def test_003_init_default_target(self): rule_ask = qubespolicy.PolicyRule('$anyvm $anyvm ask') action = qubespolicy.PolicyAction('test.service', 'test-vm1', 'test-vm1', rule_ask, 'test-vm2', ['test-vm2']) self.assertIsNone(action.target) action = qubespolicy.PolicyAction('test.service', 'test-vm1', 'test-vm2', rule_ask, 'test-vm2', ['test-vm2']) self.assertEqual(action.target, 'test-vm2')
def test_002_init_invalid(self): rule_ask = qubespolicy.PolicyRule('$anyvm $anyvm ask') rule_allow = qubespolicy.PolicyRule('$anyvm $anyvm allow') with self.assertRaises(AssertionError): qubespolicy.PolicyAction('test.service', 'test-vm1', None, rule_allow, 'test-vm2', None) with self.assertRaises(AssertionError): qubespolicy.PolicyAction('test.service', 'test-vm1', 'test-vm2', rule_allow, 'test-vm2', ['test-vm2', 'test-vm3']) with self.assertRaises(AssertionError): qubespolicy.PolicyAction('test.service', 'test-vm1', None, rule_ask, 'test-vm2', None)
def test_011_handle_user_response(self): rule = qubespolicy.PolicyRule('@anyvm @anyvm ask') action = qubespolicy.PolicyAction('test.service', 'test-vm1', None, rule, 'test-vm2', ['test-vm2', 'test-vm3']) with self.assertRaises(AssertionError): action.handle_user_response(True, 'test-no-dvm')
def test_012_handle_user_response(self): rule = qubespolicy.PolicyRule('$anyvm $anyvm ask') action = qubespolicy.PolicyAction('test.service', 'test-vm1', None, rule, 'test-vm2', ['test-vm2', 'test-vm3']) with self.assertRaises(qubespolicy.AccessDenied): action.handle_user_response(False, None) self.assertEqual(action.action, qubespolicy.Action.deny)
def test_010_handle_user_response(self): rule = qubespolicy.PolicyRule('$anyvm $anyvm ask') action = qubespolicy.PolicyAction('test.service', 'test-vm1', None, rule, 'test-vm2', ['test-vm2', 'test-vm3']) action.handle_user_response(True, 'test-vm2') self.assertEqual(action.action, qubespolicy.Action.allow) self.assertEqual(action.target, 'test-vm2')
def test_013_handle_user_response_with_default_target(self): rule = qubespolicy.PolicyRule( '@anyvm @anyvm ask,default_target=test-vm2') action = qubespolicy.PolicyAction('test.service', 'test-vm1', None, rule, 'test-vm2', ['test-vm2', 'test-vm3']) action.handle_user_response(True, 'test-vm2') self.assertEqual(action.action, qubespolicy.Action.allow) self.assertEqual(action.target, 'test-vm2')
def test_020_execute(self, mock_subprocess, mock_qubesd_call): rule = qubespolicy.PolicyRule('$anyvm $anyvm allow') action = qubespolicy.PolicyAction('test.service', 'test-vm1', 'test-vm2', rule, 'test-vm2') action.execute('some-ident') self.assertEqual(mock_qubesd_call.mock_calls, [unittest.mock.call('test-vm2', 'admin.vm.Start')]) self.assertEqual(mock_subprocess.mock_calls, [unittest.mock.call([qubespolicy.QREXEC_CLIENT, '-d', 'test-vm2', '-c', 'some-ident', 'DEFAULT:QUBESRPC test.service test-vm1'])])
def test_021_execute_dom0(self, mock_subprocess, mock_qubesd_call): rule = qubespolicy.PolicyRule('$anyvm dom0 allow') action = qubespolicy.PolicyAction('test.service', 'test-vm1', 'dom0', rule, 'dom0') action.execute('some-ident') self.assertEqual(mock_qubesd_call.mock_calls, []) self.assertEqual(mock_subprocess.mock_calls, [unittest.mock.call([qubespolicy.QREXEC_CLIENT, '-d', 'dom0', '-c', 'some-ident', qubespolicy.QUBES_RPC_MULTIPLEXER_PATH + ' test.service test-vm1 dom0'])])
def test_001_init(self): rule = qubespolicy.PolicyRule('$anyvm $anyvm ask') action = qubespolicy.PolicyAction('test.service', 'test-vm1', None, rule, 'test-vm2', ['test-vm2', 'test-vm3']) self.assertEqual(action.service, 'test.service') self.assertEqual(action.source, 'test-vm1') self.assertIsNone(action.target) self.assertEqual(action.original_target, 'test-vm2') self.assertEqual(action.targets_for_ask, ['test-vm2', 'test-vm3']) self.assertEqual(action.rule, rule) self.assertEqual(action.action, qubespolicy.Action.ask)
def test_024_execute_startup_error(self, mock_subprocess, mock_qubesd_call): rule = qubespolicy.PolicyRule('@anyvm @anyvm allow') action = qubespolicy.PolicyAction('test.service', 'test-vm1', 'test-vm2', rule, 'test-vm2') mock_qubesd_call.side_effect = \ qubespolicy.QubesMgmtException('QubesVMError') with self.assertRaises(qubespolicy.QubesMgmtException): action.execute('some-ident') self.assertEqual(mock_qubesd_call.mock_calls, [unittest.mock.call('test-vm2', 'admin.vm.Start')]) self.assertEqual(mock_subprocess.mock_calls, [])
def test_021_execute_dom0_keyword(self, mock_subprocess, mock_qubesd_call): rule = qubespolicy.PolicyRule('@anyvm dom0 allow') action = qubespolicy.PolicyAction('test.service', 'test-vm1', 'dom0', rule, '@adminvm') action.execute('some-ident') self.assertEqual(mock_qubesd_call.mock_calls, []) self.assertEqual(mock_subprocess.mock_calls, [ unittest.mock.call([ qubespolicy.QREXEC_CLIENT, '-d', 'dom0', '-c', 'some-ident', 'QUBESRPC test.service test-vm1 keyword adminvm' ]) ])
def test_023_execute_already_running(self, mock_subprocess, mock_qubesd_call): rule = qubespolicy.PolicyRule('$anyvm $anyvm allow') action = qubespolicy.PolicyAction('test.service', 'test-vm1', 'test-vm2', rule, 'test-vm2') mock_qubesd_call.side_effect = \ qubespolicy.QubesMgmtException('QubesVMNotHaltedError') action.execute('some-ident') self.assertEqual(mock_qubesd_call.mock_calls, [unittest.mock.call('test-vm2', 'admin.vm.Start')]) self.assertEqual(mock_subprocess.mock_calls, [unittest.mock.call([qubespolicy.QREXEC_CLIENT, '-d', 'test-vm2', '-c', 'some-ident', 'DEFAULT:QUBESRPC test.service test-vm1'])])
def test_022_execute_dispvm(self, mock_subprocess, mock_qubesd_call): rule = qubespolicy.PolicyRule('$anyvm $dispvm:default-dvm allow') action = qubespolicy.PolicyAction('test.service', 'test-vm1', '$dispvm:default-dvm', rule, '$dispvm:default-dvm') mock_qubesd_call.side_effect = (lambda target, call: b'dispvm-name' if call == 'admin.vm.CreateDisposable' else unittest.mock.DEFAULT) action.execute('some-ident') self.assertEqual(mock_qubesd_call.mock_calls, [unittest.mock.call('default-dvm', 'admin.vm.CreateDisposable'), unittest.mock.call('dispvm-name', 'admin.vm.Start'), unittest.mock.call('dispvm-name', 'admin.vm.Kill')]) self.assertEqual(mock_subprocess.mock_calls, [unittest.mock.call([qubespolicy.QREXEC_CLIENT, '-d', 'dispvm-name', '-c', 'some-ident', '-W', 'DEFAULT:QUBESRPC test.service test-vm1'])])
def test_000_init(self): rule = qubespolicy.PolicyRule('@anyvm @anyvm deny') with self.assertRaises(qubespolicy.AccessDenied): qubespolicy.PolicyAction('test.service', 'test-vm1', 'test-vm2', rule, 'test-vm2')