def test_load_role_definition_validation_error(self):
loader = RBACDefinitionsLoader()
# Invalid permission which doesn't apply to the resource in question
file_path = os.path.join(get_fixtures_base_path(),
'rbac_invalid/roles/role_one.yaml')
expected_msg = 'Invalid permission type "rule_all" for resource type "action"'
self.assertRaisesRegexp(ValueError,
expected_msg,
loader.load_role_definition_from_file,
file_path=file_path)
# Invalid permission type which doesn't exist
file_path = os.path.join(get_fixtures_base_path(),
'rbac_invalid/roles/role_two.yaml')
expected_msg = '.*Failed validating \'enum\'.*'
self.assertRaisesRegexp(jsonschema.ValidationError,
expected_msg,
loader.load_role_definition_from_file,
file_path=file_path)
def test_load_role_definition_success(self):
loader = RBACDefinitionsLoader()
file_path = os.path.join(get_fixtures_base_path(), 'rbac/roles/role_three.yaml')
role_definition_api = loader.load_role_definition_from_file(file_path=file_path)
self.assertEqual(role_definition_api.name, 'role_three')
self.assertTrue('all the pack permissions on pack dummy_pack_1' in
role_definition_api.description)
self.assertEqual(len(role_definition_api.permission_grants), 4)
self.assertEqual(role_definition_api.permission_grants[0]['resource_uid'],
'pack:dummy_pack_1')
self.assertEqual(role_definition_api.permission_grants[1]['resource_uid'],
'pack:dummy_pack_2')
self.assertTrue('rule_view' in role_definition_api.permission_grants[1]['permission_types'])
self.assertEqual(role_definition_api.permission_grants[2]['permission_types'],
['action_execute'])
self.assertEqual(role_definition_api.permission_grants[3]['resource_uid'], None)
self.assertEqual(role_definition_api.permission_grants[3]['permission_types'],
['action_list', 'rule_list'])
def test_load_group_to_role_mappings_success(self):
loader = RBACDefinitionsLoader()
file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_one.yaml')
role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path)
self.assertEqual(role_mapping_api.group, 'some ldap group')
self.assertEqual(role_mapping_api.roles, ['pack_admin'])
self.assertEqual(role_mapping_api.description, None)
self.assertTrue(role_mapping_api.enabled)
self.assertTrue(role_mapping_api.file_path.endswith('mappings/mapping_one.yaml'))
file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_two.yaml')
role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path)
self.assertEqual(role_mapping_api.group, 'CN=stormers,OU=groups,DC=stackstorm,DC=net')
self.assertEqual(role_mapping_api.roles, ['role_one', 'role_two', 'role_three'])
self.assertEqual(role_mapping_api.description, 'Grant 3 roles to stormers group members')
self.assertFalse(role_mapping_api.enabled)
self.assertEqual(role_mapping_api.file_path, 'mappings/mapping_two.yaml')
def test_file_paths_sorting(self, mock_glob):
mock_glob.return_value = [
'/tmp/bar/d.yaml', '/tmp/bar/c.yaml', '/tmp/foo/a.yaml',
'/tmp/a/f.yaml'
]
expected_result = [
'/tmp/foo/a.yaml', '/tmp/bar/c.yaml', '/tmp/bar/d.yaml',
'/tmp/a/f.yaml'
]
loader = RBACDefinitionsLoader()
file_paths = loader._get_role_definitions_file_paths()
self.assertEqual(file_paths, expected_result)
file_paths = loader._get_role_assiginments_file_paths()
self.assertEqual(file_paths, expected_result)
file_paths = loader._get_group_to_role_maps_file_paths()
self.assertEqual(file_paths, expected_result)
def test_load_group_to_role_mappings_missing_mandatory_attribute(self):
loader = RBACDefinitionsLoader()
file_path = os.path.join(
get_fixtures_base_path(),
'rbac_invalid/mappings/mapping_one_missing_roles.yaml')
expected_msg = '\'roles\' is a required property'
self.assertRaisesRegexp(
jsonschema.ValidationError,
expected_msg,
loader.load_group_to_role_map_assignment_from_file,
file_path=file_path)
file_path = os.path.join(
get_fixtures_base_path(),
'rbac_invalid/mappings/mapping_two_missing_group.yaml')
expected_msg = '\'group\' is a required property'
self.assertRaisesRegexp(
jsonschema.ValidationError,
expected_msg,
loader.load_group_to_role_map_assignment_from_file,
file_path=file_path)
