class GovernanceUnitTest(PyonTestCase): governance_controller = None def setUp(self): FakeContainer = Mock() FakeContainer.id = "containerid" FakeContainer.node = Mock() self.governance_controller = GovernanceController(FakeContainer()) self.pre_func1 =\ """def precondition_func(process, msg, headers): if headers['op'] != 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ self.pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not have the proper signature self.bad_pre_func1 =\ """def precondition_func(msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not return the proper tuple self.bad_pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False else: return True """ def test_initialize_from_config(self): intlist = {'conversation', 'information', 'policy'} config = {'interceptor_order': intlist, 'governance_interceptors': {'conversation': {'class': 'pyon.core.governance.conversation.conversation_monitor_interceptor.ConversationMonitorInterceptor'}, 'information': {'class': 'pyon.core.governance.information.information_model_interceptor.InformationModelInterceptor'}, 'policy': {'class': 'pyon.core.governance.policy.policy_interceptor.PolicyInterceptor'}}} self.governance_controller.initialize_from_config(config) self.assertEquals(self.governance_controller.interceptor_order, intlist) self.assertEquals(len(self.governance_controller.interceptor_by_name_dict), len(config['governance_interceptors'])) # TODO - Need to fill this method out def test_process_message(self): pass def test_register_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 3) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'self.pre_func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 4) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 5) def test_unregister_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) def test_check_process_operation_preconditions(self): bs = UnitTestService() self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func2') self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func3) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func2) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.assertIn('Cannot call the test_op operation', cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func2) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func4') #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_signature) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_return) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_return) #Its possible to register invalid functions - but they it get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func2) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func2) def test_resource_policy_event_callback(self): event_data = Mock() event_data.resource_id = 'resource._id' event_data.resource_type = 'resource.type_' event_data.resource_name = 'resource.name' event_data.origin = 'policy._id' policy_rules = 'policy_rules' pc = Mock() pc.get_active_resource_access_policy_rules.return_value = policy_rules self.governance_controller.policy_client = pc self.governance_controller.system_actor_user_header = {} # call resource_policy_event_callback without a PDP self.governance_controller.resource_policy_event_callback(event_data) # expect that nothing happened since there was no PDP to update self.assertEqual(pc.get_active_resource_access_policy_rules.called, False) #add a pdp pdp = Mock() self.governance_controller.policy_decision_point_manager = pdp self.governance_controller.resource_policy_event_callback(event_data) # expect that policy rules are retrieved for resource pc.get_active_resource_access_policy_rules.assert_called_with(event_data.resource_id, headers={}) # expect that pdp is called with new rules pdp.load_resource_policy_rules.assert_called_with(event_data.resource_id, policy_rules) def test_service_policy_event_callback(self): # mock service policy event service_policy_event = Mock() service_policy_event.origin = 'policy_id' service_policy_event.service_name = 'UnitTestService' service_policy_event.op = 'test_op' # mock a container container = Mock() self.governance_controller.container = container # set it up so that service_name resolves neither to a service nor an agent container.proc_manager.is_local_service_process.return_value = False container.proc_manager.is_local_agent_process.return_value = False # add a pdp pdp = Mock() self.governance_controller.policy_decision_point_manager = pdp # check that the pdp is not called because service_name is neither a service nor an agent self.governance_controller.service_policy_event_callback(service_policy_event) self.assertEqual(pdp.called, False) ######### ######### # make the service_name a local service process container.proc_manager.is_local_service_process.return_value = True # set up mock policy client with rules policy_rules = 'policy_rules' pc = Mock() self.governance_controller.policy_client = pc self.governance_controller.system_actor_user_header = {} pc.get_active_service_access_policy_rules.return_value = policy_rules # set local process local_process = Mock() local_process.name = 'local_process' container.proc_manager.get_a_local_process.return_value = local_process # register process operation precondition self.governance_controller.register_process_operation_precondition(local_process, 'test_op', 'func1') # set up the active precondition op = Mock() op.op = 'test_op_2' op.preconditions = ['func2'] pc.get_active_process_operation_preconditions.return_value = [op] self.governance_controller.service_policy_event_callback(service_policy_event) # check that the service_policy_event_callback did not delete all registered preconditions (func1) on operation test_op self.assertEquals('test_op' in self.governance_controller.get_process_operation_dict(local_process.name), True) # and updated with the active one (func2) on test_op2 self.assertEquals('test_op_2' in self.governance_controller.get_process_operation_dict(local_process.name), True) # expect that policy rules are retrieved for resource pc.get_active_service_access_policy_rules.assert_called_with(service_name=service_policy_event.service_name, org_name=self.governance_controller.container_org_name, headers={}) pdp.load_service_policy_rules.assert_called_with(service_policy_event.service_name, policy_rules) def test_governance_header_values(self): process = Mock() process.name = 'test_process' headers = {'op': 'test_op', 'process': process, 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-roles': {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}} gov_values = GovernanceHeaderValues(headers) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'test_process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual(gov_values.actor_roles, {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id,'123xyz') self.assertRaises(BadRequest, GovernanceHeaderValues, {}) headers = {'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-roles': {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}} gov_values = GovernanceHeaderValues(headers) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'Unknown-Process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual(gov_values.actor_roles, {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id,'123xyz') headers = {'op': 'test_op', 'request': 'request', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-roles': {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}} self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) headers = {'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-123-roles': {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}} self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) headers = {'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type','sender-service': 'sender-service', 'ion-actor-roles': {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}} self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) gov_values = GovernanceHeaderValues(headers, resource_id_required=False) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'Unknown-Process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual(gov_values.actor_roles, {'ION': [ION_MANAGER, ORG_MANAGER_ROLE, ORG_MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id,'')
class GovernanceUnitTest(PyonTestCase): governance_controller = None def setUp(self): FakeContainer = Mock() FakeContainer.id = "containerid" FakeContainer.node = Mock() self.governance_controller = GovernanceController(FakeContainer()) self.pre_func1 =\ """def precondition_func(process, msg, headers): if headers['op'] != 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ self.pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not have the proper signature self.bad_pre_func1 =\ """def precondition_func(msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not return the proper tuple self.bad_pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False else: return True """ def test_initialize_from_config(self): intlist = {'policy'} config = { 'interceptor_order': intlist, 'governance_interceptors': { 'policy': { 'class': 'pyon.core.governance.policy.policy_interceptor.PolicyInterceptor' } } } self.governance_controller.initialize_from_config(config) self.assertEquals(self.governance_controller.interceptor_order, intlist) self.assertEquals( len(self.governance_controller.interceptor_by_name_dict), len(config['governance_interceptors'])) # TODO - Need to fill this method out def test_process_message(self): pass def test_register_process_operation_precondition(self): bs = UnitTestService() self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 0) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func1) self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func2') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 2) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func4') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 3) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'self.pre_func1') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 4) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.bad_signature) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 5) def test_unregister_process_operation_precondition(self): bs = UnitTestService() self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 0) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func1) self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func2') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func1') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.func1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.pre_func1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.pre_func1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func2') self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 0) def test_check_process_operation_preconditions(self): bs = UnitTestService() self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func1) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func2') with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func2') self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func3) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.func2) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.pre_func1) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.pre_func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.assertIn('Cannot call the test_op operation', cm.exception.message) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.pre_func2) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func4') self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func4') #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.bad_signature) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.bad_signature) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.bad_return) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.bad_return) #Its possible to register invalid functions - but they it get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.bad_pre_func1) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.bad_pre_func1) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.bad_pre_func2) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.bad_pre_func2) def test_governance_header_values(self): process = Mock() process.name = 'test_process' headers = { 'op': 'test_op', 'process': process, 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz', 'sender-service': 'sender-service', 'ion-actor-roles': { 'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE] } } gov_values = GovernanceHeaderValues(headers) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'test_process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual( gov_values.actor_roles, {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id, '123xyz') self.assertRaises(BadRequest, GovernanceHeaderValues, {}) headers = { 'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz', 'sender-service': 'sender-service', 'ion-actor-roles': { 'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE] } } gov_values = GovernanceHeaderValues(headers) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'Unknown-Process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual( gov_values.actor_roles, {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id, '123xyz') headers = { 'op': 'test_op', 'request': 'request', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz', 'sender-service': 'sender-service', 'ion-actor-roles': { 'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE] } } self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) headers = { 'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz', 'sender-service': 'sender-service', 'ion-actor-123-roles': { 'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE] } } self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) headers = { 'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'sender-service': 'sender-service', 'ion-actor-roles': { 'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE] } } self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) gov_values = GovernanceHeaderValues(headers, resource_id_required=False) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'Unknown-Process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual( gov_values.actor_roles, {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id, '')
class GovernanceUnitTest(PyonTestCase): governance_controller = None def setUp(self): FakeContainer = Mock() FakeContainer.id = "containerid" FakeContainer.node = Mock() self.governance_controller = GovernanceController(FakeContainer()) self.pre_func1 =\ """def precondition_func(process, msg, headers): if headers['op'] != 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ self.pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not have the proper signature self.bad_pre_func1 =\ """def precondition_func(msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not return the proper tuple self.bad_pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False else: return True """ def test_initialize_from_config(self): intlist = {'policy'} config = {'interceptor_order': intlist, 'governance_interceptors': {'policy': {'class': 'pyon.core.governance.policy.policy_interceptor.PolicyInterceptor'}}} self.governance_controller.initialize_from_config(config) self.assertEquals(self.governance_controller.interceptor_order, intlist) self.assertEquals(len(self.governance_controller.interceptor_by_name_dict), len(config['governance_interceptors'])) # TODO - Need to fill this method out def test_process_message(self): pass def test_register_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 3) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'self.pre_func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 4) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 5) def test_unregister_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) def test_check_process_operation_preconditions(self): bs = UnitTestService() self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func2') self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func3) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func2) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.assertIn('Cannot call the test_op operation', cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func2) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func4') #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_signature) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_return) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_return) #Its possible to register invalid functions - but they it get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func2) self.governance_controller.check_process_operation_preconditions(bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func2) def test_governance_header_values(self): process = Mock() process.name = 'test_process' headers = {'op': 'test_op', 'process': process, 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-roles': {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}} gov_values = GovernanceHeaderValues(headers) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'test_process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual(gov_values.actor_roles, {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id,'123xyz') self.assertRaises(BadRequest, GovernanceHeaderValues, {}) headers = {'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-roles': {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}} gov_values = GovernanceHeaderValues(headers) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'Unknown-Process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual(gov_values.actor_roles, {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id,'123xyz') headers = {'op': 'test_op', 'request': 'request', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-roles': {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}} self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) headers = {'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type', 'resource-id': '123xyz' ,'sender-service': 'sender-service', 'ion-actor-123-roles': {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}} self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) headers = {'op': 'test_op', 'request': 'request', 'ion-actor-id': 'ionsystem', 'receiver': 'resource-registry', 'sender-type': 'sender-type','sender-service': 'sender-service', 'ion-actor-roles': {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}} self.assertRaises(Inconsistent, GovernanceHeaderValues, headers) gov_values = GovernanceHeaderValues(headers, resource_id_required=False) self.assertEqual(gov_values.op, 'test_op') self.assertEqual(gov_values.process_name, 'Unknown-Process') self.assertEqual(gov_values.actor_id, 'ionsystem') self.assertEqual(gov_values.actor_roles, {'ION': [SUPERUSER_ROLE, MODERATOR_ROLE, MEMBER_ROLE]}) self.assertEqual(gov_values.resource_id,'')
class GovernanceTest(PyonTestCase): governance_controller = None def setUp(self): self.governance_controller = GovernanceController(FakeContainer()) self.pre_func1 =\ """def precondition_func(process, msg, headers): if headers['op'] != 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ self.pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not have the proper signature self.bad_pre_func1 =\ """def precondition_func(msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not return the proper tuple self.bad_pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False else: return True """ def test_initialize_from_config(self): intlist = {'conversation', 'information', 'policy'} config = {'interceptor_order':intlist, 'governance_interceptors': {'conversation': {'class': 'pyon.core.governance.conversation.conversation_monitor_interceptor.ConversationMonitorInterceptor' }, 'information': {'class': 'pyon.core.governance.information.information_model_interceptor.InformationModelInterceptor' }, 'policy': {'class': 'pyon.core.governance.policy.policy_interceptor.PolicyInterceptor' } }} self.governance_controller.initialize_from_config(config) self.assertEquals(self.governance_controller.interceptor_order,intlist) self.assertEquals(len(self.governance_controller.interceptor_by_name_dict),len(config['governance_interceptors'])) # TODO - Need to fill this method out def test_process_message(self): pass def test_register_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 3) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'self.pre_func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 4) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 5) def test_unregister_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func2) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) def test_check_process_operation_preconditions(self): bs = UnitTestService() self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.assertIn('No reason',cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func2) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func3) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.assertIn('No reason',cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func2') self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.assertIn('Cannot call the test_op operation',cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func2) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func4') #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_signature) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_return) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_return) #Its possible to register invalid functions - but they it get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func2) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func2)
class GovernanceUnitTest(PyonTestCase): governance_controller = None def setUp(self): self.governance_controller = GovernanceController(FakeContainer()) self.pre_func1 =\ """def precondition_func(process, msg, headers): if headers['op'] != 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ self.pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not have the proper signature self.bad_pre_func1 =\ """def precondition_func(msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not return the proper tuple self.bad_pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False else: return True """ def test_initialize_from_config(self): intlist = {'conversation', 'information', 'policy'} config = {'interceptor_order':intlist, 'governance_interceptors': {'conversation': {'class': 'pyon.core.governance.conversation.conversation_monitor_interceptor.ConversationMonitorInterceptor' }, 'information': {'class': 'pyon.core.governance.information.information_model_interceptor.InformationModelInterceptor' }, 'policy': {'class': 'pyon.core.governance.policy.policy_interceptor.PolicyInterceptor' } }} self.governance_controller.initialize_from_config(config) self.assertEquals(self.governance_controller.interceptor_order,intlist) self.assertEquals(len(self.governance_controller.interceptor_by_name_dict),len(config['governance_interceptors'])) # TODO - Need to fill this method out def test_process_message(self): pass def test_register_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 3) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'self.pre_func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 4) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 5) def test_unregister_process_operation_precondition(self): bs = UnitTestService() self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func1') self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func1) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func2) self.assertEqual(len(self.governance_controller.get_process_operation_dict(bs.name)), 0) def test_check_process_operation_preconditions(self): bs = UnitTestService() self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func1) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func2') with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.assertIn('No reason',cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.func2) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func3) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.assertIn('No reason',cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func2') self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func1) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.pre_func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.assertIn('Cannot call the test_op operation',cm.exception.message) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.pre_func2) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', 'func4') self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', 'func4') #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_signature) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_signature) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', bs.bad_return) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', bs.bad_return) #Its possible to register invalid functions - but they it get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func1) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition(bs, 'test_op', self.bad_pre_func2) self.governance_controller.check_process_operation_preconditions(bs,{}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition(bs, 'test_op', self.bad_pre_func2)
class GovernanceUnitTest(PyonTestCase): governance_controller = None def setUp(self): FakeContainer = Mock() FakeContainer.id = "containerid" FakeContainer.node = Mock() self.governance_controller = GovernanceController(FakeContainer()) self.pre_func1 =\ """def precondition_func(process, msg, headers): if headers['op'] != 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ self.pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not have the proper signature self.bad_pre_func1 =\ """def precondition_func(msg, headers): if headers['op'] == 'test_op': return False, 'Cannot call the test_op operation' else: return True, '' """ #This invalid test function does not return the proper tuple self.bad_pre_func2 =\ """def precondition_func(process, msg, headers): if headers['op'] == 'test_op': return False else: return True """ def test_initialize_from_config(self): intlist = {'conversation', 'information', 'policy'} config = { 'interceptor_order': intlist, 'governance_interceptors': { 'conversation': { 'class': 'pyon.core.governance.conversation.conversation_monitor_interceptor.ConversationMonitorInterceptor' }, 'information': { 'class': 'pyon.core.governance.information.information_model_interceptor.InformationModelInterceptor' }, 'policy': { 'class': 'pyon.core.governance.policy.policy_interceptor.PolicyInterceptor' } } } self.governance_controller.initialize_from_config(config) self.assertEquals(self.governance_controller.interceptor_order, intlist) self.assertEquals( len(self.governance_controller.interceptor_by_name_dict), len(config['governance_interceptors'])) # TODO - Need to fill this method out def test_process_message(self): pass def test_register_process_operation_precondition(self): bs = UnitTestService() self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 0) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func1) self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func2') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 2) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func4') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 3) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'self.pre_func1') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 4) #Its possible to register invalid functions self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.bad_signature) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 5) def test_unregister_process_operation_precondition(self): bs = UnitTestService() self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 0) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func1) self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func2') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func1') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func1') self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.pre_func1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 2) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.pre_func1) self.assertEqual( len( self.governance_controller.get_process_operation_dict( bs.name)['test_op']), 1) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.func2) self.assertEqual( len(self.governance_controller.get_process_operation_dict( bs.name)), 0) def test_check_process_operation_preconditions(self): bs = UnitTestService() self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func1) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func2') with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.func2) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func3) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.assertIn('No reason', cm.exception.message) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func2') self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.pre_func1) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.pre_func2) with self.assertRaises(Unauthorized) as cm: self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.assertIn('Cannot call the test_op operation', cm.exception.message) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.pre_func2) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', 'func4') self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', 'func4') #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.bad_signature) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.bad_signature) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', bs.bad_return) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', bs.bad_return) #Its possible to register invalid functions - but they it get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.bad_pre_func1) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.bad_pre_func1) #Its possible to register invalid functions - but it should get ignored when checked self.governance_controller.register_process_operation_precondition( bs, 'test_op', self.bad_pre_func2) self.governance_controller.check_process_operation_preconditions( bs, {}, {'op': 'test_op'}) self.governance_controller.unregister_process_operation_precondition( bs, 'test_op', self.bad_pre_func2) def test_resource_policy_event_callback(self): event_data = Mock() event_data.resource_id = 'resource._id' event_data.resource_type = 'resource.type_' event_data.resource_name = 'resource.name' event_data.origin = 'policy._id' policy_rules = 'policy_rules' pc = Mock() pc.get_active_resource_access_policy_rules.return_value = policy_rules self.governance_controller.policy_client = pc # call resource_policy_event_callback without a PDP self.governance_controller.resource_policy_event_callback(event_data) # expect that nothing happened since there was no PDP to update self.assertEqual(pc.get_active_resource_access_policy_rules.called, False) #add a pdp pdp = Mock() self.governance_controller.policy_decision_point_manager = pdp self.governance_controller.resource_policy_event_callback(event_data) # expect that policy rules are retrieved for resource pc.get_active_resource_access_policy_rules.assert_called_with( event_data.resource_id) # expect that pdp is called with new rules pdp.load_resource_policy_rules.assert_called_with( event_data.resource_id, policy_rules) def test_service_policy_event_callback(self): # mock service policy event service_policy_event = Mock() service_policy_event.origin = 'policy_id' service_policy_event.service_name = 'UnitTestService' service_policy_event.op = 'test_op' # mock a container container = Mock() self.governance_controller.container = container # set it up so that service_name resolves neither to a service nor an agent container.proc_manager.is_local_service_process.return_value = False container.proc_manager.is_local_agent_process.return_value = False # add a pdp pdp = Mock() self.governance_controller.policy_decision_point_manager = pdp # check that the pdp is not called because service_name is neither a service nor an agent self.governance_controller.service_policy_event_callback( service_policy_event) self.assertEqual(pdp.called, False) ######### ######### # make the service_name a local service process container.proc_manager.is_local_service_process.return_value = True # set up mock policy client with rules policy_rules = 'policy_rules' pc = Mock() self.governance_controller.policy_client = pc pc.get_active_service_access_policy_rules.return_value = policy_rules # set local process local_process = Mock() local_process.name = 'local_process' container.proc_manager.get_a_local_process.return_value = local_process # register process operation precondition self.governance_controller.register_process_operation_precondition( local_process, 'test_op', 'func1') # set up the active precondition op = Mock() op.op = 'test_op_2' op.preconditions = ['func2'] pc.get_active_process_operation_preconditions.return_value = [op] self.governance_controller.service_policy_event_callback( service_policy_event) # check that the service_policy_event_callback deleted all registered preconditions (func1) on operation test_op self.assertEquals( 'test_op' in self.governance_controller.get_process_operation_dict( local_process.name), False) # and updated with the active one (func2) on test_op2 self.assertEquals( 'test_op_2' in self.governance_controller.get_process_operation_dict( local_process.name), True) # expect that policy rules are retrieved for resource pc.get_active_service_access_policy_rules.assert_called_with( service_policy_event.service_name, self.governance_controller._container_org_name) pdp.load_service_policy_rules.assert_called_with( service_policy_event.service_name, policy_rules)