def test_get_uid(self): pack_1_db = PackDB(ref='test_pack') pack_2_db = PackDB(ref='examples') self.assertEqual(pack_1_db.get_uid(), 'pack:test_pack') self.assertEqual(pack_2_db.get_uid(), 'pack:examples') action_1_db = ActionDB(pack='examples', name='my_action', ref='examples.my_action') action_2_db = ActionDB(pack='core', name='local', ref='core.local') self.assertEqual(action_1_db.get_uid(), 'action:examples:my_action') self.assertEqual(action_2_db.get_uid(), 'action:core:local')
def test_get_uid(self): pack_1_db = PackDB(ref="test_pack") pack_2_db = PackDB(ref="examples") self.assertEqual(pack_1_db.get_uid(), "pack:test_pack") self.assertEqual(pack_2_db.get_uid(), "pack:examples") action_1_db = ActionDB(pack="examples", name="my_action", ref="examples.my_action") action_2_db = ActionDB(pack="core", name="local", ref="core.local") self.assertEqual(action_1_db.get_uid(), "action:examples:my_action") self.assertEqual(action_2_db.get_uid(), "action:core:local")
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:')) # Verify that same set of parameters always results in the same hash parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash).hexdigest() parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}) trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency') self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency') policy_db = PolicyDB(pack='dummy', name='policy1') self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:')) # Verify that same set of parameters always results in the same hash parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}, 'b': u'unicode'} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash).hexdigest() parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'b': u'unicode', 'd': {'g': 1, 'h': 2}} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}) trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
def setUp(self): super(ExecutionPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_unrelated_pack_action_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_unrelated_pack_action_grant'] = user_1_db user_2_db = UserDB( name='custom_role_pack_action_grant_unrelated_permission') user_2_db = User.add_or_update(user_2_db) self.users[ 'custom_role_pack_action_grant_unrelated_permission'] = user_2_db user_3_db = UserDB(name='custom_role_pack_action_view_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_action_view_grant'] = user_3_db user_4_db = UserDB(name='custom_role_action_view_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_action_view_grant'] = user_4_db user_5_db = UserDB(name='custom_role_pack_action_execute_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_pack_action_execute_grant'] = user_5_db user_6_db = UserDB(name='custom_role_action_execute_grant') user_6_db = User.add_or_update(user_6_db) self.users['custom_role_action_execute_grant'] = user_6_db user_7_db = UserDB(name='custom_role_pack_action_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['custom_role_pack_action_all_grant'] = user_7_db user_8_db = UserDB(name='custom_role_action_all_grant') user_8_db = User.add_or_update(user_8_db) self.users['custom_role_action_all_grant'] = user_8_db user_9_db = UserDB(name='custom_role_execution_list_grant') user_9_db = User.add_or_update(user_5_db) self.users['custom_role_execution_list_grant'] = user_9_db # Create some mock resources on which permissions can be granted action_1_db = ActionDB(pack='test_pack_2', name='action1', entry_point='', runner_type={'name': 'run-local'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db runner = {'name': 'run-python'} liveaction = {'action': 'test_pack_2.action1'} status = action_constants.LIVEACTION_STATUS_REQUESTED action = {'uid': action_1_db.get_uid(), 'pack': 'test_pack_2'} exec_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) exec_1_db = ActionExecution.add_or_update(exec_1_db) self.resources['exec_1'] = exec_1_db # Create some mock roles with associated permission grants # Custom role - one grant to an unrelated pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_unrelated_pack_action_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_unrelated_pack_action_grant'] = role_db # Custom role - one grant of unrelated permission type to parent action pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB( name='custom_role_pack_action_grant_unrelated_permission', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles[ 'custom_role_pack_action_grant_unrelated_permission'] = role_db # Custom role - one grant of "action_view" to the parent pack of the action the execution # belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_view_grant'] = role_db # Custom role - one grant of "action_view" to the action the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_view_grant'] = role_db # Custom role - one grant of "action_execute" to the parent pack of the action the # execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_execute_grant'] = role_db # Custom role - one grant of "action_execute" to the the action the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_execute_grant'] = role_db # Custom role - "action_all" grant on a parent action pack the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_action_all_grant'] = role_4_db # Custom role - "action_all" grant on action the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_all_grant'] = role_4_db # Custom role - "execution_list" grant grant_db = PermissionGrantDB( resource_uid=None, resource_type=None, permission_types=[PermissionType.EXECUTION_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_execution_list_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_execution_list_grant'] = role_5_db # Create some mock role assignments user_db = self.users['custom_role_unrelated_pack_action_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_unrelated_pack_action_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users[ 'custom_role_pack_action_grant_unrelated_permission'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self. roles['custom_role_pack_action_grant_unrelated_permission'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_execute_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_execute_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_execution_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_execution_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ExecutionPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_unrelated_pack_action_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_unrelated_pack_action_grant'] = user_1_db user_2_db = UserDB(name='custom_role_pack_action_grant_unrelated_permission') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_pack_action_grant_unrelated_permission'] = user_2_db user_3_db = UserDB(name='custom_role_pack_action_view_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_action_view_grant'] = user_3_db user_4_db = UserDB(name='custom_role_action_view_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_action_view_grant'] = user_4_db user_5_db = UserDB(name='custom_role_pack_action_execute_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_pack_action_execute_grant'] = user_5_db user_6_db = UserDB(name='custom_role_action_execute_grant') user_6_db = User.add_or_update(user_6_db) self.users['custom_role_action_execute_grant'] = user_6_db user_7_db = UserDB(name='custom_role_pack_action_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['custom_role_pack_action_all_grant'] = user_7_db user_8_db = UserDB(name='custom_role_action_all_grant') user_8_db = User.add_or_update(user_8_db) self.users['custom_role_action_all_grant'] = user_8_db # Create some mock resources on which permissions can be granted action_1_db = ActionDB(pack='test_pack_2', name='action1', entry_point='', runner_type={'name': 'run-local'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db runner = {'name': 'run-python'} liveaction = {'action': 'test_pack_2.action1'} status = action_constants.LIVEACTION_STATUS_REQUESTED action = {'uid': action_1_db.get_uid(), 'pack': 'test_pack_2'} exec_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) exec_1_db = ActionExecution.add_or_update(exec_1_db) self.resources['exec_1'] = exec_1_db # Create some mock roles with associated permission grants # Custom role - one grant to an unrelated pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_unrelated_pack_action_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_unrelated_pack_action_grant'] = role_db # Custom role - one grant of unrelated permission type to parent action pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_grant_unrelated_permission', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_grant_unrelated_permission'] = role_db # Custom role - one grant of "action_view" to the parent pack of the action the execution # belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_view_grant'] = role_db # Custom role - one grant of "action_view" to the action the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_view_grant'] = role_db # Custom role - one grant of "action_execute" to the parent pack of the action the # execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_execute_grant'] = role_db # Custom role - one grant of "action_execute" to the the action the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_execute_grant'] = role_db # Custom role - "action_all" grant on a parent action pack the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_action_all_grant'] = role_4_db # Custom role - "action_all" grant on action the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_all_grant'] = role_4_db # Create some mock role assignments user_db = self.users['custom_role_unrelated_pack_action_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_unrelated_pack_action_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_grant_unrelated_permission'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_grant_unrelated_permission'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_view_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_view_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_execute_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_execute_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(InquiryPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_inquiry_list_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_inquiry_list_grant'] = user_1_db user_2_db = UserDB(name='custom_role_inquiry_view_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_inquiry_view_grant'] = user_2_db user_3_db = UserDB(name='custom_role_inquiry_respond_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_inquiry_respond_grant'] = user_3_db user_4_db = UserDB(name='custom_role_inquiry_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_inquiry_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_inquiry_inherit') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_inquiry_inherit'] = user_5_db # Create a workflow for testing inheritance of action_execute permission # to inquiry_respond permission wf_db = ActionDB(pack='examples', name='mistral-ask-basic', entry_point='', runner_type={'name': 'mistral-v2'}) wf_db = Action.add_or_update(wf_db) self.resources['wf'] = wf_db runner = {'name': 'mistral-v2'} liveaction = {'action': 'examples.mistral-ask-basic'} status = action_constants.LIVEACTION_STATUS_PAUSED # Spawn workflow action = {'uid': wf_db.get_uid(), 'pack': 'examples'} wf_exc_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) wf_exc_db = ActionExecution.add_or_update(wf_exc_db) # Create an Inquiry on which permissions can be granted action_1_db = ActionDB(pack='core', name='ask', entry_point='', runner_type={'name': 'inquirer'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db runner = {'name': 'inquirer'} liveaction = {'action': 'core.ask'} status = action_constants.LIVEACTION_STATUS_PENDING # For now, Inquiries are "borrowing" the ActionExecutionDB model, # so we have to test with that model action = {'uid': action_1_db.get_uid(), 'pack': 'core'} inquiry_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) # A separate inquiry that has a parent (so we can test workflow permission inheritance) inquiry_2_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status, parent=str(wf_exc_db.id)) # A bit gross, but it's what we have to do since Inquiries # don't yet have their own data model def get_uid(): return "inquiry" inquiry_1_db.get_uid = get_uid inquiry_2_db.get_uid = get_uid inquiry_1_db = ActionExecution.add_or_update(inquiry_1_db) inquiry_2_db = ActionExecution.add_or_update(inquiry_2_db) self.resources['inquiry_1'] = inquiry_1_db self.resources['inquiry_2'] = inquiry_2_db ############################################################ # Create some mock roles with associated permission grants # ############################################################ # Custom role - "inquiry_list" grant grant_db = PermissionGrantDB( resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_list_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_list_grant'] = role_db # Custom role - "inquiry_view" grant grant_db = PermissionGrantDB( resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_view_grant'] = role_db # Custom role - "inquiry_respond" grant grant_db = PermissionGrantDB( resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_RESPOND]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_respond_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_respond_grant'] = role_db # Custom role - "inquiry_all" grant grant_db = PermissionGrantDB( resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_all_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_all_grant'] = role_db # Custom role - inheritance grant grant_db = PermissionGrantDB( resource_uid=self.resources['wf'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_inherit', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_inherit'] = role_db ##################################### # Create some mock role assignments # ##################################### user_db = self.users['custom_role_inquiry_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_respond_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_respond_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_inherit'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_inherit'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def test_get_uid(self): pack_db = PackDB(ref="ma_pack") self.assertEqual(pack_db.get_uid(), "pack:ma_pack") self.assertTrue(pack_db.has_valid_uid()) sensor_type_db = SensorTypeDB(name="sname", pack="spack") self.assertEqual(sensor_type_db.get_uid(), "sensor_type:spack:sname") self.assertTrue(sensor_type_db.has_valid_uid()) action_db = ActionDB(name="aname", pack="apack", runner_type={}) self.assertEqual(action_db.get_uid(), "action:apack:aname") self.assertTrue(action_db.has_valid_uid()) rule_db = RuleDB(name="rname", pack="rpack") self.assertEqual(rule_db.get_uid(), "rule:rpack:rname") self.assertTrue(rule_db.has_valid_uid()) trigger_type_db = TriggerTypeDB(name="ttname", pack="ttpack") self.assertEqual(trigger_type_db.get_uid(), "trigger_type:ttpack:ttname") self.assertTrue(trigger_type_db.has_valid_uid()) trigger_db = TriggerDB(name="tname", pack="tpack") self.assertTrue(trigger_db.get_uid().startswith("trigger:tpack:tname:")) # Verify that same set of parameters always results in the same hash parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest() parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}} trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) parameters = {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1} trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) parameters = {"b": "unicode", "c": [1, 2, 3], "d": {"h": 2, "g": 1}, "a": 1} trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) parameters = OrderedDict( {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1} ) trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters) self.assertEqual( trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash) ) self.assertTrue(trigger_db.has_valid_uid()) policy_type_db = PolicyTypeDB(resource_type="action", name="concurrency") self.assertEqual(policy_type_db.get_uid(), "policy_type:action:concurrency") self.assertTrue(policy_type_db.has_valid_uid()) policy_db = PolicyDB(pack="dummy", name="policy1") self.assertEqual(policy_db.get_uid(), "policy:dummy:policy1") api_key_db = ApiKeyDB(key_hash="valid") self.assertEqual(api_key_db.get_uid(), "api_key:valid") self.assertTrue(api_key_db.has_valid_uid()) api_key_db = ApiKeyDB() self.assertEqual(api_key_db.get_uid(), "api_key:") self.assertFalse(api_key_db.has_valid_uid())
def setUp(self): super(InquiryPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_inquiry_list_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_inquiry_list_grant'] = user_1_db user_2_db = UserDB(name='custom_role_inquiry_view_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_inquiry_view_grant'] = user_2_db user_3_db = UserDB(name='custom_role_inquiry_respond_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_inquiry_respond_grant'] = user_3_db user_4_db = UserDB(name='custom_role_inquiry_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_inquiry_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_inquiry_inherit') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_inquiry_inherit'] = user_5_db # Create a workflow for testing inheritance of action_execute permission # to inquiry_respond permission wf_db = ActionDB(pack='examples', name='mistral-ask-basic', entry_point='', runner_type={'name': 'mistral-v2'}) wf_db = Action.add_or_update(wf_db) self.resources['wf'] = wf_db runner = {'name': 'mistral-v2'} liveaction = {'action': 'examples.mistral-ask-basic'} status = action_constants.LIVEACTION_STATUS_PAUSED # Spawn workflow action = {'uid': wf_db.get_uid(), 'pack': 'examples'} wf_exc_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) wf_exc_db = ActionExecution.add_or_update(wf_exc_db) # Create an Inquiry on which permissions can be granted action_1_db = ActionDB(pack='core', name='ask', entry_point='', runner_type={'name': 'inquirer'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db runner = {'name': 'inquirer'} liveaction = {'action': 'core.ask'} status = action_constants.LIVEACTION_STATUS_PENDING # For now, Inquiries are "borrowing" the ActionExecutionDB model, # so we have to test with that model action = {'uid': action_1_db.get_uid(), 'pack': 'core'} inquiry_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) # A separate inquiry that has a parent (so we can test workflow permission inheritance) inquiry_2_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status, parent=str(wf_exc_db.id)) # A bit gross, but it's what we have to do since Inquiries # don't yet have their own data model def get_uid(): return "inquiry" inquiry_1_db.get_uid = get_uid inquiry_2_db.get_uid = get_uid inquiry_1_db = ActionExecution.add_or_update(inquiry_1_db) inquiry_2_db = ActionExecution.add_or_update(inquiry_2_db) self.resources['inquiry_1'] = inquiry_1_db self.resources['inquiry_2'] = inquiry_2_db ############################################################ # Create some mock roles with associated permission grants # ############################################################ # Custom role - "inquiry_list" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_list_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_list_grant'] = role_db # Custom role - "inquiry_view" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_view_grant'] = role_db # Custom role - "inquiry_respond" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_RESPOND]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_respond_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_respond_grant'] = role_db # Custom role - "inquiry_all" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_all_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_all_grant'] = role_db # Custom role - inheritance grant grant_db = PermissionGrantDB(resource_uid=self.resources['wf'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_inherit', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_inherit'] = role_db ##################################### # Create some mock role assignments # ##################################### user_db = self.users['custom_role_inquiry_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_respond_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_respond_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_inherit'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_inherit'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def test_get_uid(self): pack_db = PackDB(ref='ma_pack') self.assertEqual(pack_db.get_uid(), 'pack:ma_pack') self.assertTrue(pack_db.has_valid_uid()) sensor_type_db = SensorTypeDB(name='sname', pack='spack') self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname') self.assertTrue(sensor_type_db.has_valid_uid()) action_db = ActionDB(name='aname', pack='apack', runner_type={}) self.assertEqual(action_db.get_uid(), 'action:apack:aname') self.assertTrue(action_db.has_valid_uid()) rule_db = RuleDB(name='rname', pack='rpack') self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname') self.assertTrue(rule_db.has_valid_uid()) trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack') self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname') self.assertTrue(trigger_type_db.has_valid_uid()) trigger_db = TriggerDB(name='tname', pack='tpack') self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:')) # Verify that same set of parameters always results in the same hash parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} paramers_hash = json.dumps(parameters, sort_keys=True) paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest() parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1} trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}) trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters) self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash)) self.assertTrue(trigger_db.has_valid_uid()) policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency') self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency') self.assertTrue(policy_type_db.has_valid_uid()) policy_db = PolicyDB(pack='dummy', name='policy1') self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1') api_key_db = ApiKeyDB(key_hash='valid') self.assertEqual(api_key_db.get_uid(), 'api_key:valid') self.assertTrue(api_key_db.has_valid_uid()) api_key_db = ApiKeyDB() self.assertEqual(api_key_db.get_uid(), 'api_key:') self.assertFalse(api_key_db.has_valid_uid())