def setUpClass(cls): super(PacksControllerTestCase, cls).setUpClass() cls.pack_db_1 = PackDB( name="pack1", description="foo", version="0.1.0", author="foo", email="*****@*****.**", ref="pack1", ) cls.pack_db_2 = PackDB( name="pack2", description="foo", version="0.1.0", author="foo", email="*****@*****.**", ref="pack2", ) cls.pack_db_3 = PackDB( name="pack3-name", ref="pack3-ref", description="foo", version="0.1.0", author="foo", email="*****@*****.**", ) Pack.add_or_update(cls.pack_db_1) Pack.add_or_update(cls.pack_db_2) Pack.add_or_update(cls.pack_db_3)
def test_uid_is_populated_on_save(self): pack_1_db = PackDB( ref="test_pack", name="test", description="foo", version="1.0.0", author="dev", email="*****@*****.**", ) pack_1_db = Pack.add_or_update(pack_1_db) pack_1_db.reload() self.assertEqual(pack_1_db.uid, "pack:test_pack") action_1_db = ActionDB( name="local", pack="core", ref="core.local", entry_point="", runner_type={"name": "local-shell-cmd"}, ) action_1_db = Action.add_or_update(action_1_db) action_1_db.reload() self.assertEqual(action_1_db.uid, "action:core:local")
def setUpClass(cls): super(PacksControllerTestCase, cls).setUpClass() cls.pack_db_1 = PackDB(name='Pack1', description='foo', version='0.1.0', author='foo', email='*****@*****.**', ref='pack1') cls.pack_db_2 = PackDB(name='Pack2', description='foo', version='0.1.0', author='foo', email='*****@*****.**', ref='pack2') Pack.add_or_update(cls.pack_db_1) Pack.add_or_update(cls.pack_db_2)
def _insert_common_mock_resources(self): pack_1_db = PackDB(name='test_pack_1', ref='test_pack_1', description='', version='0.1.0', author='foo', email='*****@*****.**') pack_1_db = Pack.add_or_update(pack_1_db) self.resources['pack_1'] = pack_1_db pack_2_db = PackDB(name='test_pack_2', ref='test_pack_2', description='', version='0.1.0', author='foo', email='*****@*****.**') pack_2_db = Pack.add_or_update(pack_2_db) self.resources['pack_2'] = pack_2_db
def test_get_uid(self): pack_1_db = PackDB(ref='test_pack') pack_2_db = PackDB(ref='examples') self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack') self.assertEqual(pack_2_db.get_uid(), 'pack:examples') action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action') action_2_db = ActionDB(pack='core', name='local', ref='core.local') self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action') self.assertEqual(action_2_db.get_uid(), 'action:core:local')
def setUp(cls): super(PackControllerRBACTestCase, cls).setUp() cls.pack_db_1 = PackDB(name='pack1', description='foo', version='0.1.0', author='foo', email='*****@*****.**', ref='pack1') cls.pack_db_2 = PackDB(name='pack2', description='foo', version='0.1.0', author='foo', email='*****@*****.**', ref='pack2') cls.pack_db_3 = PackDB(name='pack3-name', ref='pack3-ref', description='foo', version='0.1.0', author='foo', email='*****@*****.**') Pack.add_or_update(cls.pack_db_1) Pack.add_or_update(cls.pack_db_2) Pack.add_or_update(cls.pack_db_3)
def test_uid_is_populated_on_save(self): pack_1_db = PackDB(ref='test_pack', name='test', description='foo', version='1.0', author='dev', email='*****@*****.**') pack_1_db = Pack.add_or_update(pack_1_db) pack_1_db.reload() self.assertEqual(pack_1_db.uid, 'pack:test_pack') action_1_db = ActionDB(name='local', pack='core', ref='core.local', entry_point='', runner_type={'name': 'local-shell-cmd'}) action_1_db = Action.add_or_update(action_1_db) action_1_db.reload() self.assertEqual(action_1_db.uid, 'action:core:local')
def test_uid_is_populated_on_save(self): pack_1_db = PackDB(ref='test_pack', name='test', description='foo', version='1.0.0', author='dev', email='*****@*****.**') pack_1_db = Pack.add_or_update(pack_1_db) pack_1_db.reload() self.assertEqual(pack_1_db.uid, 'pack:test_pack') action_1_db = ActionDB(name='local', pack='core', ref='core.local', entry_point='', runner_type={'name': 'local-shell-cmd'}) action_1_db = Action.add_or_update(action_1_db) action_1_db.reload() self.assertEqual(action_1_db.uid, 'action:core:local')
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:')) # Verify that same set of parameters always results in the same hash parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash).hexdigest() parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}) trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency') self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency') policy_db = PolicyDB(pack='dummy', name='policy1') self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
def test_get_pack_common_libs_path_for_pack_db_no_path_in_pack_db(self): pack_model_args = { 'name': 'Yolo CI', 'ref': 'yolo_ci', 'description': 'YOLO CI pack', 'version': '0.1.0', 'author': 'Volkswagen' } pack_db = PackDB(**pack_model_args) lib_path = get_pack_common_libs_path_for_pack_db(pack_db) self.assertEqual(None, lib_path)
def test_get_pack_common_libs_path_for_pack_db_no_path_in_pack_db(self): pack_model_args = { "name": "Yolo CI", "ref": "yolo_ci", "description": "YOLO CI pack", "version": "0.1.0", "author": "Volkswagen", } pack_db = PackDB(**pack_model_args) lib_path = get_pack_common_libs_path_for_pack_db(pack_db) self.assertEqual(None, lib_path)
def test_get_pack_common_libs_path_for_pack_db(self): pack_model_args = { 'name': 'Yolo CI', 'ref': 'yolo_ci', 'description': 'YOLO CI pack', 'version': '0.1.0', 'author': 'Volkswagen', 'path': '/opt/stackstorm/packs/yolo_ci/' } pack_db = PackDB(**pack_model_args) lib_path = get_pack_common_libs_path_for_pack_db(pack_db) self.assertEqual('/opt/stackstorm/packs/yolo_ci/lib', lib_path)
def test_get_pack_common_libs_path_for_pack_db(self): pack_model_args = { "name": "Yolo CI", "ref": "yolo_ci", "description": "YOLO CI pack", "version": "0.1.0", "author": "Volkswagen", "path": "/opt/stackstorm/packs/yolo_ci/", } pack_db = PackDB(**pack_model_args) lib_path = get_pack_common_libs_path_for_pack_db(pack_db) self.assertEqual("/opt/stackstorm/packs/yolo_ci/lib", lib_path)
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:')) # Verify that same set of parameters always results in the same hash parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}, 'b': u'unicode'} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash).hexdigest() parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'b': u'unicode', 'd': {'g': 1, 'h': 2}} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}) trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
def test_get_uid(self): pack_1_db = PackDB(ref="test_pack") pack_2_db = PackDB(ref="examples") self.assertEqual(pack_1_db.get_uid(), "pack:test_pack") self.assertEqual(pack_2_db.get_uid(), "pack:examples") action_1_db = ActionDB(pack="examples", name="my_action", ref="examples.my_action") action_2_db = ActionDB(pack="core", name="local", ref="core.local") self.assertEqual(action_1_db.get_uid(), "action:examples:my_action") self.assertEqual(action_2_db.get_uid(), "action:core:local")
def test_get_uid(self): pack_db = PackDB(ref="ma_pack") self.assertEqual(pack_db.get_uid(), "pack:ma_pack") self.assertTrue(pack_db.has_valid_uid()) sensor_type_db = SensorTypeDB(name="sname", pack="spack") self.assertEqual(sensor_type_db.get_uid(), "sensor_type:spack:sname") self.assertTrue(sensor_type_db.has_valid_uid()) action_db = ActionDB(name="aname", pack="apack", runner_type={}) self.assertEqual(action_db.get_uid(), "action:apack:aname") self.assertTrue(action_db.has_valid_uid()) rule_db = RuleDB(name="rname", pack="rpack") self.assertEqual(rule_db.get_uid(), "rule:rpack:rname") self.assertTrue(rule_db.has_valid_uid()) trigger_type_db = TriggerTypeDB(name="ttname", pack="ttpack") self.assertEqual(trigger_type_db.get_uid(), "trigger_type:ttpack:ttname") self.assertTrue(trigger_type_db.has_valid_uid()) trigger_db = TriggerDB(name="tname", pack="tpack") self.assertTrue(trigger_db.get_uid().startswith("trigger:tpack:tname:")) # Verify that same set of parameters always results in the same hash parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest() parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}} trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) parameters = {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1} trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) parameters = {"b": "unicode", "c": [1, 2, 3], "d": {"h": 2, "g": 1}, "a": 1} trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) parameters = OrderedDict( {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1} ) trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) policy_type_db = PolicyTypeDB(resource_type="action", name="concurrency") self.assertEqual(policy_type_db.get_uid(), "policy_type:action:concurrency") self.assertTrue(policy_type_db.has_valid_uid()) policy_db = PolicyDB(pack="dummy", name="policy1") self.assertEqual(policy_db.get_uid(), "policy:dummy:policy1") api_key_db = ApiKeyDB(key_hash="valid") self.assertEqual(api_key_db.get_uid(), "api_key:valid") self.assertTrue(api_key_db.has_valid_uid()) api_key_db = ApiKeyDB() self.assertEqual(api_key_db.get_uid(), "api_key:") self.assertFalse(api_key_db.has_valid_uid())
def user_has_resource_db_permission(self, user_db, resource_db, permission_type): log_context = { 'user_db': user_db, 'resource_db': resource_db, 'permission_type': permission_type, 'resolver': self.__class__.__name__ } self._log('Checking user resource permissions', extra=log_context) # First check the system role permissions has_system_role_permission = self._user_has_system_role_permission( user_db=user_db, permission_type=permission_type) if has_system_role_permission: self._log('Found a matching grant via system role', extra=log_context) return True # Check custom roles rule_spec = getattr(resource_db, 'rule', None) rule_uid = rule_spec.uid rule_id = rule_spec.id rule_pack = ResourceReference.get_pack(rule_spec.ref) if not rule_uid or not rule_id or not rule_pack: LOG.error( 'Rule UID or ID or PACK not present in enforcement object. ' + ('UID = %s, ID = %s, PACK = %s' % (rule_uid, rule_id, rule_pack)) + 'Cannot assess access permissions without it. Defaulting to DENY.' ) return False # TODO: Add utility methods for constructing uids from parts pack_db = PackDB(ref=rule_pack) rule_pack_uid = pack_db.get_uid() rule_permission_type = None if permission_type == PermissionType.RULE_ENFORCEMENT_VIEW: rule_permission_type = PermissionType.RULE_VIEW elif permission_type == PermissionType.RULE_ENFORCEMENT_LIST: rule_permission_type = PermissionType.RULE_LIST else: raise ValueError('Invalid permission type: %s' % (permission_type)) permission_types = [PermissionType.RULE_ALL, rule_permission_type] view_permission_type = PermissionType.get_permission_type( resource_type=ResourceType.RULE, permission_name='view') if rule_permission_type == view_permission_type: permission_types = ( RulePermissionsResolver.view_grant_permission_types[:] + [rule_permission_type]) # Check grants on the pack of the rule to which enforcement belongs to resource_types = [ResourceType.PACK] permission_grants = get_all_permission_grants_for_user( user_db=user_db, resource_uid=rule_pack_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the enforcement rule parent pack', extra=log_context) return True # Check grants on the rule the enforcement belongs to resource_types = [ResourceType.RULE] permission_grants = get_all_permission_grants_for_user( user_db=user_db, resource_uid=rule_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the enforcement\'s rule.', extra=log_context) return True self._log('No matching grants found', extra=log_context) return False
def user_has_resource_db_permission(self, user_db, resource_db, permission_type): log_context = { 'user_db': user_db, 'resource_db': resource_db, 'permission_type': permission_type, 'resolver': self.__class__.__name__ } self._log('Checking user resource permissions', extra=log_context) # First check the system role permissions has_system_role_permission = self._user_has_system_role_permission( user_db=user_db, permission_type=permission_type) if has_system_role_permission: self._log('Found a matching grant via system role', extra=log_context) return True # Check custom roles rule_spec = getattr(resource_db, 'rule', None) rule_uid = rule_spec.uid rule_id = rule_spec.id rule_pack = ResourceReference.get_pack(rule_spec.ref) if not rule_uid or not rule_id or not rule_pack: LOG.error('Rule UID or ID or PACK not present in enforcement object. ' + ('UID = %s, ID = %s, PACK = %s' % (rule_uid, rule_id, rule_pack)) + 'Cannot assess access permissions without it. Defaulting to DENY.') return False # TODO: Add utility methods for constructing uids from parts pack_db = PackDB(ref=rule_pack) rule_pack_uid = pack_db.get_uid() rule_permission_type = None if permission_type == PermissionType.RULE_ENFORCEMENT_VIEW: rule_permission_type = PermissionType.RULE_VIEW elif permission_type == PermissionType.RULE_ENFORCEMENT_LIST: rule_permission_type = PermissionType.RULE_LIST else: raise ValueError('Invalid permission type: %s' % (permission_type)) permission_types = [PermissionType.RULE_ALL, rule_permission_type] view_permission_type = PermissionType.get_permission_type(resource_type=ResourceType.RULE, permission_name='view') if rule_permission_type == view_permission_type: permission_types = (RulePermissionsResolver.view_grant_permission_types[:] + [rule_permission_type]) # Check grants on the pack of the rule to which enforcement belongs to resource_types = [ResourceType.PACK] permission_grants = get_all_permission_grants_for_user(user_db=user_db, resource_uid=rule_pack_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the enforcement rule parent pack', extra=log_context) return True # Check grants on the rule the enforcement belongs to resource_types = [ResourceType.RULE] permission_grants = get_all_permission_grants_for_user(user_db=user_db, resource_uid=rule_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the enforcement\'s rule.', extra=log_context) return True self._log('No matching grants found', extra=log_context) return False
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') self.assertTrue(pack_db.has_valid_uid()) sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') self.assertTrue(sensor_type_db.has_valid_uid()) action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') self.assertTrue(action_db.has_valid_uid()) rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') self.assertTrue(rule_db.has_valid_uid()) trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') self.assertTrue(trigger_type_db.has_valid_uid()) trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:')) # Verify that same set of parameters always results in the same hash parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest() parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}) trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency') self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency') self.assertTrue(policy_type_db.has_valid_uid()) policy_db = PolicyDB(pack='dummy', name='policy1') self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1') api_key_db = ApiKeyDB(key_hash='valid') self.assertEqual(api_key_db.get_uid(), 'api_key:valid') self.assertTrue(api_key_db.has_valid_uid()) api_key_db = ApiKeyDB() self.assertEqual(api_key_db.get_uid(), 'api_key:') self.assertFalse(api_key_db.has_valid_uid())
def user_has_resource_db_permission(self, user_db, resource_db, permission_type): log_context = { 'user_db': user_db, 'resource_db': resource_db, 'permission_type': permission_type, 'resolver': self.__class__.__name__ } self._log('Checking user resource permissions', extra=log_context) # First check the system role permissions has_system_role_permission = self._user_has_system_role_permission( user_db=user_db, permission_type=permission_type) if has_system_role_permission: self._log('Found a matching grant via system role', extra=log_context) return True # Check custom roles action = resource_db['action'] # TODO: Add utility methods for constructing uids from parts pack_db = PackDB(ref=action['pack']) action_uid = action['uid'] action_pack_uid = pack_db.get_uid() # Note: "action_execute" also grants / implies "execution_re_run" and "execution_stop" if permission_type == PermissionType.EXECUTION_VIEW: action_permission_type = PermissionType.ACTION_VIEW elif permission_type in [PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP]: action_permission_type = PermissionType.ACTION_EXECUTE elif permission_type == PermissionType.EXECUTION_ALL: action_permission_type = PermissionType.ACTION_ALL else: raise ValueError('Invalid permission type: %s' % (permission_type)) # Check grants on the pack of the action to which execution belongs to resource_types = [ResourceType.PACK] permission_types = [PermissionType.ACTION_ALL, action_permission_type] permission_grants = get_all_permission_grants_for_user(user_db=user_db, resource_uid=action_pack_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the execution action parent pack', extra=log_context) return True # Check grants on the action the execution belongs to resource_types = [ResourceType.ACTION] permission_types = [PermissionType.ACTION_ALL, action_permission_type] permission_grants = get_all_permission_grants_for_user(user_db=user_db, resource_uid=action_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the execution action', extra=log_context) return True self._log('No matching grants found', extra=log_context) return False
import os import time from mock import (MagicMock, Mock, patch) import unittest2 from st2reactor.container.process_container import ProcessSensorContainer from st2common.util import concurrency from st2common.models.db.pack import PackDB from st2common.persistence.pack import Pack import st2tests.config as tests_config tests_config.parse_args() MOCK_PACK_DB = PackDB(ref='wolfpack', name='wolf pack', description='', path='/opt/stackstorm/packs/wolfpack/') class ProcessContainerTests(unittest2.TestCase): def test_no_sensors_dont_quit(self): process_container = ProcessSensorContainer(None, poll_interval=0.1) process_container_thread = concurrency.spawn(process_container.run) concurrency.sleep(0.5) self.assertEqual(process_container.running(), 0) self.assertEqual(process_container.stopped(), False) process_container.shutdown() process_container_thread.kill() @patch.object(ProcessSensorContainer, '_get_sensor_id', MagicMock(return_value='wolfpack.StupidSensor'))
def user_has_resource_db_permission(self, user_db, resource_db, permission_type): log_context = { 'user_db': user_db, 'resource_db': resource_db, 'permission_type': permission_type, 'resolver': self.__class__.__name__ } self._log('Checking user resource permissions', extra=log_context) # First check the system role permissions has_system_role_permission = self._user_has_system_role_permission( user_db=user_db, permission_type=permission_type) if has_system_role_permission: self._log('Found a matching grant via system role', extra=log_context) return True # Check custom roles action = resource_db['action'] # TODO: Add utility methods for constructing uids from parts pack_db = PackDB(ref=action['pack']) action_uid = action['uid'] action_pack_uid = pack_db.get_uid() # Note: "action_execute" also grants / implies "execution_re_run" and "execution_stop" if permission_type == PermissionType.EXECUTION_VIEW: action_permission_type = PermissionType.ACTION_VIEW elif permission_type in [ PermissionType.EXECUTION_RE_RUN, PermissionType.EXECUTION_STOP ]: action_permission_type = PermissionType.ACTION_EXECUTE elif permission_type == PermissionType.EXECUTION_ALL: action_permission_type = PermissionType.ACTION_ALL else: raise ValueError('Invalid permission type: %s' % (permission_type)) # Check grants on the pack of the action to which execution belongs to resource_types = [ResourceType.PACK] permission_types = [PermissionType.ACTION_ALL, action_permission_type] permission_grants = get_all_permission_grants_for_user( user_db=user_db, resource_uid=action_pack_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the execution action parent pack', extra=log_context) return True # Check grants on the action the execution belongs to resource_types = [ResourceType.ACTION] permission_types = [PermissionType.ACTION_ALL, action_permission_type] permission_grants = get_all_permission_grants_for_user( user_db=user_db, resource_uid=action_uid, resource_types=resource_types, permission_types=permission_types) if len(permission_grants) >= 1: self._log('Found a grant on the execution action', extra=log_context) return True self._log('No matching grants found', extra=log_context) return False
from mock import MagicMock, Mock, patch import unittest2 from st2reactor.container.process_container import ProcessSensorContainer from st2common.util import concurrency from st2common.models.db.pack import PackDB from st2common.persistence.pack import Pack import st2tests.config as tests_config tests_config.parse_args() MOCK_PACK_DB = PackDB( ref="wolfpack", name="wolf pack", description="", path="/opt/stackstorm/packs/wolfpack/", ) class ProcessContainerTests(unittest2.TestCase): def test_no_sensors_dont_quit(self): process_container = ProcessSensorContainer(None, poll_interval=0.1) process_container_thread = concurrency.spawn(process_container.run) concurrency.sleep(0.5) self.assertEqual(process_container.running(), 0) self.assertEqual(process_container.stopped(), False) process_container.shutdown() process_container_thread.kill() @patch.object(