def __init__(self, auth_context=None, role=None):
"""Class constructor to match the roles of the system with a given authorization context
:param auth_context: Authorization context to be checked
:param role: Roles(list)/Role/None(All roles in the system) to be checked against the authorization context
"""
if auth_context is None:
auth_context = '{}'
self.authorization_context = json.loads(auth_context)
# All roles in the system
if role is None:
with orm.RolesManager() as rm:
self.roles_list = rm.get_roles()
for role in self.roles_list:
role.rule = json.loads(role.rule)
else:
# One single role
if not isinstance(role, list):
self.roles_list = [role]
self.roles_list[0].rule = json.loads(role.rule)
# role is a list of roles
elif isinstance(role, list):
self.roles_list = role
for role in self.roles_list:
role.rule = json.loads(role.rule)
def __init__(self, auth_context=None, role=None, user_id=None):
"""Class constructor to match the roles of the system with a given authorization context
Parameters
----------
auth_context : dict or str
Authorization context to be checked
role : list of Roles or Role or None
Roles(list)/Role/None(All roles in the system) to be checked against the authorization context
user_id : int
Current user_id
"""
self.user_id = user_id
if auth_context is None:
auth_context = '{}'
try:
self.authorization_context = json.loads(auth_context)
except TypeError:
self.authorization_context = auth_context
if role is None:
# All system's roles
with orm.RolesManager() as rm:
roles_list = map(orm.Roles.to_dict, rm.get_roles())
else:
roles_list = [role] if not isinstance(role, list) else role
with orm.RolesManager() as rm:
with orm.RulesManager() as rum:
processed_roles_list = list()
for role in roles_list:
rules = list()
for rule in rm.get_role_id(role_id=role['id'])['rules']:
rules.append(rum.get_rule(rule))
if len(rules) > 0:
processed_roles_list.append(role)
processed_roles_list[-1]['rules'] = rules
self.roles_list = processed_roles_list
def test_migrate_default_policies(new_default_resources):
"""Check that the migration process overwrites default policies in the user range including their relationships
and positions."""
def mock_open_default_resources(*args, **kwargs):
args = list(args)
file_path = args[0]
if file_path.endswith('policies.yaml'):
new_args = [
os.path.join(test_data_path, 'default',
'migration_policies.yml')
]
elif file_path.endswith('relationships.yaml'):
new_args = [
os.path.join(test_data_path, 'default',
'mock_relationships.yml')
]
else:
new_args = [file_path]
new_args += args[1:]
return open(*new_args, **kwargs)
security, orm = new_default_resources
with orm.RolesManager() as rm:
role1, role2 = rm.get_role('new_role1')['id'], rm.get_role(
'new_role2')['id']
policy1, policy2 = 'new_policy1', 'new_policy2'
user_policy = 'user_policy'
with orm.PoliciesManager() as pm:
policies = sorted([p.id for p in pm.get_policies()]) or [1]
max_default_policy_id = max(
filter(lambda x: not (x > orm.cloud_reserved_range), policies))
with orm.RolesPoliciesManager() as rpm:
role1_policies = [
p.id for p in rpm.get_all_policies_from_role(role_id=role1)
]
role2_policies = [
p.id for p in rpm.get_all_policies_from_role(role_id=role2)
]
# Assert these new policies are in the user range
with orm.PoliciesManager() as pm:
policy1_id = pm.get_policy(policy1)['id']
policy2_id = pm.get_policy(policy2)['id']
user_policy_id = pm.get_policy(user_policy)['id']
assert policy1_id > orm.max_id_reserved
assert policy2_id > orm.max_id_reserved
assert user_policy_id > orm.max_id_reserved
assert {policy1_id, policy2_id, user_policy_id} == set(role1_policies)
assert {policy1_id, policy2_id, user_policy_id} == set(role2_policies)
with patch('wazuh.rbac.orm.open', side_effect=mock_open_default_resources):
security, orm = reload_default_rbac_resources()
with orm.RolesPoliciesManager() as rpm:
new_role1_policies = [
p.id for p in rpm.get_all_policies_from_role(role_id=role1)
]
new_role2_policies = [
p.id for p in rpm.get_all_policies_from_role(role_id=role2)
]
new_policy1_id, new_policy2_id = max_default_policy_id + 1, max_default_policy_id + 2
with orm.PoliciesManager() as pm:
assert new_policy1_id == pm.get_policy(policy1)['id']
assert new_policy2_id == pm.get_policy(policy2)['id']
assert role1_policies.index(policy1_id) == new_role1_policies.index(
new_policy1_id)
assert role1_policies.index(policy2_id) == new_role1_policies.index(
new_policy2_id)
assert role2_policies.index(policy1_id) == new_role2_policies.index(
new_policy1_id)
assert role2_policies.index(policy2_id) == new_role2_policies.index(
new_policy2_id)
assert role1_policies.index(user_policy_id) == new_role1_policies.index(
user_policy_id)
assert role2_policies.index(user_policy_id) == new_role2_policies.index(
user_policy_id)