def test_make_data_policy_action(data_policy_actions_dict, tagger):
action_type = data_policy_actions_dict[0]["type"]
rules_config = data_policy_actions_dict[0]["rules"]
rule1 = rules_config[0]
rule1_conditions = rule1["exceptions"]["conditions"]
rule1_iam_groups = rule1_conditions[0]["iam_groups"]
rule2 = rules_config[1]
rule2_conditions = rule2["exceptions"]["conditions"]
rule2_iam_groups = (rule2_conditions[0]["iam_groups"] +
rule2_conditions[1]["iam_groups"])
expected_action = pol.MaskingAction(
type=action_type,
rules=[
pol.PolicyRule(
type=rule1["type"],
exceptions=pol.make_policy_exceptions(
iam_groups=rule1_iam_groups,
operator=rule1["exceptions"]["operator"],
),
config=pol.MaskingRuleConfig(
fields=[
pol.ColumnTag(
name=rule1["config"]["fields"]["tags"][0],
hasLeafNodes=tagger.is_root_tag(
rule1["config"]["fields"]["tags"][0]),
)
],
maskingConfig=pol.MaskingConfig(type="Consistent Value"),
),
),
pol.PolicyRule(
type=rule2["type"],
exceptions=pol.make_policy_exceptions(
iam_groups=rule2_iam_groups,
operator=rule2["exceptions"]["operator"],
),
config=pol.MaskingRuleConfig(
fields=[
pol.ColumnTag(
name=rule2["config"]["fields"]["tags"][0],
hasLeafNodes=tagger.is_root_tag(
rule2["config"]["fields"]["tags"][0]),
),
pol.ColumnTag(
name=rule2["config"]["fields"]["tags"][1],
hasLeafNodes=tagger.is_root_tag(
rule2["config"]["fields"]["tags"][1]),
),
],
maskingConfig=pol.MaskingConfig(type="Consistent Value"),
),
),
],
)
action = pol.make_data_policy_action(
action_type=action_type,
rules_config=rules_config,
tagger=tagger,
)
assert action == expected_action
def test_make_policy_rule(data_policy_actions_dict, tagger):
example_rule = data_policy_actions_dict[0]["rules"][0]
rule_type = example_rule["type"]
config_field_tags = example_rule["config"]["fields"]["tags"]
exceptions_config = example_rule["exceptions"]
iam_groups = exceptions_config["conditions"][0]["iam_groups"]
operator = exceptions_config["operator"]
expected_rule = pol.PolicyRule(
type=rule_type,
exceptions=pol.make_policy_exceptions(iam_groups=iam_groups,
operator=operator),
config=pol.MaskingRuleConfig(
fields=[
pol.ColumnTag(
name=config_field_tags[0],
hasLeafNodes=tagger.is_root_tag(config_field_tags[0]),
)
],
maskingConfig=pol.MaskingConfig(type="Consistent Value"),
),
)
rule = pol.make_policy_rule(
rule_type=rule_type,
exceptions_config=exceptions_config,
config_field_tags=config_field_tags,
tagger=tagger,
)
assert rule == expected_rule
def test_build_policy_circumstance(data_policy_circumstances_dict, tagger):
circumstance_type = data_policy_circumstances_dict[0]["type"]
tags = data_policy_circumstances_dict[0]["tags"]
expected_circumstance = pol.ColumnTagCircumstance(
operator="or",
columnTag=pol.ColumnTag(name=tags[0], hasLeafNodes=tagger.is_root_tag(tags[0])),
)
circumstance = pol.build_policy_circumstance(
tag=tags[0],
tagger=tagger,
circumstance_type=circumstance_type,
)
assert circumstance == expected_circumstance