def test_agent_policies(self):
# set up data
gc = Mock()
service_key = "service_key"
resource_id = "resource_id"
pdpm = PolicyDecisionPointManager(gc)
invocation = Mock()
mock_header = Mock()
invocation.message_annotations = {}
invocation.message = {"argument1": 0}
invocation.headers = {
"op": "op",
"process": "process",
"request": "request",
"ion-actor-id": "ion-actor-id",
"receiver": "resource-registry",
"sender-type": "sender-type",
"sender-service": "Unknown",
"ion-actor-roles": {"org_name": ["SUPERUSER"]},
}
invocation.get_message_receiver.return_value = "service_key"
invocation.get_service_name.return_value = "Unknown"
invocation.get_message_sender.return_value = ["Unknown", "Unknown"]
def get_header_value(key, default):
return invocation.headers.get(key, default)
mock_header.side_effect = get_header_value
invocation.get_header_value = mock_header
mock_args = Mock()
process = Mock()
process.org_governance_name = "org_name"
process.resource_id = "resource_id"
invocation.args = {"process": process}
def get_arg_value(key, default="Unknown"):
return invocation.args.get(key, default)
mock_args.side_effect = get_arg_value
invocation.get_arg_value = mock_args
gc.system_root_org_name = "sys_org_name"
# check that service policies result in denying the request
pdpm.set_service_policy_rules(service_key, self.deny_SUPERUSER_rule)
pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Deny")
# check that resource policies result in denying the request
pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule)
pdpm.set_resource_policy_rules(resource_id, self.deny_SUPERUSER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Deny")
# check that both service and resource policies need to allow a request
pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule)
pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Permit")
def test_agent_policies(self):
# set up data
gc = Mock()
service_key = 'service_key'
resource_id = 'resource_id'
pdpm = PolicyDecisionPointManager(gc)
invocation = Mock()
mock_header = Mock()
invocation.message_annotations = {}
invocation.message = {'argument1': 0 }
invocation.headers = {'op': 'op', 'process': 'process', 'request': 'request', 'ion-actor-id': 'ion-actor-id', 'receiver': 'resource-registry',
'sender-type': 'sender-type', 'sender-service': 'Unknown', 'ion-actor-roles': {'org_name': ['ION_MANAGER']}}
invocation.get_message_receiver.return_value = 'service_key'
invocation.get_service_name.return_value = 'Unknown'
invocation.get_message_sender.return_value = ['Unknown','Unknown']
def get_header_value(key, default):
return invocation.headers.get(key, default)
mock_header.side_effect = get_header_value
invocation.get_header_value = mock_header
mock_args = Mock()
process = Mock()
process.org_governance_name = 'org_name'
process.resource_id = 'resource_id'
invocation.args = {'process': process}
def get_arg_value(key, default='Unknown'):
return invocation.args.get(key, default)
mock_args.side_effect = get_arg_value
invocation.get_arg_value = mock_args
gc.system_root_org_name = 'sys_org_name'
# check that service policies result in denying the request
pdpm.load_service_policy_rules(service_key, self.deny_ION_MANAGER_rule)
pdpm.load_resource_policy_rules(resource_id, self.permit_ION_MANAGER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Deny")
# check that resource policies result in denying the request
pdpm.load_service_policy_rules(service_key, self.permit_ION_MANAGER_rule)
pdpm.load_resource_policy_rules(resource_id, self.deny_ION_MANAGER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Deny")
# check that both service and resource policies need to allow a request
pdpm.load_service_policy_rules(service_key, self.permit_ION_MANAGER_rule)
pdpm.load_resource_policy_rules(resource_id, self.permit_ION_MANAGER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Permit")
def test_agent_policies(self):
# set up data
gc = Mock()
service_key = 'service_key'
resource_id = 'resource_id'
pdpm = PolicyDecisionPointManager(gc)
invocation = Mock()
mock_header = Mock()
invocation.message_annotations = {}
invocation.message = {'argument1': 0}
invocation.headers = {
'op': 'op',
'process': 'process',
'request': 'request',
'ion-actor-id': 'ion-actor-id',
'receiver': 'resource-registry',
'sender-type': 'sender-type',
'sender-service': 'Unknown',
'ion-actor-roles': {
'org_name': ['SUPERUSER']
}
}
invocation.get_message_receiver.return_value = 'service_key'
invocation.get_service_name.return_value = 'Unknown'
invocation.get_message_sender.return_value = ['Unknown', 'Unknown']
def get_header_value(key, default):
return invocation.headers.get(key, default)
mock_header.side_effect = get_header_value
invocation.get_header_value = mock_header
mock_args = Mock()
process = Mock()
process.org_governance_name = 'org_name'
process.resource_id = 'resource_id'
invocation.args = {'process': process}
def get_arg_value(key, default='Unknown'):
return invocation.args.get(key, default)
mock_args.side_effect = get_arg_value
invocation.get_arg_value = mock_args
gc.system_root_org_name = 'sys_org_name'
# check that service policies result in denying the request
pdpm.set_service_policy_rules(service_key, self.deny_SUPERUSER_rule)
pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Deny")
# check that resource policies result in denying the request
pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule)
pdpm.set_resource_policy_rules(resource_id, self.deny_SUPERUSER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Deny")
# check that both service and resource policies need to allow a request
pdpm.set_service_policy_rules(service_key, self.permit_SUPERUSER_rule)
pdpm.set_resource_policy_rules(resource_id, self.permit_SUPERUSER_rule)
response = pdpm.check_agent_request_policies(invocation)
self.assertEqual(response.value, "Permit")
