예제 #1
0
파일: test_logger.py 프로젝트: yetudada/st2
    def test_format_rule(self):
        expected_result = {
            'description': 'Test description',
            'tags': [],
            'type': {
                'ref': 'standard',
                'parameters': {}},
            'enabled': True,
            'trigger': 'test tigger',
            'metadata_file': None,
            'context': {},
            'criteria': {},
            'action': {
                'ref': '1234',
                'parameters': {'b': 2}},
            'uid': 'rule:testpack:test.action',
            'pack': 'testpack',
            'ref': 'testpack.test.action',
            'id': None,
            'name': 'test.action'
        }
        mock_rule_db = RuleDB(pack='testpack',
                              name='test.action',
                              description='Test description',
                              trigger='test tigger',
                              action={'ref': '1234', 'parameters': {'b': 2}})

        result = mock_rule_db.to_serializable_dict()
        self.assertEqual(expected_result, result)
예제 #2
0
    def test_format_secret_rule_parameters_are_masked(
            self, mock__get_referenced_action_model):
        expected_result = {
            'description': 'Test description',
            'tags': [],
            'type': {
                'ref': 'standard',
                'parameters': {}
            },
            'enabled': True,
            'trigger': 'test tigger',
            'metadata_file': None,
            'context': {},
            'criteria': {},
            'action': {
                'ref': '1234',
                'parameters': {
                    'parameter1': 'value1',
                    'parameter2': '********'
                }
            },
            'uid': 'rule:testpack:test.action',
            'pack': 'testpack',
            'ref': 'testpack.test.action',
            'id': None,
            'name': 'test.action'
        }

        parameters = {
            'parameter1': {
                'type': 'string',
                'required': False
            },
            'parameter2': {
                'type': 'string',
                'required': False,
                'secret': True
            }
        }
        mock_action_db = ActionDB(pack='testpack',
                                  name='test.action',
                                  parameters=parameters)
        mock__get_referenced_action_model.return_value = mock_action_db
        cfg.CONF.set_override(group='log', name='mask_secrets', override=True)
        mock_rule_db = RuleDB(pack='testpack',
                              name='test.action',
                              description='Test description',
                              trigger='test tigger',
                              action={
                                  'ref': '1234',
                                  'parameters': {
                                      'parameter1': 'value1',
                                      'parameter2': 'value2'
                                  }
                              })

        result = mock_rule_db.to_serializable_dict(True)

        self.assertEqual(expected_result, result)
예제 #3
0
 def _get_rule_db_from_file(self, file_path):
     data = self._meta_loader.load(file_path=file_path)
     rule_db = RuleDB()
     rule_db.trigger = data['trigger']['type']
     rule_db.criteria = data.get('criteria', None)
     rule_db.action = {}
     rule_db.enabled = True
     return rule_db
예제 #4
0
파일: tester.py 프로젝트: nzlosh/st2
    def _get_rule_db_from_file(self, file_path):
        data = self._meta_loader.load(file_path=file_path)
        pack = data.get('pack', 'unknown')
        name = data.get('name', 'unknown')
        trigger = data['trigger']['type']
        criteria = data.get('criteria', None)
        action = data.get('action', {})

        rule_db = RuleDB(pack=pack, name=name, trigger=trigger, criteria=criteria, action=action,
                         enabled=True)
        rule_db.id = 'rule_tester_rule'

        return rule_db
예제 #5
0
 def _create_save_rule(trigger, action=None, enabled=True):
     created = RuleDB()
     created.name = 'rule-1'
     created.pack = 'default'
     created.ref = ResourceReference.to_string_reference(name=created.name,
                                                         pack=created.pack)
     created.description = ''
     created.enabled = enabled
     created.trigger = reference.get_str_resource_ref_from_model(trigger)
     created.criteria = {}
     created.action = ActionExecutionSpecDB()
     action_ref = ResourceReference(pack=action.pack, name=action.name).ref
     created.action.ref = action_ref
     created.action.pack = action.pack
     created.action.parameters = {}
     return Rule.add_or_update(created)
예제 #6
0
파일: tester.py 프로젝트: zwunix/st2
    def _get_rule_db_from_file(self, file_path):
        data = self._meta_loader.load(file_path=file_path)
        pack = data.get('pack', 'unknown')
        name = data.get('name', 'unknown')
        trigger = data['trigger']['type']
        criteria = data.get('criteria', None)
        action = data.get('action', {})

        rule_db = RuleDB(pack=pack,
                         name=name,
                         trigger=trigger,
                         criteria=criteria,
                         action=action,
                         enabled=True)
        rule_db.id = 'rule_tester_rule'

        return rule_db
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))

        # Verify that same set of parameters always results in the same hash
        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash).hexdigest()

        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
        self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')

        policy_db = PolicyDB(pack='dummy', name='policy1')
        self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')
예제 #8
0
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))
예제 #9
0
파일: tester.py 프로젝트: st2sandbox/st2
    def _get_rule_db_from_file(self, file_path):
        data = self._meta_loader.load(file_path=file_path)
        pack = data.get("pack", "unknown")
        name = data.get("name", "unknown")
        trigger = data["trigger"]["type"]
        criteria = data.get("criteria", None)
        action = data.get("action", {})

        rule_db = RuleDB(
            pack=pack,
            name=name,
            trigger=trigger,
            criteria=criteria,
            action=action,
            enabled=True,
        )
        rule_db.id = "rule_tester_rule"

        return rule_db
예제 #10
0
파일: test_db.py 프로젝트: ipv1337/st2
 def _create_save_rule(trigger, action=None, enabled=True):
     created = RuleDB()
     created.name = 'rule-1'
     created.pack = 'default'
     created.ref = ResourceReference.to_string_reference(name=created.name,
                                                         pack=created.pack)
     created.description = ''
     created.enabled = enabled
     created.trigger = reference.get_str_resource_ref_from_model(trigger)
     created.criteria = {}
     created.action = ActionExecutionSpecDB()
     action_ref = ResourceReference(pack=action.pack, name=action.name).ref
     created.action.ref = action_ref
     created.action.pack = action.pack
     created.action.parameters = {}
     return Rule.add_or_update(created)
예제 #11
0
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))

        # Verify that same set of parameters always results in the same hash
        parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}, 'b': u'unicode'}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash).hexdigest()

        parameters = {'a': 1, 'b': 2, 'c': [1, 2, 3], 'b': u'unicode', 'd': {'g': 1, 'h': 2}}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))

        parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
예제 #12
0
파일: tester.py 프로젝트: sarkartanzil/st2
 def _get_rule_db_from_file(self, file_path):
     data = self._meta_loader.load(file_path=file_path)
     rule_db = RuleDB()
     rule_db.trigger = data['trigger']['type']
     rule_db.criteria = data.get('criteria', None)
     rule_db.action = {}
     rule_db.enabled = True
     return rule_db
예제 #13
0
    def setUp(self):
        super(RBACServicesTestCase, self).setUp()

        # TODO: Share mocks

        self.users = {}
        self.roles = {}
        self.resources = {}

        # Create some mock users
        user_1_db = UserDB(name='admin')
        user_1_db = User.add_or_update(user_1_db)
        self.users['admin'] = user_1_db

        user_2_db = UserDB(name='observer')
        user_2_db = User.add_or_update(user_2_db)
        self.users['observer'] = user_2_db

        user_3_db = UserDB(name='no_roles')
        user_3_db = User.add_or_update(user_3_db)
        self.users['no_roles'] = user_3_db

        user_4_db = UserDB(name='custom_role')
        user_4_db = User.add_or_update(user_4_db)
        self.users['1_custom_role'] = user_4_db

        # Create some mock roles
        role_1_db = rbac_services.create_role(name='custom_role_1')
        role_2_db = rbac_services.create_role(name='custom_role_2',
                                              description='custom role 2')
        self.roles['custom_role_1'] = role_1_db
        self.roles['custom_role_2'] = role_2_db

        # Create some mock role assignments
        role_assignment_1 = UserRoleAssignmentDB(
            user=self.users['1_custom_role'].name,
            role=self.roles['custom_role_1'].name)
        role_assignment_1 = UserRoleAssignment.add_or_update(role_assignment_1)

        # Create some mock resources on which permissions can be granted
        rule_1_db = RuleDB(pack='test1', name='rule1', ref='test1.rule1')
        rule_1_db = Rule.add_or_update(rule_1_db)

        self.resources['rule_1'] = rule_1_db
예제 #14
0
MOCK_TRIGGER_INSTANCE.id = bson.ObjectId()
MOCK_TRIGGER_INSTANCE.trigger = MOCK_TRIGGER.get_reference().ref
MOCK_TRIGGER_INSTANCE.payload = {
    'p1': 'v1',
    'p2': 'preYYYpost',
    'bool': True,
    'int': 1,
    'float': 0.8
}
MOCK_TRIGGER_INSTANCE.occurrence_time = date_utils.get_datetime_utc_now()

MOCK_ACTION = ActionDB()
MOCK_ACTION.id = bson.ObjectId()
MOCK_ACTION.name = 'action-test-1.name'

MOCK_RULE_1 = RuleDB()
MOCK_RULE_1.id = bson.ObjectId()
MOCK_RULE_1.name = "some1"
MOCK_RULE_1.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_1.criteria = {}
MOCK_RULE_1.action = ActionExecutionSpecDB(ref="somepack.someaction")

MOCK_RULE_2 = RuleDB()
MOCK_RULE_2.id = bson.ObjectId()
MOCK_RULE_1.name = "some2"
MOCK_RULE_2.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_2.criteria = {}
MOCK_RULE_2.action = ActionExecutionSpecDB(ref="somepack.someaction")


@mock.patch.object(reference, 'get_model_by_resource_ref',
예제 #15
0
    payload={
        'p1': 'v1',
        'p2': 'preYYYpost',
        'bool': True,
        'int': 1,
        'float': 0.8
    })

MOCK_ACTION = ActionDB(id=bson.ObjectId(),
                       pack='wolfpack',
                       name='action-test-1.name')

MOCK_RULE_1 = RuleDB(
    id=bson.ObjectId(),
    pack='wolfpack',
    name='some1',
    trigger=reference.get_str_resource_ref_from_model(MOCK_TRIGGER),
    criteria={},
    action=ActionExecutionSpecDB(ref="somepack.someaction"))

MOCK_RULE_2 = RuleDB(
    id=bson.ObjectId(),
    pack='wolfpack',
    name='some2',
    trigger=reference.get_str_resource_ref_from_model(MOCK_TRIGGER),
    criteria={},
    action=ActionExecutionSpecDB(ref="somepack.someaction"))


@mock.patch.object(reference, 'get_model_by_resource_ref',
                   mock.MagicMock(return_value=MOCK_TRIGGER))
예제 #16
0
    def test_get_uid(self):
        pack_db = PackDB(ref='ma_pack')
        self.assertEqual(pack_db.get_uid(), 'pack:ma_pack')
        self.assertTrue(pack_db.has_valid_uid())

        sensor_type_db = SensorTypeDB(name='sname', pack='spack')
        self.assertEqual(sensor_type_db.get_uid(), 'sensor_type:spack:sname')
        self.assertTrue(sensor_type_db.has_valid_uid())

        action_db = ActionDB(name='aname', pack='apack', runner_type={})
        self.assertEqual(action_db.get_uid(), 'action:apack:aname')
        self.assertTrue(action_db.has_valid_uid())

        rule_db = RuleDB(name='rname', pack='rpack')
        self.assertEqual(rule_db.get_uid(), 'rule:rpack:rname')
        self.assertTrue(rule_db.has_valid_uid())

        trigger_type_db = TriggerTypeDB(name='ttname', pack='ttpack')
        self.assertEqual(trigger_type_db.get_uid(), 'trigger_type:ttpack:ttname')
        self.assertTrue(trigger_type_db.has_valid_uid())

        trigger_db = TriggerDB(name='tname', pack='tpack')
        self.assertTrue(trigger_db.get_uid().startswith('trigger:tpack:tname:'))

        # Verify that same set of parameters always results in the same hash
        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()

        parameters = {'a': 1, 'b': 'unicode', 'c': [1, 2, 3], 'd': {'g': 1, 'h': 2}}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {'b': u'unicode', 'c': [1, 2, 3], 'd': {'h': 2, 'g': 1}, 'a': 1}
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = OrderedDict({'c': [1, 2, 3], 'b': u'unicode', 'd': {'h': 2, 'g': 1}, 'a': 1})
        trigger_db = TriggerDB(name='tname', pack='tpack', parameters=parameters)
        self.assertEqual(trigger_db.get_uid(), 'trigger:tpack:tname:%s' % (paramers_hash))
        self.assertTrue(trigger_db.has_valid_uid())

        policy_type_db = PolicyTypeDB(resource_type='action', name='concurrency')
        self.assertEqual(policy_type_db.get_uid(), 'policy_type:action:concurrency')
        self.assertTrue(policy_type_db.has_valid_uid())

        policy_db = PolicyDB(pack='dummy', name='policy1')
        self.assertEqual(policy_db.get_uid(), 'policy:dummy:policy1')

        api_key_db = ApiKeyDB(key_hash='valid')
        self.assertEqual(api_key_db.get_uid(), 'api_key:valid')
        self.assertTrue(api_key_db.has_valid_uid())

        api_key_db = ApiKeyDB()
        self.assertEqual(api_key_db.get_uid(), 'api_key:')
        self.assertFalse(api_key_db.has_valid_uid())
예제 #17
0
    def setUp(self):
        super(RBACServicesTestCase, self).setUp()

        # TODO: Share mocks

        self.users = {}
        self.roles = {}
        self.resources = {}

        # Create some mock users
        user_1_db = UserDB(name='admin')
        user_1_db = User.add_or_update(user_1_db)
        self.users['admin'] = user_1_db

        user_2_db = UserDB(name='observer')
        user_2_db = User.add_or_update(user_2_db)
        self.users['observer'] = user_2_db

        user_3_db = UserDB(name='no_roles')
        user_3_db = User.add_or_update(user_3_db)
        self.users['no_roles'] = user_3_db

        user_5_db = UserDB(name='user_5')
        user_5_db = User.add_or_update(user_5_db)
        self.users['user_5'] = user_5_db

        user_4_db = UserDB(name='custom_role')
        user_4_db = User.add_or_update(user_4_db)
        self.users['1_custom_role'] = user_4_db

        # Create some mock roles
        role_1_db = rbac_services.create_role(name='custom_role_1')
        role_2_db = rbac_services.create_role(name='custom_role_2',
                                              description='custom role 2')
        self.roles['custom_role_1'] = role_1_db
        self.roles['custom_role_2'] = role_2_db

        rbac_services.create_role(name='role_1')
        rbac_services.create_role(name='role_2')
        rbac_services.create_role(name='role_3')
        rbac_services.create_role(name='role_4')

        # Create some mock role assignments
        role_assignment_1 = UserRoleAssignmentDB(
            user=self.users['1_custom_role'].name,
            role=self.roles['custom_role_1'].name,
            source='assignments/%s.yaml' % self.users['1_custom_role'].name)
        role_assignment_1 = UserRoleAssignment.add_or_update(role_assignment_1)

        # Note: User use pymongo to insert mock data because we want to insert a
        # raw document and skip mongoengine to leave is_remote field unpopulated
        client = MongoClient()
        db = client['st2-test']
        db.user_role_assignment_d_b.insert_one({
            'user': '******',
            'role': 'role_1'
        })
        db.user_role_assignment_d_b.insert_one({
            'user': '******',
            'role': 'role_2'
        })
        db.user_role_assignment_d_b.insert_one({
            'user': '******',
            'role': 'role_3',
            'is_remote': False
        })
        db.user_role_assignment_d_b.insert_one({
            'user': '******',
            'role': 'role_4',
            'is_remote': True
        })

        # Create some mock resources on which permissions can be granted
        rule_1_db = RuleDB(pack='test1', name='rule1', ref='test1.rule1')
        rule_1_db = Rule.add_or_update(rule_1_db)

        self.resources['rule_1'] = rule_1_db
예제 #18
0
    def setUp(self):
        super(RulePermissionsResolverTestCase, self).setUp()

        # Create some mock users
        user_1_db = UserDB(name='1_role_rule_pack_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_rule_pack_grant'] = user_1_db

        user_2_db = UserDB(name='1_role_rule_grant')
        user_2_db = User.add_or_update(user_2_db)
        self.users['custom_role_rule_grant'] = user_2_db

        user_3_db = UserDB(name='custom_role_pack_rule_all_grant')
        user_3_db = User.add_or_update(user_3_db)
        self.users['custom_role_pack_rule_all_grant'] = user_3_db

        user_4_db = UserDB(name='custom_role_rule_all_grant')
        user_4_db = User.add_or_update(user_4_db)
        self.users['custom_role_rule_all_grant'] = user_4_db

        user_5_db = UserDB(name='custom_role_rule_modify_grant')
        user_5_db = User.add_or_update(user_5_db)
        self.users['custom_role_rule_modify_grant'] = user_5_db

        # Create some mock resources on which permissions can be granted
        rule_1_db = RuleDB(pack='test_pack_1', name='rule1')
        rule_1_db = Rule.add_or_update(rule_1_db)
        self.resources['rule_1'] = rule_1_db

        rule_2_db = RuleDB(pack='test_pack_1', name='rule2')
        rule_2_db = Rule.add_or_update(rule_2_db)
        self.resources['rule_2'] = rule_2_db

        rule_3_db = RuleDB(pack='test_pack_2', name='rule3')
        rule_3_db = Rule.add_or_update(rule_3_db)
        self.resources['rule_3'] = rule_3_db

        # Create some mock roles with associated permission grants
        # Custom role 2 - one grant on parent pack
        # "rule_view" on pack_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_3_db = RoleDB(name='custom_role_rule_pack_grant',
                           permission_grants=permission_grants)
        role_3_db = Role.add_or_update(role_3_db)
        self.roles['custom_role_rule_pack_grant'] = role_3_db

        # Custom role 4 - one grant on rule
        # "rule_view on rule_3
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_3'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_rule_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_rule_grant'] = role_4_db

        # Custom role - "rule_all" grant on a parent rule pack
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_pack_rule_all_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_pack_rule_all_grant'] = role_4_db

        # Custom role - "rule_all" grant on a rule
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_rule_all_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_rule_all_grant'] = role_4_db

        # Custom role - "rule_modify" on role_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_MODIFY])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_5_db = RoleDB(name='custom_role_rule_modify_grant',
                           permission_grants=permission_grants)
        role_5_db = Role.add_or_update(role_5_db)
        self.roles['custom_role_rule_modify_grant'] = role_5_db

        # Create some mock role assignments
        user_db = self.users['custom_role_rule_pack_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_pack_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name, role=self.roles['custom_role_rule_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_pack_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_pack_rule_all_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_all_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_modify_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_modify_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
예제 #19
0
    def test_get_uid(self):
        pack_db = PackDB(ref="ma_pack")
        self.assertEqual(pack_db.get_uid(), "pack:ma_pack")
        self.assertTrue(pack_db.has_valid_uid())

        sensor_type_db = SensorTypeDB(name="sname", pack="spack")
        self.assertEqual(sensor_type_db.get_uid(), "sensor_type:spack:sname")
        self.assertTrue(sensor_type_db.has_valid_uid())

        action_db = ActionDB(name="aname", pack="apack", runner_type={})
        self.assertEqual(action_db.get_uid(), "action:apack:aname")
        self.assertTrue(action_db.has_valid_uid())

        rule_db = RuleDB(name="rname", pack="rpack")
        self.assertEqual(rule_db.get_uid(), "rule:rpack:rname")
        self.assertTrue(rule_db.has_valid_uid())

        trigger_type_db = TriggerTypeDB(name="ttname", pack="ttpack")
        self.assertEqual(trigger_type_db.get_uid(), "trigger_type:ttpack:ttname")
        self.assertTrue(trigger_type_db.has_valid_uid())

        trigger_db = TriggerDB(name="tname", pack="tpack")
        self.assertTrue(trigger_db.get_uid().startswith("trigger:tpack:tname:"))

        # Verify that same set of parameters always results in the same hash
        parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
        paramers_hash = json.dumps(parameters, sort_keys=True)
        paramers_hash = hashlib.md5(paramers_hash.encode()).hexdigest()

        parameters = {"a": 1, "b": "unicode", "c": [1, 2, 3], "d": {"g": 1, "h": 2}}
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = {"b": "unicode", "c": [1, 2, 3], "d": {"h": 2, "g": 1}, "a": 1}
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        parameters = OrderedDict(
            {"c": [1, 2, 3], "b": "unicode", "d": {"h": 2, "g": 1}, "a": 1}
        )
        trigger_db = TriggerDB(name="tname", pack="tpack", parameters=parameters)
        self.assertEqual(
            trigger_db.get_uid(), "trigger:tpack:tname:%s" % (paramers_hash)
        )
        self.assertTrue(trigger_db.has_valid_uid())

        policy_type_db = PolicyTypeDB(resource_type="action", name="concurrency")
        self.assertEqual(policy_type_db.get_uid(), "policy_type:action:concurrency")
        self.assertTrue(policy_type_db.has_valid_uid())

        policy_db = PolicyDB(pack="dummy", name="policy1")
        self.assertEqual(policy_db.get_uid(), "policy:dummy:policy1")

        api_key_db = ApiKeyDB(key_hash="valid")
        self.assertEqual(api_key_db.get_uid(), "api_key:valid")
        self.assertTrue(api_key_db.has_valid_uid())

        api_key_db = ApiKeyDB()
        self.assertEqual(api_key_db.get_uid(), "api_key:")
        self.assertFalse(api_key_db.has_valid_uid())
예제 #20
0
    def setUp(self):
        super(RuleEnforcementPermissionsResolverTestCase, self).setUp()

        register_internal_trigger_types()

        # Create some mock users
        user_1_db = UserDB(name='1_role_rule_pack_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_rule_pack_grant'] = user_1_db

        user_2_db = UserDB(name='1_role_rule_grant')
        user_2_db = User.add_or_update(user_2_db)
        self.users['custom_role_rule_grant'] = user_2_db

        user_3_db = UserDB(name='custom_role_pack_rule_all_grant')
        user_3_db = User.add_or_update(user_3_db)
        self.users['custom_role_pack_rule_all_grant'] = user_3_db

        user_4_db = UserDB(name='custom_role_rule_all_grant')
        user_4_db = User.add_or_update(user_4_db)
        self.users['custom_role_rule_all_grant'] = user_4_db

        user_5_db = UserDB(name='custom_role_rule_modify_grant')
        user_5_db = User.add_or_update(user_5_db)
        self.users['custom_role_rule_modify_grant'] = user_5_db

        user_6_db = UserDB(name='rule_pack_rule_create_grant')
        user_6_db = User.add_or_update(user_6_db)
        self.users['rule_pack_rule_create_grant'] = user_6_db

        user_7_db = UserDB(name='rule_pack_rule_all_grant')
        user_7_db = User.add_or_update(user_7_db)
        self.users['rule_pack_rule_all_grant'] = user_7_db

        user_8_db = UserDB(name='rule_rule_create_grant')
        user_8_db = User.add_or_update(user_8_db)
        self.users['rule_rule_create_grant'] = user_8_db

        user_9_db = UserDB(name='rule_rule_all_grant')
        user_9_db = User.add_or_update(user_9_db)
        self.users['rule_rule_all_grant'] = user_9_db

        user_10_db = UserDB(name='custom_role_rule_list_grant')
        user_10_db = User.add_or_update(user_10_db)
        self.users['custom_role_rule_list_grant'] = user_10_db

        # Create some mock resources on which permissions can be granted
        rule_1_db = RuleDB(pack='test_pack_1',
                           name='rule1',
                           action={'ref': 'core.local'},
                           trigger='core.st2.key_value_pair.create')
        rule_1_db = Rule.add_or_update(rule_1_db)
        self.resources['rule_1'] = rule_1_db

        rule_enforcement_1_db = RuleEnforcementDB(
            trigger_instance_id=str(bson.ObjectId()),
            execution_id=str(bson.ObjectId()),
            rule={
                'ref': rule_1_db.ref,
                'uid': rule_1_db.uid,
                'id': str(rule_1_db.id)
            })
        rule_enforcement_1_db = RuleEnforcement.add_or_update(
            rule_enforcement_1_db)
        self.resources['rule_enforcement_1'] = rule_enforcement_1_db

        rule_2_db = RuleDB(pack='test_pack_1', name='rule2')
        rule_2_db = Rule.add_or_update(rule_2_db)
        self.resources['rule_2'] = rule_2_db

        rule_enforcement_2_db = RuleEnforcementDB(
            trigger_instance_id=str(bson.ObjectId()),
            execution_id=str(bson.ObjectId()),
            rule={
                'ref': rule_2_db.ref,
                'uid': rule_2_db.uid,
                'id': str(rule_2_db.id)
            })
        rule_enforcement_2_db = RuleEnforcement.add_or_update(
            rule_enforcement_2_db)
        self.resources['rule_enforcement_2'] = rule_enforcement_2_db

        rule_3_db = RuleDB(pack='test_pack_2', name='rule3')
        rule_3_db = Rule.add_or_update(rule_3_db)
        self.resources['rule_3'] = rule_3_db

        rule_enforcement_3_db = RuleEnforcementDB(
            trigger_instance_id=str(bson.ObjectId()),
            execution_id=str(bson.ObjectId()),
            rule={
                'ref': rule_3_db.ref,
                'uid': rule_3_db.uid,
                'id': str(rule_3_db.id)
            })
        rule_enforcement_3_db = RuleEnforcement.add_or_update(
            rule_enforcement_3_db)
        self.resources['rule_enforcement_3'] = rule_enforcement_3_db

        # Create some mock roles with associated permission grants
        # Custom role 2 - one grant on parent pack
        # "rule_view" on pack_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_3_db = RoleDB(name='custom_role_rule_pack_grant',
                           permission_grants=permission_grants)
        role_3_db = Role.add_or_update(role_3_db)
        self.roles['custom_role_rule_pack_grant'] = role_3_db

        # Custom role 4 - one grant on rule
        # "rule_view on rule_3
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_3'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_rule_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_rule_grant'] = role_4_db

        # Custom role - "rule_all" grant on a parent rule pack
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_pack_rule_all_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_pack_rule_all_grant'] = role_4_db

        # Custom role - "rule_all" grant on a rule
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_rule_all_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_rule_all_grant'] = role_4_db

        # Custom role - "rule_modify" on role_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_MODIFY])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_5_db = RoleDB(name='custom_role_rule_modify_grant',
                           permission_grants=permission_grants)
        role_5_db = Role.add_or_update(role_5_db)
        self.roles['custom_role_rule_modify_grant'] = role_5_db

        # Custom role - "rule_create" grant on pack_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_6_db = RoleDB(name='rule_pack_rule_create_grant',
                           permission_grants=permission_grants)
        role_6_db = Role.add_or_update(role_6_db)
        self.roles['rule_pack_rule_create_grant'] = role_6_db

        # Custom role - "rule_all" grant on pack_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_7_db = RoleDB(name='rule_pack_rule_all_grant',
                           permission_grants=permission_grants)
        role_7_db = Role.add_or_update(role_7_db)
        self.roles['rule_pack_rule_all_grant'] = role_7_db

        # Custom role - "rule_create" grant on rule_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_8_db = RoleDB(name='rule_rule_create_grant',
                           permission_grants=permission_grants)
        role_8_db = Role.add_or_update(role_8_db)
        self.roles['rule_rule_create_grant'] = role_8_db

        # Custom role - "rule_all" grant on rule_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_9_db = RoleDB(name='rule_rule_all_grant',
                           permission_grants=permission_grants)
        role_9_db = Role.add_or_update(role_9_db)
        self.roles['rule_rule_all_grant'] = role_9_db

        # Custom role - "rule_list" grant
        grant_db = PermissionGrantDB(
            resource_uid=None,
            resource_type=None,
            permission_types=[PermissionType.RULE_LIST])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_10_db = RoleDB(name='custom_role_rule_list_grant',
                            permission_grants=permission_grants)
        role_10_db = Role.add_or_update(role_10_db)
        self.roles['custom_role_rule_list_grant'] = role_10_db

        # Create some mock role assignments
        user_db = self.users['custom_role_rule_pack_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_pack_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_pack_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_pack_rule_all_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_all_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_modify_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_modify_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_pack_rule_create_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_pack_rule_create_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_pack_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_pack_rule_all_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_rule_create_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_rule_create_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_rule_all_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_list_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_list_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)
예제 #21
0
    def setUp(self):
        super(RulePermissionsResolverTestCase, self).setUp()

        # Register internal triggers - this is needed so we can reference an internal trigger
        # inside a mock rule
        register_internal_trigger_types()

        # Create some mock users
        user_1_db = UserDB(name='1_role_rule_pack_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_rule_pack_grant'] = user_1_db

        user_2_db = UserDB(name='1_role_rule_grant')
        user_2_db = User.add_or_update(user_2_db)
        self.users['custom_role_rule_grant'] = user_2_db

        user_3_db = UserDB(name='custom_role_pack_rule_all_grant')
        user_3_db = User.add_or_update(user_3_db)
        self.users['custom_role_pack_rule_all_grant'] = user_3_db

        user_4_db = UserDB(name='custom_role_rule_all_grant')
        user_4_db = User.add_or_update(user_4_db)
        self.users['custom_role_rule_all_grant'] = user_4_db

        user_5_db = UserDB(name='custom_role_rule_modify_grant')
        user_5_db = User.add_or_update(user_5_db)
        self.users['custom_role_rule_modify_grant'] = user_5_db

        user_6_db = UserDB(name='rule_pack_rule_create_grant')
        user_6_db = User.add_or_update(user_6_db)
        self.users['rule_pack_rule_create_grant'] = user_6_db

        user_7_db = UserDB(name='rule_pack_rule_all_grant')
        user_7_db = User.add_or_update(user_7_db)
        self.users['rule_pack_rule_all_grant'] = user_7_db

        user_8_db = UserDB(name='rule_rule_create_grant')
        user_8_db = User.add_or_update(user_8_db)
        self.users['rule_rule_create_grant'] = user_8_db

        user_9_db = UserDB(name='rule_rule_all_grant')
        user_9_db = User.add_or_update(user_9_db)
        self.users['rule_rule_all_grant'] = user_9_db

        # Create some mock resources on which permissions can be granted
        rule_1_db = RuleDB(pack='test_pack_1',
                           name='rule1',
                           action={'ref': 'core.local'},
                           trigger='core.st2.key_value_pair.create')
        rule_1_db = Rule.add_or_update(rule_1_db)
        self.resources['rule_1'] = rule_1_db

        rule_2_db = RuleDB(pack='test_pack_1', name='rule2')
        rule_2_db = Rule.add_or_update(rule_2_db)
        self.resources['rule_2'] = rule_2_db

        rule_3_db = RuleDB(pack='test_pack_2', name='rule3')
        rule_3_db = Rule.add_or_update(rule_3_db)
        self.resources['rule_3'] = rule_3_db

        # Create some mock roles with associated permission grants
        # Custom role 2 - one grant on parent pack
        # "rule_view" on pack_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_3_db = RoleDB(name='custom_role_rule_pack_grant',
                           permission_grants=permission_grants)
        role_3_db = Role.add_or_update(role_3_db)
        self.roles['custom_role_rule_pack_grant'] = role_3_db

        # Custom role 4 - one grant on rule
        # "rule_view on rule_3
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_3'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_rule_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_rule_grant'] = role_4_db

        # Custom role - "rule_all" grant on a parent rule pack
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_pack_rule_all_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_pack_rule_all_grant'] = role_4_db

        # Custom role - "rule_all" grant on a rule
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_4_db = RoleDB(name='custom_role_rule_all_grant',
                           permission_grants=permission_grants)
        role_4_db = Role.add_or_update(role_4_db)
        self.roles['custom_role_rule_all_grant'] = role_4_db

        # Custom role - "rule_modify" on role_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_MODIFY])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_5_db = RoleDB(name='custom_role_rule_modify_grant',
                           permission_grants=permission_grants)
        role_5_db = Role.add_or_update(role_5_db)
        self.roles['custom_role_rule_modify_grant'] = role_5_db

        # Custom role - "rule_create" grant on pack_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_6_db = RoleDB(name='rule_pack_rule_create_grant',
                           permission_grants=permission_grants)
        role_6_db = Role.add_or_update(role_6_db)
        self.roles['rule_pack_rule_create_grant'] = role_6_db

        # Custom role - "rule_all" grant on pack_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['pack_1'].get_uid(),
            resource_type=ResourceType.PACK,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_7_db = RoleDB(name='rule_pack_rule_all_grant',
                           permission_grants=permission_grants)
        role_7_db = Role.add_or_update(role_7_db)
        self.roles['rule_pack_rule_all_grant'] = role_7_db

        # Custom role - "rule_create" grant on rule_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_8_db = RoleDB(name='rule_rule_create_grant',
                           permission_grants=permission_grants)
        role_8_db = Role.add_or_update(role_8_db)
        self.roles['rule_rule_create_grant'] = role_8_db

        # Custom role - "rule_all" grant on rule_1
        grant_db = PermissionGrantDB(
            resource_uid=self.resources['rule_1'].get_uid(),
            resource_type=ResourceType.RULE,
            permission_types=[PermissionType.RULE_ALL])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_9_db = RoleDB(name='rule_rule_all_grant',
                           permission_grants=permission_grants)
        role_9_db = Role.add_or_update(role_9_db)
        self.roles['rule_rule_all_grant'] = role_9_db

        # Create some mock role assignments
        user_db = self.users['custom_role_rule_pack_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_pack_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name, role=self.roles['custom_role_rule_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_pack_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_pack_rule_all_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_all_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_rule_modify_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_rule_modify_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_pack_rule_create_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_pack_rule_create_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_pack_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['rule_pack_rule_all_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_rule_create_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name, role=self.roles['rule_rule_create_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['rule_rule_all_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name, role=self.roles['rule_rule_all_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
예제 #22
0
파일: test_filter.py 프로젝트: ipv1337/st2
MOCK_TRIGGER.id = bson.ObjectId()
MOCK_TRIGGER.name = "trigger-test.name"
MOCK_TRIGGER.pack = "dummy_pack_1"
MOCK_TRIGGER.type = "system.test"

MOCK_TRIGGER_INSTANCE = TriggerInstanceDB()
MOCK_TRIGGER_INSTANCE.id = bson.ObjectId()
MOCK_TRIGGER_INSTANCE.trigger = MOCK_TRIGGER.get_reference().ref
MOCK_TRIGGER_INSTANCE.payload = {"p1": "v1", "p2": "preYYYpost", "bool": True, "int": 1, "float": 0.8}
MOCK_TRIGGER_INSTANCE.occurrence_time = date_utils.get_datetime_utc_now()

MOCK_ACTION = ActionDB()
MOCK_ACTION.id = bson.ObjectId()
MOCK_ACTION.name = "action-test-1.name"

MOCK_RULE_1 = RuleDB()
MOCK_RULE_1.id = bson.ObjectId()
MOCK_RULE_1.name = "some1"
MOCK_RULE_1.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_1.criteria = {}
MOCK_RULE_1.action = ActionExecutionSpecDB(ref="somepack.someaction")

MOCK_RULE_2 = RuleDB()
MOCK_RULE_2.id = bson.ObjectId()
MOCK_RULE_1.name = "some2"
MOCK_RULE_2.trigger = reference.get_str_resource_ref_from_model(MOCK_TRIGGER)
MOCK_RULE_2.criteria = {}
MOCK_RULE_2.action = ActionExecutionSpecDB(ref="somepack.someaction")


@mock.patch.object(reference, "get_model_by_resource_ref", mock.MagicMock(return_value=MOCK_TRIGGER))