def test_fetch_rbac_not_disabled(self, monkeypatch):
"""Test RBAC fetch with not set url and not disabled"""
rbac_mng = RbacManager()
monkeypatch.setattr(rbac_mng, "rbac_url", None)
monkeypatch.setattr(manager.rbac_manager.CFG, "disable_rbac", False)
with pytest.raises(RbacException):
rbac_mng.fetch_permissions(0)
def test_fetch_permissions(self, monkeypatch):
"""Test permission fetching and parsing"""
rbac_mng = RbacManager()
self._prepare_user_permissions(RBAC_RESPONSE, rbac_mng, monkeypatch)
perms = rbac_mng.fetch_permissions(0)
assert RBAC_PERM_VULN_RES in perms
assert RBAC_PERM_OPT_WRITE in perms
def test_fetch_rbac_unavailable(self, monkeypatch):
"""Test RBAC permission fetch with rbac not working"""
rbac_mng = RbacManager()
def _mock_get(*_, **__):
raise requests.exceptions.RequestException
monkeypatch.setattr(manager.rbac_manager.CFG, "disable_rbac", False)
monkeypatch.setattr(requests, "get", _mock_get)
with pytest.raises(RbacException):
rbac_mng.fetch_permissions(0)
def test_fetch_rbac_disabled(self, monkeypatch):
"""Test RBAC fetch with not set url and disabled RBAC"""
rbac_mng = RbacManager()
monkeypatch.setattr(rbac_mng, "rbac_url", None)
monkeypatch.setattr(manager.rbac_manager.CFG, "disable_rbac", True)
perms = rbac_mng.fetch_permissions(0)
# if rbac does not have set URL and is disabled return vulnerability:*:*
assert perms == [
RbacPermission(RbacApp.VULNERABILITY, RbacResource.ANY,
RbacAction.ANY),
RbacPermission(RbacApp.INVENTORY, RbacResource.HOSTS,
RbacAction.READ)
]
def test_need_permission_has_multiple(self, monkeypatch):
"""Test permission checking AND operator"""
rbac_mng = RbacManager()
self._prepare_user_permissions(RBAC_RESPONSE, rbac_mng, monkeypatch)
@rbac_mng.need_permissions(RBAC_REQUIRED_PERMS)
def test_fun():
return True
# user has one set of permission from permission sets, return true
res = test_fun()
assert res is True # pylint:disable=unsubscriptable-object
def test_need_permissions_has_single(self, monkeypatch):
"""Test permissions checking OR operator"""
rbac_mng = RbacManager()
self._prepare_user_permissions(RBAC_RESPONSE, rbac_mng, monkeypatch)
@rbac_mng.need_permissions(RBAC_REQUIRED_PERMS)
def test_fun():
return True
# user has one of requested permission sets, thus function should be run
res = test_fun()
assert res is True
def test_need_permissions_any(self, monkeypatch):
"""Test permissions for ANY permission"""
rbac_mng = RbacManager()
self._prepare_user_permissions(RBAC_RESPONSE_ANY, rbac_mng,
monkeypatch)
@rbac_mng.need_permissions(RBAC_REQUIRED_PERMS)
def test_fun():
return True
# user has vulnerability:*:* permission, thus function should be run
res = test_fun()
assert res is True
def test_need_permissions_hasnot_multiple(self, monkeypatch):
"""Test permission checking AND operator wrong permissions"""
rbac_mng = RbacManager()
self._prepare_user_permissions(RBAC_RESPONSE, rbac_mng, monkeypatch)
@rbac_mng.need_permissions([[RBAC_PERM_ADV_REPORT],
[RBAC_PERM_BR_STATUS, RBAC_PERM_OPT_WRITE],
[RBAC_PERM_VULN_RES,
RBAC_PERM_ADV_REPORT]])
def test_fun():
return True
# user has none of requested permission sets, return 403
res = test_fun()
assert res[1] == 403 # pylint:disable=unsubscriptable-object
def test_need_permissions_hasnot_single(self, monkeypatch):
"""Test permissions checking OR operator wrong permissions"""
rbac_mng = RbacManager()
self._prepare_user_permissions(RBAC_RESPONSE, rbac_mng, monkeypatch)
@rbac_mng.need_permissions([[
RbacPermission(RbacApp.VULNERABILITY,
RbacResource.CVE_BUSINESS_RISK_AND_STATUS,
RbacAction.READ)
]])
def test_fun():
return True
# user has none of requested permission sets, return 403
res = test_fun()
assert res[1] == 403 # pylint:disable=unsubscriptable-object