def test_get_subject_data_with_invalid_category_id(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "subject-security-level",
"description": {"low": "", "medium": "", "high": ""},
}
subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get(
'data')
subject_data_id = list(subject_data.keys())[0]
found_subject_data = data_helper.get_subject_data(policy_id, subject_data_id, "invalid")
assert len(found_subject_data) == 0
def test_delete_action_category_with_rule(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
)
policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id)
with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info:
category_helper.delete_action_category(action_category_id)
assert str(
exception_info.value) == '400: Action Category With Meta Rule Error'
def test_add_pdp(db):
pdp_id = "pdp_id1"
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1",
model_name="model1")
value = {
"name": "test_pdp",
"security_pipeline": [policy_id],
"keystone_project_id": "keystone_project_id1",
"description": "...",
}
pdp = pdp_helper.add_pdp(pdp_id, value)
assert pdp
def test_add_action_assignments(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
action_id = mock_data.create_action(policy_id)
data_id = mock_data.create_action_data(policy_id=policy_id,
category_id=action_category_id)
action_assignments = assignment_helper.add_action_assignment(
policy_id, action_id, action_category_id, data_id)
assert action_assignments
action_id_1 = list(action_assignments.keys())[0]
assert action_assignments[action_id_1]["policy_id"] == policy_id
assert action_assignments[action_id_1]["action_id"] == action_id
assert action_assignments[action_id_1]["category_id"] == action_category_id
assert len(action_assignments[action_id_1].get("assignments")) == 1
assert data_id in action_assignments[action_id_1].get("assignments")
with pytest.raises(ActionAssignmentExisting) as exception_info:
assignment_helper.add_action_assignment(policy_id, action_id,
action_category_id, data_id)
assert str(exception_info.value) == '409: Action Assignment Existing'
assert str(exception_info.value.description
) == 'The given action assignment value is existing.'
def test_get_object_assignments(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
object_id = mock_data.create_object(policy_id)
data_id = mock_data.create_object_data(policy_id=policy_id,
category_id=object_category_id)
assignment_helper.add_object_assignment(policy_id, object_id,
object_category_id, data_id)
obj_assignments = assignment_helper.get_object_assignments(
policy_id, object_id, object_category_id)
object_id_1 = list(obj_assignments.keys())[0]
assert obj_assignments[object_id_1]["policy_id"] == policy_id
assert obj_assignments[object_id_1]["object_id"] == object_id
assert obj_assignments[object_id_1]["category_id"] == object_category_id
assert len(obj_assignments[object_id_1].get("assignments")) == 1
assert data_id in obj_assignments[object_id_1].get("assignments")
def test_get_available_metadata(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
metadata = data_helper.get_available_metadata(policy_id=policy_id)
assert metadata
assert metadata['object'][0] == object_category_id
assert metadata['subject'][0] == subject_category_id
assert metadata['action'][0] == action_category_id
def test_delete_action_data(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
data_helper.get_available_metadata(policy_id)
value = {
"name": "action-type",
"description": {"vm-action": "", "storage-action": "", },
}
action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value)
data_id = list(action_data["data"])[0]
data_helper.delete_action_data(policy_id=policy_id, data_id=data_id)
new_action_data = data_helper.get_action_data(policy_id)
assert len(new_action_data[0]['data']) == 0
def test_get_action_data_with_invalid_category_id(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
action_data = data_helper.get_action_data(policy_id=policy_id, category_id="invalid")
assert len(action_data) == 0
def test_add_action_multiple_times(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id1 = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1",
model_name="model1")
value = {
"name": "test_action",
"description": "test",
}
action = data_helper.add_action(policy_id=policy_id1, value=value)
logger.info("action : {}".format(action))
action_id = list(action.keys())[0]
perimeter_id = action[action_id].get('id')
assert action
value = {
"name": "test_action",
"description": "test",
"policy_list": ['policy_id_3', 'policy_id_4']
}
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id2 = mock_data.create_new_policy(
subject_category_name="subject_category2",
object_category_name="object_category2",
action_category_name="action_category2",
meta_rule_name="meta_rule_2",
model_name="model2")
action = data_helper.add_action(policy_id=policy_id2, perimeter_id=perimeter_id, value=value)
logger.info("action : {}".format(action))
assert action
action_id = list(action.keys())[0]
assert len(action[action_id].get('policy_list')) == 2
def test_add_action(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "test_action",
"description": "test",
}
action = data_helper.add_action(policy_id=policy_id, value=value)
assert action
action_id = list(action.keys())[0]
assert len(action[action_id].get('policy_list')) == 1
def test_add_action_twice(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "test_action",
"description": "test",
}
data_helper.add_action(policy_id=policy_id, value=value)
with pytest.raises(PolicyExisting) as exception_info:
data_helper.add_action(policy_id=policy_id, value=value)
assert str(exception_info.value) == '409: Policy Already Exists'
def test_delete_subject_data(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "subject-security-level",
"description": {"low": "", "medium": "", "high": ""},
}
subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get(
'data')
subject_data_id = list(subject_data.keys())[0]
data_helper.delete_subject_data(policy_id=subject_data[subject_data_id].get('policy_id'), data_id=subject_data_id)
new_subject_data = data_helper.get_subject_data(policy_id)
assert len(new_subject_data[0]['data']) == 0
def test_add_subject_data_duplicate(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "subject-security-level",
"description": {"low": "", "medium": "", "high": ""},
}
subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get(
'data')
with pytest.raises(SubjectScopeExisting) as exception_info:
subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id,
value=value).get('data')
assert str(exception_info.value) == '409: Subject Scope Existing'
def test_add_subject_data_with_no_category_id(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "subject-security-level",
"description": {"low": "", "medium": "", "high": ""},
}
with pytest.raises(SubjectCategoryUnknown) as exception_info:
data_helper.add_subject_data(policy_id=policy_id, data_id=subject_category_id, value=value).get('data')
assert str(exception_info.value) == '400: Subject Category Unknown'
def test_delete_subject(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "testuser",
"description": "test",
}
subject = data_helper.add_subject(policy_id=policy_id, value=value)
subject_id = list(subject.keys())[0]
data_helper.delete_subject(policy_id, subject_id)
subjects = data_helper.get_subjects(policy_id, )
assert not subjects
def test_delete_action(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "test_action",
"description": "test",
}
action = data_helper.add_action(policy_id=policy_id, value=value)
action_id = list(action.keys())[0]
data_helper.delete_action(policy_id, action_id)
actions = data_helper.get_actions(policy_id, )
assert not actions
def test_delete_action_with_assignment(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category" + uuid4().hex,
object_category_name="object_category" + uuid4().hex,
action_category_name="action_category" + uuid4().hex,
meta_rule_name="meta_rule_" + uuid4().hex)
action_id = mock_data.create_action(policy_id)
data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id)
assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id)
with pytest.raises(DeletePerimeterWithAssignment) as exception_info:
data_helper.delete_action(policy_id, action_id)
assert '400: Perimeter With Assignment Error' == str(exception_info.value)
def test_add_action_data(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "action-type",
"description": {"vm-action": "", "storage-action": "", },
}
action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value)
assert action_data
assert len(action_data['data']) == 1
def test_add_action_data_with_invalid_category_id(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "action-type",
"description": {"vm-action": "", "storage-action": "", },
}
with pytest.raises(ActionCategoryUnknown) as exception_info:
data_helper.add_action_data(policy_id=policy_id, value=value).get('data')
assert str(exception_info.value) == '400: Action Category Unknown'
def test_get_subjects(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "testuser",
"description": "test",
}
data_helper.add_subject(policy_id=policy_id, value=value)
subjects = data_helper.get_subjects(policy_id=policy_id)
assert subjects
assert len(subjects) == 1
subject_id = list(subjects.keys())[0]
assert subjects[subject_id].get('policy_list')[0] == policy_id
def test_get_subject_assignments_by_policy_id(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
subject_id = mock_data.create_subject(policy_id)
data_id = mock_data.create_subject_data(policy_id=policy_id,
category_id=subject_category_id)
assignment_helper.add_subject_assignment(policy_id, subject_id,
subject_category_id, data_id)
subj_assignments = assignment_helper.get_subject_assignments(policy_id)
assert len(subj_assignments) == 1
def test_get_subjects_with_invalid_policy_id(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "testuser",
"description": "test",
}
data_helper.add_subject(policy_id=policy_id, value=value)
with pytest.raises(PolicyUnknown) as exception_info:
data_helper.get_subjects(policy_id="invalid")
assert str(exception_info.value) == '400: Policy Unknown'
def test_delete_action_assignment(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
action_id = mock_data.create_action(policy_id)
data_id = mock_data.create_action_data(policy_id=policy_id,
category_id=action_category_id)
assignment_helper.add_action_assignment(policy_id, action_id,
action_category_id, data_id)
assignment_helper.delete_action_assignment(policy_id, "", "", "")
assignments = assignment_helper.get_action_assignments(policy_id, )
assert len(assignments) == 1
def test_add_subject_with_same_policy_twice(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "testuser",
"description": "test",
}
subject = data_helper.add_subject(policy_id=policy_id, value=value)
assert subject
subject_id = list(subject.keys())[0]
assert len(subject[subject_id].get('policy_list')) == 1
with pytest.raises(PolicyExisting) as exception_info:
data_helper.add_subject(policy_id=policy_id, value=value)
assert str(exception_info.value) == '409: Policy Already Exists'
def test_delete_object_category_with_assignment(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
)
object_id = mock_data.create_object(policy_id)
data_id = mock_data.create_object_data(policy_id, object_category_id)
assignment_helper.add_object_assignment(policy_id, object_id,
object_category_id, data_id)
with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info:
category_helper.delete_object_category(object_category_id)
assert str(
exception_info.value) == '400: Object Category With Meta Rule Error'
def test_add_subjects_multiple_times(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1",
model_name="model1")
value = {
"name": "testuser",
"description": "test",
}
subject = data_helper.add_subject(policy_id=policy_id, value=value)
subject_id = list(subject.keys())[0]
perimeter_id = subject[subject_id].get('id')
assert subject
value = {
"name": "testuser",
"description": "test",
}
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category2",
object_category_name="object_category2",
action_category_name="action_category2",
meta_rule_name="meta_rule_2",
model_name="model2")
subject = data_helper.add_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
assert subject
subject_id = list(subject.keys())[0]
assert len(subject[subject_id].get('policy_list')) == 2
def test_delete_data_categories_connected_to_meta_rule(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
)
with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info:
category_helper.delete_subject_category(subject_category_id)
assert str(
exception_info.value) == '400: Subject Category With Meta Rule Error'
with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info:
category_helper.delete_object_category(object_category_id)
assert str(
exception_info.value) == '400: Object Category With Meta Rule Error'
with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info:
category_helper.delete_action_category(action_category_id)
assert str(
exception_info.value) == '400: Action Category With Meta Rule Error'
def test_add_action_data_duplicate(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "action-type",
"description": {"vm-action": "", "storage-action": "", },
}
action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value)
with pytest.raises(ActionScopeExisting) as exception_info:
action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value)
assert str(exception_info.value) == '409: Action Scope Existing'
def test_add_pdp_twice_with_same_id(db):
pdp_id = "pdp_id1"
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1",
model_name="model1")
value = {
"name": "test_pdp",
"security_pipeline": [policy_id],
"keystone_project_id": "keystone_project_id1",
"description": "...",
}
pdp_helper.add_pdp(pdp_id, value)
with pytest.raises(Exception) as exception_info:
pdp_helper.add_pdp(pdp_id, value)
assert str(exception_info.value) == '409: Pdp Error'
def test_add_object_data(db):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy(
subject_category_name="subject_category1",
object_category_name="object_category1",
action_category_name="action_category1",
meta_rule_name="meta_rule_1")
value = {
"name": "object-security-level",
"description": {"low": "", "medium": "", "high": ""},
}
object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get(
'data')
assert object_data
object_data_id = list(object_data.keys())[0]
assert object_data[object_data_id].get('policy_id') == policy_id
