def test_delete_policies(db): model = model_helper.add_model(model_id=uuid4().hex) model_id = next(iter(model)) policy_name1 = uuid4().hex value = { "name": policy_name1, "model_id": model_id, "genre": "authz", "description": "test", } policies = policy_helper.add_policies(value=value) policy_id1 = list(policies.keys())[0] policy_name2 = uuid4().hex value = { "name": policy_name2, "model_id": model_id, "genre": "authz", "description": "test", } policies = policy_helper.add_policies(value=value) policy_id2 = list(policies.keys())[0] assert policy_id1 != policy_id2 policy_helper.delete_policies(policy_id1) policies = policy_helper.get_policies() assert policy_id1 not in policies
def test_perimeter_add_same_subject_perimeter_id_with_new_policy_id(): client = utilities.register_client() policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] name = "testuser" perimeter_id = uuid4().hex data = { "name": name + uuid4().hex, "description": "description of {}".format(name), "password": "******".format(name), "email": "{}@moon".format(name) } add_subjects(client, policy_id1, data['name'], perimeter_id=perimeter_id, data=data) policies2 = policy_helper.add_policies() policy_id2 = list(policies2.keys())[0] req, subjects = add_subjects(client, policy_id2, data['name'], perimeter_id=perimeter_id, data=data) value = list(subjects["subjects"].values())[0] assert req.status_code == 200 assert value["name"] assert value["email"] assert len(value['policy_list']) == 2 assert policy_id1 in value['policy_list'] assert policy_id2 in value['policy_list']
def get_policy_id(): from helpers import policy_helper value = { "name": "test_policy" + uuid4().hex, "model_id": "", "genre": "authz", "description": "test", } policy_helper.add_policies(value=value) req = policy_helper.get_policies() policy_id = list(req.keys())[0] return policy_id
def test_add_policies_twice_with_same_id(db): policy_id = 'policy_id_1' model = model_helper.add_model(model_id=uuid4().hex) model_id = next(iter(model)) value = { "name": "test_policy", "model_id": model_id, "genre": "authz", "description": "test", } policy_helper.add_policies(policy_id, value) with pytest.raises(PolicyExisting) as exception_info: policy_helper.add_policies(policy_id, value) assert str(exception_info.value) == '409: Policy Already Exists'
def test_add_policies_twice_with_same_name(db): model = model_helper.add_model(model_id=uuid4().hex) model_id = next(iter(model)) policy_name=uuid4().hex value = { "name": policy_name, "model_id": model_id, "genre": "authz", "description": "test", } policy_helper.add_policies(value=value) with pytest.raises(Exception) as exception_info: policy_helper.add_policies(value=value) assert str(exception_info.value) == '409: Policy Already Exists' assert str(exception_info.value.description)== 'Policy name Existed'
def test_perimeter_add_same_subject_perimeter_id_with_different_name(): client = utilities.register_client() policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] perimeter_id = uuid4().hex add_subjects(client, policy_id1, "testuser", perimeter_id=perimeter_id) policies2 = policy_helper.add_policies() policy_id2 = list(policies2.keys())[0] req, subjects = add_subjects(client, policy_id2, "testuser", perimeter_id=perimeter_id) assert req.status_code == 400 assert json.loads( req.data)["message"] == '400: Perimeter content is invalid.'
def test_perimeter_add_same_subject_name_with_same_policy_id(): client = utilities.register_client() policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] perimeter_id = uuid4().hex name = "testuser" + uuid4().hex data = { "name": name, "description": "description of {}".format(name), "password": "******".format(name), "email": "{}@moon".format(name) } req, subjects = add_subjects(client, policy_id1, None, perimeter_id=perimeter_id, data=data) value = list(subjects["subjects"].values())[0] data = { "name": value['name'], "description": "description of {}".format(value['name']), "password": "******".format(value['name']), "email": "{}@moon".format(value['name']) } req, subjects = add_subjects(client, policy_id1, None, data=data) assert req.status_code == 409 assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_perimeter_update_object_name_with_existed_one(): client = utilities.register_client() name = 'testuser' + uuid4().hex policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] data1 = { "name": name, "description": "description of {}".format('testuser'), } req, objects = add_objects(client, 'testuser', policyId=policy_id1, data=data1) value1 = list(objects["objects"].values())[0] name = 'testuser' + uuid4().hex data2 = { "name": name, "description": "description of {}".format('testuser'), } req, objects = add_objects(client, 'testuser', policyId=policy_id1, data=data2) value2 = list(objects["objects"].values())[0] perimeter_id2 = value2['id'] data3 = {'name': value1['name']} req = client.patch("/objects/{}".format(perimeter_id2), data=json.dumps(data3), headers={'Content-Type': 'application/json'}) assert req.status_code == 409 assert json.loads(req.data)["message"] == '409: Object Existing'
def test_perimeter_update_object_description_and_name(): client = utilities.register_client() name = 'testuser' + uuid4().hex policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] data = { "name": name, "description": "description of {}".format('testuser'), } req, objects = add_objects(client, 'testuser', policyId=policy_id1, data=data) value1 = list(objects["objects"].values())[0] perimeter_id = value1['id'] data = { 'name': value1['name'] + "update", 'description': value1['description'] + "update" } req = client.patch("/objects/{}".format(perimeter_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) objects = utilities.get_json(req.data) value2 = list(objects["objects"].values())[0] assert req.status_code == 200 assert value1['name'] + 'update' == value2['name'] assert value1['id'] == value2['id'] assert value1['description'] + 'update' == value2['description']
def test_update_policy_name_with_existed_one(db): policies = policy_helper.add_policies() policy_id1 = list(policies.keys())[0] policy_name = uuid4().hex value = { "name": policy_name, "model_id": policies[policy_id1]['model_id'], "genre": "authz", "description": "test-3", } policy_helper.add_policies(value=value) with pytest.raises(PolicyExisting) as exception_info: policy_helper.update_policy(policy_id=policy_id1,value=value) assert str(exception_info.value) == '409: Policy Already Exists' assert str(exception_info.value.description)== 'Policy name Existed'
def test_perimeter_delete_object(): client = utilities.register_client() policies = policy_helper.add_policies() policy_id = list(policies.keys())[0] object_id = builder.create_object(policy_id) req = client.delete("/policies/{}/objects/{}".format(policy_id, object_id)) assert req.status_code == 200
def get_policy_id(model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1", category_prefix=""): category_helper.add_subject_category( category_prefix + "subject_category_id1", value={"name": category_prefix + "subject_category_id1", "description": "description 1"}) category_helper.add_subject_category( category_prefix + "subject_category_id2", value={"name": category_prefix + "subject_category_id2", "description": "description 1"}) category_helper.add_object_category( category_prefix + "object_category_id1", value={"name": category_prefix + "object_category_id1", "description": "description 1"}) category_helper.add_action_category( category_prefix + "action_category_id1", value={"name": category_prefix + "action_category_id1", "description": "description 1"}) meta_rule = meta_rule_helper.add_meta_rule(value=create_meta_rule(meta_rule_name, category_prefix)) meta_rule_id = list(meta_rule.keys())[0] model = model_helper.add_model(value=create_model(meta_rule_id, model_name)) model_id = list(model.keys())[0] value = create_policy(model_id, policy_name) policy = policy_helper.add_policies(value=value) assert policy policy_id = list(policy.keys())[0] return policy_id
def test_perimeter_update_subject_wrong_id(): client = utilities.register_client() name = 'testuser' + uuid4().hex policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] data = { "name": name, "description": "description of {}".format('testuser'), } req, subjects = add_subjects(client, policy_id=policy_id1, name='testuser', data=data) value1 = list(subjects["subjects"].values())[0] perimeter_id = value1['id'] data = { 'name': value1['name'] + "update", 'description': value1['description'] + "update" } req = client.patch("/subjects/{}".format(perimeter_id + "wrong"), data=json.dumps(data), headers={'Content-Type': 'application/json'}) assert req.status_code == 400 assert json.loads( req.data)["message"] == '400: Perimeter content is invalid.'
def test_delete_model_assigned_to_policy(db): model_value1 = {"name": "MLS", "description": "test", "meta_rules": []} models = model_helper.add_model(value=model_value1) assert isinstance(models, dict) assert models assert len(models.keys()) == 1 model_id = list(models.keys())[0] value = { "name": "test_policy", "model_id": model_id, "genre": "authz", "description": "test", } policy_helper.add_policies(value=value) with pytest.raises(DeleteModelWithPolicy) as exception_info: model_helper.delete_models(uuid=model_id) assert str(exception_info.value) == '400: Model With Policy Error'
def test_delete_policies(): client = utilities.register_client() policy = policy_helper.add_policies() policy_id = list(policy.keys())[0] req = client.delete("/policies/{}".format(policy_id)) assert req.status_code == 200
def test_perimeter_delete_subject(): client = utilities.register_client() policies = policy_helper.add_policies() policy_id = list(policies.keys())[0] req, subjects = add_subjects(client, policy_id, "testuser") subject_id = list(subjects["subjects"].values())[0]["id"] req = client.delete("/policies/{}/subjects/{}".format( policy_id, subject_id)) assert req.status_code == 200
def test_perimeter_add_subject(): client = utilities.register_client() policies = policy_helper.add_policies() policy_id = list(policies.keys())[0] req, subjects = add_subjects(client, policy_id, "testuser") value = list(subjects["subjects"].values())[0] assert req.status_code == 200 assert value["name"] assert value["email"]
def test_delete_actions_without_policy(): client = utilities.register_client() policies = policy_helper.add_policies() policy_id = list(policies.keys())[0] action_id = builder.create_action(policy_id) req = client.delete("/actions/{}".format(action_id)) assert req.status_code == 400 assert json.loads(req.data)["message"] == "400: Policy Unknown"
def test_perimeter_add_subject_invalid_policy_id(): client = utilities.register_client() policies = policy_helper.add_policies() policy_id = list(policies.keys())[0] name = "testuser" data = { "name": name + uuid4().hex, "description": "description of {}".format(name), "password": "******".format(name), "email": "{}@moon".format(name) } req, subjects = add_subjects(client, policy_id + "0", "testuser", data) assert req.status_code == 400 assert json.loads(req.data)["message"] == '400: Policy Unknown'
def test_update_policy(db): policies = policy_helper.add_policies() policy_id = list(policies.keys())[0] value = { "name": "test_policy4", "model_id": policies[policy_id]['model_id'], "genre": "authz", "description": "test-3", } updated_policy = policy_helper.update_policy(policy_id, value) assert updated_policy for key in ("genre", "name", "model_id", "description"): assert key in updated_policy[policy_id] assert updated_policy[policy_id][key] == value[key]
def test_delete_policies_with_action_perimeter(db): policies = policy_helper.add_policies() policy_id1 = list(policies.keys())[0] value = { "name": "test_act", "security_pipeline": [policy_id1], "keystone_project_id": "keystone_project_id1", "description": "...", } data_helper.add_action(policy_id=policy_id1, value=value) with pytest.raises(DeletePolicyWithPerimeter) as exception_info: policy_helper.delete_policies(policy_id1) assert '400: Policy With Perimeter Error' == str(exception_info.value)
def test_delete_policies_with_pdp(db): policies = policy_helper.add_policies() policy_id1 = list(policies.keys())[0] pdp_id = "pdp_id1" value = { "name": "test_pdp", "security_pipeline": [policy_id1], "keystone_project_id": "keystone_project_id1", "description": "...", } pdp_helper.add_pdp(pdp_id=pdp_id, value=value) with pytest.raises(DeletePolicyWithPdp) as exception_info: policy_helper.delete_policies(policy_id1) assert str(exception_info.value) == '400: Policy With PDP Error' assert 'Cannot delete policy with pdp' == exception_info.value.description
def test_perimeter_add_same_action_name_with_same_policy_id(): client = utilities.register_client() policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] req, action = add_actions(client, "testuser", policy_id=policy_id1) value1 = list(action["actions"].values())[0] data = { "name": value1['name'], "description": "description of {}".format('testuser'), } req, action = add_actions(client, 'testuser', policy_id=policy_id1, data=data) assert req.status_code == 409 assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_add_policies(db): model = model_helper.add_model(model_id=uuid4().hex) model_id = next(iter(model)) value = { "name": "test_policy", "model_id": model_id, "genre": "authz", "description": "test", } policies = policy_helper.add_policies(value=value) assert isinstance(policies, dict) assert policies assert len(policies.keys()) == 1 policy_id = list(policies.keys())[0] for key in ("genre", "name", "model_id", "description"): assert key in policies[policy_id] assert policies[policy_id][key] == value[key]
def test_perimeter_update_subject_name(): client = utilities.register_client() policies = policy_helper.add_policies() policy_id = list(policies.keys())[0] req, subjects = add_subjects(client, policy_id, "testuser") value1 = list(subjects["subjects"].values())[0] perimeter_id = value1['id'] data = {'name': value1['name'] + "update"} req = client.patch("/subjects/{}".format(perimeter_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) subjects = utilities.get_json(req.data) value2 = list(subjects["subjects"].values())[0] assert req.status_code == 200 assert value1['name'] + 'update' == value2['name'] assert value1['id'] == value2['id'] assert value1['description'] == value2['description']
def test_perimeter_add_same_action_perimeter_id_with_different_name(): client = utilities.register_client() req, action = add_actions(client, "testuser") value1 = list(action["actions"].values())[0] policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] data = { "name": value1['name'] + 'different', "description": "description of {}".format('testuser'), } req, action = add_actions(client, 'testuser', policy_id=policy_id1, data=data, perimeter_id=value1['id']) assert req.status_code == 400 assert json.loads( req.data)["message"] == '400: Perimeter content is invalid.'
def test_perimeter_add_same_action_name_with_new_policy_id(): client = utilities.register_client() req, action = add_actions(client, "testuser") value1 = list(action["actions"].values())[0] policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] data = { "name": value1['name'], "description": "description of {}".format('testuser'), } req, action = add_actions(client, 'testuser', policy_id=policy_id1, data=data) value2 = list(action["actions"].values())[0] assert req.status_code == 200 assert value1['id'] == value2['id'] assert value1['name'] == value2['name']
def test_delete_policy_with_dependencies_perimeter(): client = utilities.register_client() policy = policy_helper.add_policies() policy_id = next(iter(policy)) data = { "name": 'testuser'+uuid4().hex, "description": "description of {}".format(uuid4().hex), "password": "******".format(uuid4().hex), "email": "{}@moon".format(uuid4().hex) } req = client.post("/policies/{}/subjects".format(policy_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) assert req.status_code == 200 req = client.delete("/policies/{}".format(policy_id)) assert req.status_code == 400 assert json.loads(req.data)["message"] == '400: Policy With Perimeter Error'
def test_perimeter_add_same_object_name_with_same_policy_id(): client = utilities.register_client() name = 'testuser' + uuid4().hex policies1 = policy_helper.add_policies() policy_id1 = list(policies1.keys())[0] data = { "name": name, "description": "description of {}".format('testuser'), } req, objects = add_objects(client, 'testuser', policyId=policy_id1, data=data) value = list(objects["objects"].values())[0] assert req.status_code == 200 req, objects = add_objects(client, 'testuser', policyId=policy_id1, data=data) assert req.status_code == 409 assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_update_models_with_assigned_policy(): client = utilities.register_client() model = model_helper.add_model(model_id="mls_model_id" + uuid4().hex) model_id = list(model.keys())[0] value = { "name": "test_policy" + uuid4().hex, "model_id": model_id, "description": "test", } policy = policy_helper.add_policies(value=value) data = { "name": "model_" + uuid4().hex, "description": "description of model_2", "meta_rules": [] } req = client.patch("/models/{}".format(model_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) assert req.status_code == 400 assert json.loads(req.data)["message"] == "400: Model With Policy Error"