def test_read_policy_from_file_default_only(self): """ Test that reading a policy file with only a preset section works correctly. """ policy_file = tempfile.NamedTemporaryFile( dir=self.temp_dir, delete=False ) with open(policy_file.name, 'w') as f: f.write( '{"test": ' '{"preset": {"SPLIT_KEY": {"GET": "ALLOW_ALL"}}}}' ) policies = policy.read_policy_from_file(policy_file.name) self.assertEqual(1, len(policies)) self.assertIn('test', policies.keys()) expected = { 'preset': { enums.ObjectType.SPLIT_KEY: { enums.Operation.GET: enums.Policy.ALLOW_ALL } } } self.assertEqual(expected, policies.get('test'))
def test_read_policy_from_file_legacy(self): """ Test that reading a legacy policy file works correctly. Note: legacy policy file support may be removed in the future. """ policy_file = tempfile.NamedTemporaryFile( dir=self.temp_dir, delete=False ) with open(policy_file.name, 'w') as f: f.write( '{"test": {"CERTIFICATE": {"LOCATE": "ALLOW_ALL"}}}' ) policies = policy.read_policy_from_file(policy_file.name) self.assertEqual(1, len(policies)) self.assertIn('test', policies.keys()) expected = { 'preset': { enums.ObjectType.CERTIFICATE: { enums.Operation.LOCATE: enums.Policy.ALLOW_ALL } } } self.assertEqual(expected, policies.get('test'))
def test_read_policy_from_file_empty_policy(self): """ Test that reading a file with an empty policy is handled correctly. """ policy_file = tempfile.NamedTemporaryFile(dir=self.temp_dir, delete=False) with open(policy_file.name, 'w') as f: f.write('{"test": {}}') policies = policy.read_policy_from_file(policy_file.name) self.assertEqual(0, len(policies))
def scan_policies(self): """ Scan the policy directory for policy data. """ policy_files = get_json_files(self.policy_directory) for f in set(policy_files) - set(self.policy_files): self.file_timestamps[f] = 0 for f in set(self.policy_files) - set(policy_files): self.logger.info("Removing policies for file: {}".format(f)) self.file_timestamps.pop(f, None) for p in self.policy_cache.keys(): self.disassociate_policy_and_file(p, f) for p in [k for k, v in self.policy_map.items() if v == f]: self.restore_or_delete_policy(p) self.policy_files = policy_files for f in sorted(self.file_timestamps.keys()): t = os.path.getmtime(f) if t > self.file_timestamps[f]: self.logger.info("Loading policies for file: {}".format(f)) self.file_timestamps[f] = t old_p = [k for k, v in self.policy_map.items() if v == f] try: new_p = operation_policy.read_policy_from_file(f) except ValueError: self.logger.error("Failure loading file: {}".format(f)) self.logger.debug("", exc_info=True) continue for p in new_p.keys(): self.logger.info("Loading policy: {}".format(p)) if p in self.reserved_policies: self.logger.warning( "Policy '{}' overwrites a reserved policy and " "will be thrown out.".format(p)) continue if p in sorted(self.policy_store.keys()): self.logger.debug("Policy '{}' overwrites an existing " "policy.".format(p)) if f != self.policy_map.get(p): self.policy_cache.get(p).append( (time.time(), self.policy_map.get(p), self.policy_store.get(p))) else: self.policy_cache[p] = [] self.policy_store[p] = new_p.get(p) self.policy_map[p] = f for p in set(old_p) - set(new_p.keys()): self.disassociate_policy_and_file(p, f) self.restore_or_delete_policy(p)
def test_read_policy_from_file(self): policy_file = tempfile.NamedTemporaryFile(dir=self.temp_dir, delete=False) with open(policy_file.name, 'w') as f: f.write('{"test": {"CERTIFICATE": {"LOCATE": "ALLOW_ALL"}}}') policies = policy.read_policy_from_file(policy_file.name) self.assertEqual(1, len(policies)) self.assertIn('test', policies.keys()) test_policy = { enums.ObjectType.CERTIFICATE: { enums.Operation.LOCATE: enums.Policy.ALLOW_ALL } } self.assertEqual(test_policy, policies.get('test'))
def _load_operation_policies(self, policy_path): if (policy_path is None) or (not os.path.isdir(policy_path)): self._logger.warning( "The specified operation policy directory{0} is not " "valid. No user-defined policies will be loaded.".format( " (" + policy_path + ")" if policy_path else '')) return dict() else: self._logger.info( "Loading user-defined operation policy files from: {0}".format( policy_path)) for filename in os.listdir(policy_path): file_path = os.path.join(policy_path, filename) if os.path.isfile(file_path): self._logger.info("Loading user-defined operation policies " "from file: {0}".format(file_path)) try: policies = operation_policy.read_policy_from_file( file_path) except ValueError as e: self._logger.error( "A failure occurred while loading policies.") self._logger.exception(e) continue reserved_policies = ['default', 'public'] for policy_name in six.iterkeys(policies): if policy_name in reserved_policies: self._logger.warning( "Loaded policy '{0}' overwrites a reserved " "policy and will be thrown out.".format( policy_name)) elif policy_name in six.iterkeys(self._operation_policies): self._logger.warning( "Loaded policy '{0}' overwrites a " "preexisting policy and will be thrown " "out.".format(policy_name)) else: self._operation_policies.update([ (policy_name, policies.get(policy_name)) ])
def test_read_policy_from_file(self): policy_file = tempfile.NamedTemporaryFile( dir=self.temp_dir, delete=False ) with open(policy_file.name, 'w') as f: f.write( '{"test": {"CERTIFICATE": {"LOCATE": "ALLOW_ALL"}}}' ) policies = policy.read_policy_from_file(policy_file.name) self.assertEqual(1, len(policies)) self.assertIn('test', policies.keys()) test_policy = { enums.ObjectType.CERTIFICATE: { enums.Operation.LOCATE: enums.Policy.ALLOW_ALL } } self.assertEqual(test_policy, policies.get('test'))