def test_effect_boolean_conversion(self, st, effect):
policy = Policy('1', effect=effect)
st.add(policy)
policy_back = st.get('1')
assert effect == policy_back.effect
policy.effect = 'foo'
st.update(policy)
policy.effect = effect
st.update(policy)
policy_back = st.get('1')
assert effect == policy_back.effect
def test_policy_type_on_attribute_change():
p = Policy(1,
actions=['<foo.bar>'],
resources=['asdf'],
subjects=['<qwerty>'])
assert TYPE_STRING_BASED == p.type
p.effect = ALLOW_ACCESS
assert TYPE_STRING_BASED == p.type
with pytest.raises(PolicyCreationError):
p.actions = [{'ip': CIDR('0.0.0.0')}]
assert TYPE_STRING_BASED == p.type
with pytest.raises(PolicyCreationError):
p.subjects = [{'ip': CIDR('0.0.0.0')}]
with pytest.raises(PolicyCreationError):
p.actions = [Any()]
assert TYPE_STRING_BASED == p.type
p.actions = ['<.*>']
assert TYPE_STRING_BASED == p.type
p.subjects = ['<.*>']
assert TYPE_STRING_BASED == p.type
p.type = TYPE_RULE_BASED # explicit assign doesn't help
assert TYPE_STRING_BASED == p.type
# testing the from the opposite direction
p = Policy(2,
actions=[Any()],
resources=[{
'book': Eq('UX Manual')
}],
subjects=[Eq('Sally'), Eq('Bob')])
assert TYPE_RULE_BASED == p.type
p.effect = ALLOW_ACCESS
assert TYPE_RULE_BASED == p.type
with pytest.raises(PolicyCreationError):
p.actions = ['<foo.bar>']
assert TYPE_RULE_BASED == p.type
with pytest.raises(PolicyCreationError):
p.subjects = ['<foo.bar>', 'baz']
with pytest.raises(PolicyCreationError):
p.actions = ['baz<.*>']
assert TYPE_RULE_BASED == p.type
p.actions = [Any()]
assert TYPE_RULE_BASED == p.type
p.subjects = [Any()]
assert TYPE_RULE_BASED == p.type
p.type = TYPE_STRING_BASED # explicit assign doesn't help
assert TYPE_RULE_BASED == p.type
