def test_json_roundtrip_of_a_policy_with_context():
p = Policy('123',
context={
'ip': CIDR('192.168.1.0/24'),
'sub': Equal('test-me')
})
s = p.to_json()
p1 = Policy.from_json(s)
assert '123' == p1.uid
assert 2 == len(p1.context)
assert 'ip' in p1.context
assert 'sub' in p1.context
assert isinstance(p1.context['ip'], CIDR)
assert isinstance(p1.context['sub'], Equal)
assert p1.context['sub'].satisfied('test-me')
# 'context' wins over deprecated rules
p = Policy('456',
context={
'ip': CIDR('192.168.1.0/24'),
'sub': Equal('foo-bar')
},
rules={
'ip': CIDR('127.0.0.1'),
'sub': Equal('baz')
})
s = p.to_json()
p1 = Policy.from_json(s)
assert '456' == p1.uid
assert 2 == len(p1.context)
assert 'ip' in p1.context
assert 'sub' in p1.context
assert isinstance(p1.context['ip'], CIDR)
assert isinstance(p1.context['sub'], Equal)
assert p1.context['sub'].satisfied('foo-bar')
assert p1.context['ip'].satisfied('192.168.1.0')
assert not hasattr(p1, 'rules')
# 'rules' are allowed, but they become a 'context' class field
with pytest.deprecated_call():
p = Policy('789', rules={'ip': CIDR('127.0.0.1'), 'sub': Equal('baz')})
s = p.to_json()
p1 = Policy.from_json(s)
assert '789' == p1.uid
assert 2 == len(p1.context)
assert 'ip' in p1.context
assert 'sub' in p1.context
assert isinstance(p1.context['ip'], CIDR)
assert isinstance(p1.context['sub'], Equal)
assert p1.context['sub'].satisfied('baz')
assert p1.context['ip'].satisfied('127.0.0.1')
assert not hasattr(p1, 'rules')
def test_PolicyAllow_and_PolicyDeny(klass, is_allowed, effect):
p = klass(1,
actions=['<foo.bar>'],
resources=['asdf'],
subjects=['<qwerty>'],
description='test')
assert is_allowed == p.allow_access()
assert 1 == p.uid
assert 'test' == p.description
assert TYPE_STRING_BASED == p.type
assert ['<foo.bar>'] == p.actions
assert ['asdf'] == p.resources
assert ['<qwerty>'] == p.subjects
assert {} == p.context
assert '{"actions": ["<foo.bar>"], "context": {}, "description": "test", "effect": "%s", ' % effect + \
'"resources": ["asdf"], "subjects": ["<qwerty>"], "type": 1, "uid": 1}' == p.to_json(sort=True)
assert ['<foo.bar>'] == Policy.from_json(p.to_json()).actions
p.effect = DENY_ACCESS
assert DENY_ACCESS == p.effect
p2 = klass(2, context={'a': Eq(100)})
assert isinstance(p2.context.get('a'), Eq)
assert 100 == p2.context.get('a').val
# check positional arguments
p3 = Policy(1,
actions=['<foo.bar>'],
resources=['asdf'],
subjects=['<qwerty>'],
description='test',
effect=ALLOW_ACCESS if is_allowed else DENY_ACCESS)
p4 = klass(1, ['<qwerty>'], ['asdf'], ['<foo.bar>'], {}, 'test')
assert p3.to_json(sort=True) == p4.to_json(sort=True)
def test_json_roundtrip_of_a_policy_with_rules():
p = Policy('123',
rules={
'ip': CIDRRule('192.168.1.0/24'),
'sub': StringEqualRule('test-me')
})
s = p.to_json()
p1 = Policy.from_json(s)
assert '123' == p1.uid
assert 2 == len(p1.rules)
assert 'ip' in p1.rules
assert 'sub' in p1.rules
assert isinstance(p1.rules['ip'], CIDRRule)
assert isinstance(p1.rules['sub'], StringEqualRule)
assert p1.rules['sub'].satisfied('test-me')
def test_json_default_effect_is_set_correctly_when_from_json(data, effect):
p = Policy.from_json(data)
assert effect == p.effect
def test_json_roundtrip(data, expect):
p = Policy.from_json(data)
assert expect == p.to_json(sort=True)
def test_json_roundtrip_not_create_policy(data, exception, msg):
with pytest.raises(exception) as excinfo:
Policy.from_json(data)
assert msg in str(excinfo.value)
def test_json_roundtrip_of_a_rules_based_policy(policy):
pj = policy.to_json()
p2 = Policy.from_json(pj)
assert policy.to_json() == p2.to_json()