
assert value1['id'] == value2['id']
assert value1['description'] == value2['description']
def test_perimeter_add_same_action_perimeter_id_with_different_name():
client = utilities.register_client()
req, action = add_actions(client, "testuser")
value1 = list(action["actions"].values())[0]
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": value1['name'] + 'different',
"description": "description of {}".format('testuser'),
}
req, action = add_actions(client,
'testuser',
policy_id=policy_id1,
data=data,
perimeter_id=value1['id'])
assert req.status_code == 400
assert json.loads(
req.data)["message"] == '400: Perimeter content is invalid.'
def test_perimeter_add_same_action_name_with_new_policy_id():
client = utilities.register_client()
req, action = add_actions(client, "testuser")
value1 = list(action["actions"].values())[0]
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": value1['name'],
"description": "description of {}".format('testuser'),
}
req, action = add_actions(client,
'testuser',
policy_id=policy_id1,
data=data)
value2 = list(action["actions"].values())[0]
assert req.status_code == 200
assert value1['id'] == value2['id']
assert value1['name'] == value2['name']
def test_delete_policy_with_dependencies_perimeter():
client = utilities.register_client()
policy = policy_helper.add_policies()
policy_id = next(iter(policy))
data = {
"name": 'testuser'+uuid4().hex,
"description": "description of {}".format(uuid4().hex),
"password": "******".format(uuid4().hex),
"email": "{}@moon".format(uuid4().hex)
}
req = client.post("/policies/{}/subjects".format(policy_id), data=json.dumps(data),
headers={'Content-Type': 'application/json'})
assert req.status_code == 200
req = client.delete("/policies/{}".format(policy_id))
assert req.status_code == 400
assert json.loads(req.data)["message"] == '400: Policy With Perimeter Error'
def test_perimeter_add_same_object_name_with_same_policy_id():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data)
value = list(objects["objects"].values())[0]
assert req.status_code == 200
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data)
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_update_models_with_assigned_policy():
client = utilities.register_client()
model = model_helper.add_model(model_id="mls_model_id" + uuid4().hex)
model_id = list(model.keys())[0]
value = {
"name": "test_policy" + uuid4().hex,
"model_id": model_id,
"description": "test",
}
policy = policy_helper.add_policies(value=value)
data = {
"name": "model_" + uuid4().hex,
"description": "description of model_2",
"meta_rules": []
}
req = client.patch("/models/{}".format(model_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
assert req.status_code == 400
assert json.loads(req.data)["message"] == "400: Model With Policy Error"
