def test_agent_policies(self): # set up data gc = Mock() service_key = "service_key" resource_id = "resource_id" pdpm = PolicyDecisionPointManager(gc) invocation = Mock() mock_header = Mock() invocation.message_annotations = {} invocation.message = {"argument1": 0} invocation.headers = { "op": "op", "process": "process", "request": "request", "ion-actor-id": "ion-actor-id", "receiver": "resource-registry", "sender-type": "sender-type", "sender-service": "Unknown", "ion-actor-roles": {"org_name": ["SUPERUSER"]}, } invocation.get_message_receiver.return_value = "service_key" invocation.get_service_name.return_value = "Unknown" invocation.get_message_sender.return_value = ["Unknown", "Unknown"] def get_header_value(key, default): return invocation.headers.get(key, default) mock_header.side_effect = get_header_value invocation.get_header_value = mock_header mock_args = Mock() process = Mock() process.org_governance_name = "org_name" process.resource_id = "resource_id" invocation.args = {"process": process} def get_arg_value(key, default="Unknown"): return invocation.args.get(key, default) mock_args.side_effect = get_arg_value invocation.get_arg_value = mock_args gc.system_root_org_name = "sys_org_name" # check that service policies result in denying the request pdpm.set_service_policy_rules(service_key, self.deny_SUPERUSER_rule) pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Deny") # check that resource policies result in denying the request pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule) pdpm.set_resource_policy_rules(resource_id, self.deny_SUPERUSER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Deny") # check that both service and resource policies need to allow a request pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule) pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Permit")
def test_agent_policies(self): # set up data gc = Mock() service_key = 'service_key' resource_id = 'resource_id' pdpm = PolicyDecisionPointManager(gc) invocation = Mock() mock_header = Mock() invocation.message_annotations = {} invocation.message = {'argument1': 0 } invocation.headers = {'op': 'op', 'process': 'process', 'request': 'request', 'ion-actor-id': 'ion-actor-id', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'sender-service': 'Unknown', 'ion-actor-roles': {'org_name': ['ION_MANAGER']}} invocation.get_message_receiver.return_value = 'service_key' invocation.get_service_name.return_value = 'Unknown' invocation.get_message_sender.return_value = ['Unknown','Unknown'] def get_header_value(key, default): return invocation.headers.get(key, default) mock_header.side_effect = get_header_value invocation.get_header_value = mock_header mock_args = Mock() process = Mock() process.org_governance_name = 'org_name' process.resource_id = 'resource_id' invocation.args = {'process': process} def get_arg_value(key, default='Unknown'): return invocation.args.get(key, default) mock_args.side_effect = get_arg_value invocation.get_arg_value = mock_args gc.system_root_org_name = 'sys_org_name' # check that service policies result in denying the request pdpm.load_service_policy_rules(service_key, self.deny_ION_MANAGER_rule) pdpm.load_resource_policy_rules(resource_id, self.permit_ION_MANAGER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Deny") # check that resource policies result in denying the request pdpm.load_service_policy_rules(service_key, self.permit_ION_MANAGER_rule) pdpm.load_resource_policy_rules(resource_id, self.deny_ION_MANAGER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Deny") # check that both service and resource policies need to allow a request pdpm.load_service_policy_rules(service_key, self.permit_ION_MANAGER_rule) pdpm.load_resource_policy_rules(resource_id, self.permit_ION_MANAGER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Permit")
def test_agent_policies(self): # set up data gc = Mock() service_key = 'service_key' resource_id = 'resource_id' pdpm = PolicyDecisionPointManager(gc) invocation = Mock() mock_header = Mock() invocation.message_annotations = {} invocation.message = {'argument1': 0} invocation.headers = { 'op': 'op', 'process': 'process', 'request': 'request', 'ion-actor-id': 'ion-actor-id', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'sender-service': 'Unknown', 'ion-actor-roles': { 'org_name': ['SUPERUSER'] } } invocation.get_message_receiver.return_value = 'service_key' invocation.get_service_name.return_value = 'Unknown' invocation.get_message_sender.return_value = ['Unknown', 'Unknown'] def get_header_value(key, default): return invocation.headers.get(key, default) mock_header.side_effect = get_header_value invocation.get_header_value = mock_header mock_args = Mock() process = Mock() process.org_governance_name = 'org_name' process.resource_id = 'resource_id' invocation.args = {'process': process} def get_arg_value(key, default='Unknown'): return invocation.args.get(key, default) mock_args.side_effect = get_arg_value invocation.get_arg_value = mock_args gc.system_root_org_name = 'sys_org_name' # check that service policies result in denying the request pdpm.set_service_policy_rules(service_key, self.deny_SUPERUSER_rule) pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Deny") # check that resource policies result in denying the request pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule) pdpm.set_resource_policy_rules(resource_id, self.deny_SUPERUSER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Deny") # check that both service and resource policies need to allow a request pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule) pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule) response = pdpm.check_agent_request_policies(invocation) self.assertEqual(response.value, "Permit")