Exemplo n.º 1
0
def test_to_policy():
    policy_json = {
        "uid": "a381fdd3-b73a-4858-a57b-94085628b0f1",
        "description": "Block user 'Max' when ip in CIDR 192.168.1.0/24",
        "rules": {
            "subject": {
                "$.name": {
                    "condition": "Equals",
                    "value": "Max"
                }
            },
            "context": {
                "$.ip": {
                    "condition": "Not",
                    "value": {
                        "condition": "CIDR",
                        "value": "192.168.1.0/24"
                    }
                }
            }
        },
        "targets": {
            "subject_id": "user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"
        },
        "effect": "deny"
    }
    policy = Policy.from_json(policy_json)
    model = PolicyModel.from_policy(policy)
    new_policy = model.to_policy()
    assert policy.uid == new_policy.uid
    assert policy.description == new_policy.description
    assert policy.priority == new_policy.priority
Exemplo n.º 2
0
def test_get_aggregate_pipeline(subject_id, resource_id, action_id, pipeline):
    returned_pipeline = PolicyModel.get_aggregate_pipeline(
        subject_id, resource_id, action_id)
    assert sorted(
        returned_pipeline[0]['$match']['tags.action.id']['$in']) == sorted(
            pipeline[0]['$match']['tags.action.id']['$in'])
    assert sorted(
        returned_pipeline[0]['$match']['tags.resource.id']['$in']) == sorted(
            pipeline[0]['$match']['tags.resource.id']['$in'])
    assert sorted(
        returned_pipeline[0]['$match']['tags.subject.id']['$in']) == sorted(
            pipeline[0]['$match']['tags.subject.id']['$in'])

    assert sorted(returned_pipeline[1]['$match']['tags.action.id']['$not']
                  ['$elemMatch']['$nin']) == sorted(
                      pipeline[1]['$match']['tags.action.id']['$not']
                      ['$elemMatch']['$nin'])
    assert sorted(returned_pipeline[1]['$match']['tags.resource.id']['$not']
                  ['$elemMatch']['$nin']) == sorted(
                      pipeline[1]['$match']['tags.resource.id']['$not']
                      ['$elemMatch']['$nin'])
    assert sorted(returned_pipeline[1]['$match']['tags.subject.id']['$not']
                  ['$elemMatch']['$nin']) == sorted(
                      pipeline[1]['$match']['tags.subject.id']['$not']
                      ['$elemMatch']['$nin'])
Exemplo n.º 3
0
def test_to_doc():
    policy_json = {
        "uid": "a381fdd3-b73a-4858-a57b-94085628b0f1",
        "description": "Block user 'Max' when ip in CIDR 192.168.1.0/24",
        "rules": {
            "subject": {
                "$.name": {
                    "condition": "Equals",
                    "value": "Max"
                }
            },
            "context": {
                "$.ip": {
                    "condition": "Not",
                    "value": {
                        "condition": "CIDR",
                        "value": "192.168.1.0/24"
                    }
                }
            }
        },
        "targets": {
            "subject_id": "user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"
        },
        "effect": "deny"
    }
    policy = Policy.from_json(policy_json)
    policy_doc = {
        "_id": policy.uid,
        "policy_str": json.dumps(policy.to_json()),
        "tags": {}
    }
    model = PolicyModel.from_doc(policy_doc)
    new_policy_doc = model.to_doc()
    assert policy_doc == new_policy_doc
Exemplo n.º 4
0
def test_from_policy():
    policy_json = {
        "uid": "a381fdd3-b73a-4858-a57b-94085628b0f1",
        "description": "Block user 'Max' when ip in CIDR 192.168.1.0/24",
        "rules": {
            "subject": {
                "$.name": {
                    "condition": "Equals",
                    "value": "Max"
                }
            },
            "context": {
                "$.ip": {
                    "condition": "Not",
                    "value": {
                        "condition": "CIDR",
                        "value": "192.168.1.0/24"
                    }
                }
            }
        },
        "targets": {
            "subject_id": "user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"
        },
        "effect": "deny"
    }
    policy = Policy.from_json(policy_json)
    model = PolicyModel.from_policy(policy)
    assert isinstance(model, PolicyModel)
    assert isinstance(model.policy_str, str)
    assert isinstance(model._id, str)
    assert isinstance(model.tags, dict)
    assert model.policy_str == json.dumps(policy.to_json())
    assert model._id == policy.uid
    assert model.tags == {
        "subject": [{
            "id": ["user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"]
        }],
        "resource": [{
            "id": ["*"]
        }],
        "action": [{
            "id": ["*"]
        }]
    }
Exemplo n.º 5
0
def test__targets_to_tags(policy_json, tags):
    policy = Policy.from_json(policy_json)
    assert PolicyModel._targets_to_tags(policy.targets) == tags