def test_equal(self):
xproto = \
"""
policy output < ctx.user = obj.user >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output) # This loads the generated function, which should look like this:
"""
def policy_output_enforcer(obj, ctx):
i1 = (ctx.user == obj.user)
return i1
"""
obj = FakeArgs()
obj.user = 1
ctx = FakeArgs()
ctx.user = 1
verdict = policy_output_enforcer(obj, ctx)
def test_equal(self):
xproto = \
"""
policy output < not (ctx.user = obj.user) >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output) # This loads the generated function, which should look like this:
"""
def policy_output_validator(obj, ctx):
i2 = (ctx.user == obj.user)
i1 = (not i2)
if (not i1):
raise Exception('Necessary Failure')
"""
obj = FakeArgs()
obj.user = 1
ctx = FakeArgs()
ctx.user = 1
with self.assertRaises(Exception):
policy_output_validator(obj, ctx)
def test_equal(self):
xproto = \
"""
policy output < ctx.user = obj.user >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(
output
) # This loads the generated function, which should look like this:
"""
def output_security_check(obj, ctx):
i1 = (ctx.user == obj.user)
return i1
"""
obj = FakeArgs()
obj.user = 1
ctx = FakeArgs()
ctx.user = 1
verdict = output_security_check(obj, ctx)
def test_call_policy(self):
xproto = \
"""
policy sub_policy < ctx.user = obj.user >
policy output < *sub_policy(child) >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output, globals(
)) # This loads the generated function, which should look like this:
"""
def policy_sub_policy_enforcer(obj, ctx):
i1 = (ctx.user == obj.user)
return i1
def policy_output_enforcer(obj, ctx):
i1 = policy_sub_policy_enforcer(obj.child, ctx)
return i1
"""
obj = FakeArgs()
obj.child = FakeArgs()
obj.child.user = 1
ctx = FakeArgs()
ctx.user = 1
verdict = policy_output_enforcer(obj, ctx)
self.assertTrue(verdict)
def test_call_policy(self):
xproto = \
"""
policy sub_policy < ctx.user = obj.user >
policy output < *sub_policy(child) >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output,globals()) # This loads the generated function, which should look like this:
"""
def policy_sub_policy_enforcer(obj, ctx):
i1 = (ctx.user == obj.user)
return i1
def policy_output_enforcer(obj, ctx):
i1 = policy_sub_policy_enforcer(obj.child, ctx)
return i1
"""
obj = FakeArgs()
obj.child = FakeArgs()
obj.child.user = 1
ctx = FakeArgs()
ctx.user = 1
verdict = policy_output_enforcer(obj, ctx)
self.assertTrue(verdict)
def test_call_policy_child_none(self):
xproto = \
"""
policy sub_policy < ctx.user = obj.user >
policy output < *sub_policy(child) >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output, globals(
)) # This loads the generated function, which should look like this:
"""
def sub_policy_security_check(obj, ctx):
i1 = (ctx.user == obj.user)
return i1
def output_security_check(obj, ctx):
if obj.child:
i1 = sub_policy_security_check(obj.child, ctx)
else:
i1 = True
return i1
"""
obj = FakeArgs()
obj.child = None
ctx = FakeArgs()
ctx.user = 1
def test_equal(self):
xproto = \
"""
policy slice_user < slice.user = obj.user >
"""
target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.slice_user }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.user = '******'
obj = FakeArgs()
obj.user = '******'
(op, operands), = eval(output).items()
expr = op.join(operands).replace('=','==')
self.assertTrue(eval(expr))
def test_equal(self):
xproto = \
"""
policy slice_user < slice.user = obj.user >
"""
target = XProtoTestHelpers.write_tmp_target(
"{{ proto.policies.slice_user }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.user = '******'
obj = FakeArgs()
obj.user = '******'
(op, operands), = eval(output).items()
expr = op.join(operands).replace('=', '==')
self.assertTrue(eval(expr))
def test_term(self):
xproto = \
"""
policy slice_user < slice.user.is_admin >
"""
target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.slice_user }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.user = FakeArgs()
slice.user.is_admin = True
expr = eval(output)
self.assertTrue(expr)
def test_term(self):
xproto = \
"""
policy slice_user < slice.user.is_admin >
"""
target = XProtoTestHelpers.write_tmp_target(
"{{ proto.policies.slice_user }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.user = FakeArgs()
slice.user.is_admin = True
expr = eval(output)
self.assertTrue(expr)
def test_function_term(self):
xproto = \
"""
policy slice_user < slice.user.compute_is_admin() >
"""
target = XProtoTestHelpers.write_tmp_target(
"{{ proto.policies.slice_user }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSProcessor.process(args)
slice = FakeArgs()
slice.user = FakeArgs()
slice.user.compute_is_admin = lambda: True
expr = eval(output)
self.assertTrue(expr)
def test_string_constant(self):
xproto = \
"""
policy slice_user < slice.user.email = "*****@*****.**" >
"""
target = XProtoTestHelpers.write_tmp_target(
"{{ proto.policies.slice_user }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSProcessor.process(args)
slice = FakeArgs()
slice.user = FakeArgs()
slice.user.is_admin = True
expr = eval(output)
self.assertTrue(expr)
def test_call_policy(self):
xproto = \
"""
policy sub_policy < ctx.user = obj.user >
policy output < *sub_policy(child) >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output,globals()) # This loads the generated function, which should look like this:
"""
def policy_sub_policy_validator(obj, ctx):
i1 = (ctx.user == obj.user)
if (not i1):
raise ValidationError('Necessary Failure')
def policy_output_validator(obj, ctx):
i1 = policy_sub_policy_validator(obj.child, ctx)
if (not i1):
raise ValidationError('Necessary Failure')
"""
obj = FakeArgs()
obj.child = FakeArgs()
obj.child.user = 1
ctx = FakeArgs()
ctx.user = 1
with self.assertRaises(Exception):
verdict = policy_output_enforcer(obj, ctx)
