def __init__(self, *args):
super().__init__(*args)
opa_settings = getattr(settings, "OPA_SERVER", {})
self._client = OpaClient(**opa_settings)
self._package_path = opa_settings.get("package_path")
self._rule_name = opa_settings.get("rule_name")
def test_client(self):
"""Set up the test for OpaClient object"""
client = OpaClient("localhost", 8181, "v1")
self.assertEqual("http://localhost:8181/v1", client._root_url)
client = OpaClient("localhost", 8181, "v1")
self.assertEqual("http://localhost:8181/v1", client._root_url)
self.assertFalse(False, self.myclient._secure)
self.assertEqual("http://", self.myclient._schema)
self.assertEqual("v1", self.myclient._version)
self.assertEqual("localhost", self.myclient._host)
self.assertEqual(8181, self.myclient._port)
def test_ssl(self):
client = OpaClient("localhost",8181, "v1",ssl=True, cert="/etc/pki/tls/MyCertificate.crt")
self.assertEqual("https://localhost:8181/v1",client._root_url)
self.assertTrue(True, client._secure)
self.assertIs(True, client._ssl)
self.assertEqual("/etc/pki/tls/MyCertificate.crt", client._cert)
def _get_client(self):
url = self.config['url']
port = self.config['port']
version = self.config['version']
ssl = self.config['ssl']
certificate = self.config['certificate']
client = OpaClient(
host=url,
port=port,
version=version,
ssl=ssl,
cert=certificate,
)
return client
class OPAAuthorizationMiddleware(AuthorizationMiddleware):
""" Middleware for handling authorization via an OPA server. """
def __init__(self, *args):
super().__init__(*args)
opa_settings = getattr(settings, "OPA_SERVER", {})
self._client = OpaClient(**opa_settings)
self._package_path = opa_settings.get("package_path")
self._rule_name = opa_settings.get("rule_name")
def _is_authorized(self, request, resource):
user = get_user(request)
action_map = {
"GET": "Read",
"POST": "Write",
}
action = action_map[request.method]
LOG.debug(f"Querying OPA authz server for resource: {resource}")
subject = None
if user:
subject = {"user": user.username, "groups": user.groups}
check_data = {
"resource": resource,
"subject": subject,
"action": action
}
# Check authorization for resource
is_authorized = False
try:
permission = self._client.check_policy_rule(
input_data=check_data,
package_path=self._package_path,
rule_name=self._rule_name)
is_authorized = permission.get("result", False)
except OPAAuthorizationError as e:
username = user.username if user else "anonymous"
LOG.info(f"Authorization failed for user: {username}")
raise e
return is_authorized
def setUp(self):
'''testden qabaq run olur'''
"""Set up the test for OpaClient object"""
self.myclient = OpaClient("127.0.0.1",8181, "v1")
class TestClient(TestCase):
def setUp(self):
'''testden qabaq run olur'''
"""Set up the test for OpaClient object"""
self.myclient = OpaClient("127.0.0.1",8181, "v1")
def tearDown(self):
'''her bir testden sonra run olur'''
""" Close the connection to the OPA server by deleting the client"""
del self.myclient
def test_client(self):
"""Set up the test for OpaClient object"""
client = OpaClient("localhost",8181, "v1")
self.assertEqual("http://localhost:8181/v1",client._root_url)
client = OpaClient("127.0.0.1",8181, "v1")
self.assertEqual("http://127.0.0.1:8181/v1",client._root_url)
client = OpaClient("192.168.0.1",8181, "v2")
self.assertEqual("http://192.168.0.1:8181/v2",client._root_url)
self.assertFalse(False, self.myclient._secure)
self.assertEqual("http://", self.myclient._schema)
self.assertEqual("v1", self.myclient._version)
self.assertEqual("127.0.0.1", self.myclient._host)
self.assertEqual(8181, self.myclient._port)
def test_ssl(self):
client = OpaClient("localhost",8181, "v1",ssl=True, cert="/etc/pki/tls/MyCertificate.crt")
self.assertEqual("https://localhost:8181/v1",client._root_url)
self.assertTrue(True, client._secure)
self.assertIs(True, client._ssl)
self.assertEqual("/etc/pki/tls/MyCertificate.crt", client._cert)
def test_functions(self):
self.assertEqual("Yes I'm here :)", self.myclient.check_connection())
try:
self.assertEqual(list(), self.myclient.get_policies_list())
except Exception as e:
print(e)
try:
self.assertEqual(["test"], self.myclient.get_policies_list())
except Exception as test:
print(test)
try:
self.assertEqual(dict(), self.myclient.get_policies_info())
except Exception as rr:
print(rr)
try:
my_dict = {'test': {'path': ['http://127.0.0.1:8181/v1/data/play'],'rules': ['http://127.0.0.1:8181/v1/data/play/hello']}}
self.assertEqual(my_dict, self.myclient.get_policies_info())
except Exception as testing:
print(testing)
new_policy='''
package play
default hello = false
hello {
m := input.message
m == "world"
}
'''
self.assertEqual(True, self.myclient.update_opa_policy_fromstring(new_policy, "test"))
self.assertEqual(False, self.myclient.update_opa_policy_fromfile("/home/root/Documents/OPA-python-client/opa_client/test/test.txt","test"))
# self.assertEqual(self.myclient.update_opa_policy_fromurl())
self.assertEqual(["test"], self.myclient.get_policies_list())
my_dict = {'test': {'path': ['http://127.0.0.1:8181/v1/data/play'],'rules': ['http://127.0.0.1:8181/v1/data/play/hello']}}
self.assertEqual(my_dict, self.myclient.get_policies_info())
my_policy_list = [
{"resource": "/api/someapi", "identity": "your_identity", "method": "PUT"},
{"resource": "/api/someapi", "identity": "your_identity", "method": "GET"},
]
self.assertTrue(True,self.myclient.update_or_create_opa_data(my_policy_list,'exampledata/accesses'))
value = {'result': {'hello': False}}
try:
self.assertEqual(dict(), self.myclient.get_opa_raw_data("play"))
except Exception as err:
print("not right one",err)
try:
self.assertEqual(value, self.myclient.get_opa_raw_data("hello"))
except Exception as errr:
print(errr)
self.assertEqual(True, self.myclient.opa_policy_to_file("test"))
try:
self.assertEqual(dict(), self.myclient.get_opa_raw_data("play"))
except Exception as er:
print("not right",er)
try:
self.assertEqual(value, self.myclient.get_opa_raw_data("play"))
except Exception as identifier:
print(identifier)
#TODO
# self.assertEqual("sad", self.myclient.get_opa_policy("test"))
self.assertTrue(True, self.myclient.delete_opa_policy("test"))
with self.assertRaises(Exception):
self.myclient.delete_opa_policy("test")
with self.assertRaises(Exception):
self.myclient.delete_opa_data("play")
def setUp(self):
"""Set up the test for OpaClient object"""
self.myclient = OpaClient()
def sync_opa(obj):
client = OpaClient(
host='opa') # default host='localhost', port=8181, version='v1'
client.update_opa_policy_fromstring(obj['policy'], obj['name'])
del client