def setUp(self): super(APIControllerWithRBACTestCase, self).setUp() self.users = {} self.roles = {} # Run RBAC migrations run_all_rbac_migrations() # Insert mock users with default role assignments role_names = [SystemRole.SYSTEM_ADMIN, SystemRole.ADMIN, SystemRole.OBSERVER] for role_name in role_names: user_db = UserDB(name=role_name) user_db = User.add_or_update(user_db) self.users[role_name] = user_db role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=role_name) UserRoleAssignment.add_or_update(role_assignment_db) # Insert a user with no permissions and role assignments user_1_db = UserDB(name='no_permissions') user_1_db = User.add_or_update(user_1_db) self.users['no_permissions'] = user_1_db
def setUp(self): super(PolicyTypeControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'fake_policy_type_1.yaml' PolicyTypeControllerRBACTestCase.POLICY_TYPE_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name] file_name = 'fake_policy_type_2.yaml' PolicyTypeControllerRBACTestCase.POLICY_TYPE_2 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='policy_type_list') user_1_db = User.add_or_update(user_1_db) self.users['policy_type_list'] = user_1_db user_2_db = UserDB(name='policy_type_view') user_2_db = User.add_or_update(user_2_db) self.users['policy_type_view'] = user_2_db # Roles # policy_type_list grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.POLICY_TYPE, permission_types=[PermissionType.POLICY_TYPE_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='policy_type_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['policy_type_list'] = role_1_db # policy_type_view on timer 1 policy_type_uid = self.models['policytypes']['fake_policy_type_1.yaml'].get_uid() grant_db = PermissionGrantDB(resource_uid=policy_type_uid, resource_type=ResourceType.POLICY_TYPE, permission_types=[PermissionType.POLICY_TYPE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='policy_type_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['policy_type_view'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['policy_type_list'].name, role=self.roles['policy_type_list'].name, source='assignments/%s.yaml' % self.users['policy_type_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['policy_type_view'].name, role=self.roles['policy_type_view'].name, source='assignments/%s.yaml' % self.users['policy_type_view'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionControllerRBACTestCase, self).setUp() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'action1.yaml' ActionControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'actions': [file_name]})['actions'][file_name] # Insert mock users, roles and assignments # Users user_2_db = UserDB(name='action_create') user_2_db = User.add_or_update(user_2_db) self.users['action_create'] = user_2_db # Roles # action_create grant on parent pack grant_db = PermissionGrantDB(resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='action_create', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['action_create'] = role_1_db # Role assignments user_db = self.users['action_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_create'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionExecutionRBACControllerTestCase, self).setUp() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='multiple_roles') user_1_db = User.add_or_update(user_1_db) self.users['multiple_roles'] = user_1_db # Roles roles = ['role_1', 'role_2', 'role_3'] for role in roles: role_db = RoleDB(name=role) Role.add_or_update(role_db) # Role assignments user_db = self.users['multiple_roles'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role='admin', source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) for role in roles: role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=role, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ExecutionViewsFiltersControllerRBACTestCase, self).setUp() # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='execution_views_filters_list') user_1_db = User.add_or_update(user_1_db) self.users['execution_views_filters_list'] = user_1_db # Roles # trace_list permission_types = [PermissionType.EXECUTION_VIEWS_FILTERS_LIST] grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.EXECUTION, permission_types=permission_types) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='execution_views_filters_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['execution_views_filters_list'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['execution_views_filters_list'].name, role=self.roles['execution_views_filters_list'].name, source='assignments/%s.yaml' % self.users['execution_views_filters_list'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(TestRbacController, self).setUp() permissions = [ PermissionType.RULE_CREATE, PermissionType.RULE_VIEW, PermissionType.RULE_MODIFY, PermissionType.RULE_DELETE ] for name in permissions: user_db = UserDB(name=name) user_db = User.add_or_update(user_db) self.users[name] = user_db # Roles # action_create grant on parent pack grant_db = PermissionGrantDB(resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[name]) grant_db = PermissionGrant.add_or_update(grant_db) grant_2_db = PermissionGrantDB( resource_uid='action:wolfpack:action-1', resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) permission_grants = [str(grant_db.id), str(grant_2_db.id)] role_db = RoleDB(name=name, permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles[name] = role_db # Role assignments role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=role_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RBACRoleAssignmentsControllerRBACTestCase, self).setUp() # Insert mock users, roles and assignments self.role_assignments = {} # Users user_1_db = UserDB(name='user_foo') user_1_db = User.add_or_update(user_1_db) self.users['user_foo'] = user_1_db # Roles role_1_db = RoleDB(name='user_foo', permission_grants=[]) role_1_db = Role.add_or_update(role_1_db) self.roles['user_foo'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['user_foo'].name, role=self.roles['user_foo'].name, source='assignments/%s.yaml' % self.users['user_foo'].name) UserRoleAssignment.add_or_update(role_assignment_db) self.role_assignments['assignment_one'] = role_assignment_db role_assignment_db = UserRoleAssignmentDB( user='******', role=self.roles['user_foo'].name, source='assignments/user_bar.yaml') UserRoleAssignment.add_or_update(role_assignment_db) self.role_assignments['assignment_two'] = role_assignment_db
def setUp(self): super(PolicyTypeControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'fake_policy_type_1.yaml' PolicyTypeControllerRBACTestCase.POLICY_TYPE_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name] file_name = 'fake_policy_type_2.yaml' PolicyTypeControllerRBACTestCase.POLICY_TYPE_2 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='policy_type_list') user_1_db = User.add_or_update(user_1_db) self.users['policy_type_list'] = user_1_db user_2_db = UserDB(name='policy_type_view') user_2_db = User.add_or_update(user_2_db) self.users['policy_type_view'] = user_2_db # Roles # policy_type_list grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.POLICY_TYPE, permission_types=[PermissionType.POLICY_TYPE_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='policy_type_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['policy_type_list'] = role_1_db # policy_type_view on timer 1 policy_type_uid = self.models['policytypes']['fake_policy_type_1.yaml'].get_uid() grant_db = PermissionGrantDB(resource_uid=policy_type_uid, resource_type=ResourceType.POLICY_TYPE, permission_types=[PermissionType.POLICY_TYPE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='policy_type_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['policy_type_view'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['policy_type_list'].name, role=self.roles['policy_type_list'].name, source='assignments/%s.yaml' % self.users['policy_type_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['policy_type_view'].name, role=self.roles['policy_type_view'].name, source='assignments/%s.yaml' % self.users['policy_type_view'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RBACRoleAssignmentsControllerRBACTestCase, self).setUp() # Insert mock users, roles and assignments self.role_assignments = {} # Users user_1_db = UserDB(name='user_foo') user_1_db = User.add_or_update(user_1_db) self.users['user_foo'] = user_1_db # Roles role_1_db = RoleDB(name='user_foo', permission_grants=[]) role_1_db = Role.add_or_update(role_1_db) self.roles['user_foo'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['user_foo'].name, role=self.roles['user_foo'].name, source='assignments/%s.yaml' % self.users['user_foo'].name) UserRoleAssignment.add_or_update(role_assignment_db) self.role_assignments['assignment_one'] = role_assignment_db role_assignment_db = UserRoleAssignmentDB( user='******', role=self.roles['user_foo'].name, source='assignments/user_bar.yaml') UserRoleAssignment.add_or_update(role_assignment_db) self.role_assignments['assignment_two'] = role_assignment_db
def setUp(self): super(WebhookPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_webhook_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_webhook_grant'] = user_1_db # Create some mock resources on which permissions can be granted webhook_1_db = WebhookDB(name='st2/') self.resources['webhook_1'] = webhook_1_db # Create some mock roles with associated permission grants # Custom role - "webhook_send" grant on webhook_1 grant_db = PermissionGrantDB(resource_uid=self.resources['webhook_1'].get_uid(), resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_SEND]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_webhook_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_webhook_grant'] = role_db # Create some mock role assignments user_db = self.users['custom_role_webhook_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_webhook_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ExecutionViewsFiltersControllerRBACTestCase, self).setUp() # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='execution_views_filters_list') user_1_db = User.add_or_update(user_1_db) self.users['execution_views_filters_list'] = user_1_db # Roles # trace_list permission_types = [PermissionType.EXECUTION_VIEWS_FILTERS_LIST] grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.EXECUTION, permission_types=permission_types) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='execution_views_filters_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['execution_views_filters_list'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['execution_views_filters_list'].name, role=self.roles['execution_views_filters_list'].name, source='assignments/%s.yaml' % self.users['execution_views_filters_list'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(WebhookPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_webhook_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_webhook_grant'] = user_1_db # Create some mock resources on which permissions can be granted webhook_1_db = WebhookDB(name='st2/') self.resources['webhook_1'] = webhook_1_db # Create some mock roles with associated permission grants # Custom role - "webhook_send" grant on webhook_1 grant_db = PermissionGrantDB( resource_uid=self.resources['webhook_1'].get_uid(), resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_SEND]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_webhook_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_webhook_grant'] = role_db # Create some mock role assignments user_db = self.users['custom_role_webhook_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_webhook_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionControllerRBACTestCase, self).setUp() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'action1.yaml' ActionControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'actions': [file_name]})['actions'][file_name] # Insert mock users, roles and assignments # Users user_2_db = UserDB(name='action_create') user_2_db = User.add_or_update(user_2_db) self.users['action_create'] = user_2_db # Roles # action_create grant on parent pack grant_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='action_create', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['action_create'] = role_1_db # Role assignments user_db = self.users['action_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_create'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(BaseAPIControllerWithRBACTestCase, self).setUp() self.users = {} self.roles = {} # Run RBAC migrations run_all_rbac_migrations() # Insert mock users with default role assignments role_names = [ SystemRole.SYSTEM_ADMIN, SystemRole.ADMIN, SystemRole.OBSERVER ] for role_name in role_names: user_db = UserDB(name=role_name) user_db = User.add_or_update(user_db) self.users[role_name] = user_db role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=role_name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) # Insert a user with no permissions and role assignments user_1_db = UserDB(name='no_permissions') user_1_db = User.add_or_update(user_1_db) self.users['no_permissions'] = user_1_db
def setUp(self): super(RunnerPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_runner_view_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_runner_view_grant'] = user_1_db user_2_db = UserDB(name='custom_role_runner_modify_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_runner_modify_grant'] = user_2_db # Create some mock resources on which permissions can be granted runner_1_db = RunnerTypeDB(name='runner_1') self.resources['runner_1'] = runner_1_db runner_2_db = RunnerTypeDB(name='runner_2') self.resources['runner_2'] = runner_2_db # Create some mock roles with associated permission grants # Custom role - "runner_view" grant on runner_1 grant_db = PermissionGrantDB( resource_uid=self.resources['runner_1'].get_uid(), resource_type=ResourceType.RUNNER, permission_types=[PermissionType.RUNNER_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_runner_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_runner_view_grant'] = role_db # Custom role - "runner_modify" grant on runner_2 grant_db = PermissionGrantDB( resource_uid=self.resources['runner_2'].get_uid(), resource_type=ResourceType.RUNNER, permission_types=[PermissionType.RUNNER_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_runner_modify_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_runner_modify_grant'] = role_db # Create some mock role assignments user_db = self.users['custom_role_runner_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_runner_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_runner_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_runner_modify_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(WebhookControllerRBACTestCase, self).setUp() # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='webhook_list') user_1_db = User.add_or_update(user_1_db) self.users['webhook_list'] = user_1_db user_2_db = UserDB(name='webhook_view') user_2_db = User.add_or_update(user_2_db) self.users['webhook_view'] = user_2_db # Roles # webhook_list grant_db = PermissionGrantDB( resource_uid=None, resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='webhook_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['webhook_list'] = role_1_db # webhook_view on webhook 1 (git) name = 'git' webhook_db = WebhookDB(name=name) webhook_uid = webhook_db.get_uid() grant_db = PermissionGrantDB( resource_uid=webhook_uid, resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='webhook_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['webhook_view'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['webhook_list'].name, role=self.roles['webhook_list'].name, source='assignments/%s.yaml' % self.users['webhook_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['webhook_view'].name, role=self.roles['webhook_view'].name, source='assignments/%s.yaml' % self.users['webhook_view'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RunnerPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_runner_view_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_runner_view_grant'] = user_1_db user_2_db = UserDB(name='custom_role_runner_modify_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_runner_modify_grant'] = user_2_db # Create some mock resources on which permissions can be granted runner_1_db = RunnerTypeDB(name='runner_1') self.resources['runner_1'] = runner_1_db runner_2_db = RunnerTypeDB(name='runner_2') self.resources['runner_2'] = runner_2_db # Create some mock roles with associated permission grants # Custom role - "runner_view" grant on runner_1 grant_db = PermissionGrantDB(resource_uid=self.resources['runner_1'].get_uid(), resource_type=ResourceType.RUNNER, permission_types=[PermissionType.RUNNER_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_runner_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_runner_view_grant'] = role_db # Custom role - "runner_modify" grant on runner_2 grant_db = PermissionGrantDB(resource_uid=self.resources['runner_2'].get_uid(), resource_type=ResourceType.RUNNER, permission_types=[PermissionType.RUNNER_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_runner_modify_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_runner_modify_grant'] = role_db # Create some mock role assignments user_db = self.users['custom_role_runner_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_runner_view_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_runner_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_runner_modify_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(APIControllersRBACTestCase, self).setUp() # Register packs if self.register_packs: self._register_packs() # Insert mock objects - those objects are used to test get one, edit and delete operations self.models = self.fixtures_loader.save_fixtures_to_db( fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) self.role_assignment_db_model = UserRoleAssignmentDB(user='******', role='role') UserRoleAssignment.add_or_update(self.role_assignment_db_model)
def setUp(self): super(APIControllersRBACTestCase, self).setUp() # Register packs if self.register_packs: self._register_packs() # Insert mock objects - those objects are used to test get one, edit and delete operations self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) self.role_assignment_db_model = UserRoleAssignmentDB( user='******', role='role', source='assignments/user.yaml') UserRoleAssignment.add_or_update(self.role_assignment_db_model)
def setUp(self): super(WebhookControllerRBACTestCase, self).setUp() # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='webhook_list') user_1_db = User.add_or_update(user_1_db) self.users['webhook_list'] = user_1_db user_2_db = UserDB(name='webhook_view') user_2_db = User.add_or_update(user_2_db) self.users['webhook_view'] = user_2_db # Roles # webhook_list grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='webhook_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['webhook_list'] = role_1_db # webhook_view on webhook 1 (git) name = 'git' webhook_db = WebhookDB(name=name) webhook_uid = webhook_db.get_uid() grant_db = PermissionGrantDB(resource_uid=webhook_uid, resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='webhook_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['webhook_view'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['webhook_list'].name, role=self.roles['webhook_list'].name, source='assignments/%s.yaml' % self.users['webhook_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['webhook_view'].name, role=self.roles['webhook_view'].name, source='assignments/%s.yaml' % self.users['webhook_view'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def assign_role_to_user(role_db, user_db, description=None, is_remote=False, source=None): """ Assign role to a user. :param role_db: Role to assign. :type role_db: :class:`RoleDB` :param user_db: User to assign the role to. :type user_db: :class:`UserDB` :param description: Optional assingment description. :type description: ``str`` :param include_remote: True if this a remote assignment. :type include_remote: ``bool`` :param source: Source from where this assignment comes from. For example, path of a file if it's a local assignment or mapping or "API". :type source: ``str`` """ role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=role_db.name, source=source, description=description, is_remote=is_remote) role_assignment_db = UserRoleAssignment.add_or_update(role_assignment_db) return role_assignment_db
def setUp(self): super(ActionViewsControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db( fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'a1.yaml' ActionViewsControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'actions': [file_name]})['actions'][file_name] file_name = 'a2.yaml' ActionViewsControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'actions': [file_name]})['actions'][file_name] # Insert mock users, roles and assignments # Users user_2_db = UserDB(name='action_view_a1') user_2_db = User.add_or_update(user_2_db) self.users['action_view_a1'] = user_2_db # Roles # action_view on a1 action_uid = self.models['actions']['a1.yaml'].get_uid() grant_db = PermissionGrantDB( resource_uid=action_uid, resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='action_view_a1', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['action_view_a1'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['action_view_a1'].name, role=self.roles['action_view_a1'].name, source='assignments/%s.yaml' % self.users['action_view_a1'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionViewsControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'a1.yaml' ActionViewsControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'actions': [file_name]})['actions'][file_name] file_name = 'a2.yaml' ActionViewsControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'actions': [file_name]})['actions'][file_name] # Insert mock users, roles and assignments # Users user_2_db = UserDB(name='action_view_a1') user_2_db = User.add_or_update(user_2_db) self.users['action_view_a1'] = user_2_db # Roles # action_view on a1 action_uid = self.models['actions']['a1.yaml'].get_uid() grant_db = PermissionGrantDB(resource_uid=action_uid, resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='action_view_a1', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['action_view_a1'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['action_view_a1'].name, role=self.roles['action_view_a1'].name, source='assignments/%s.yaml' % self.users['action_view_a1'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RBACControllerTestCase, self).setUp() permissions = [PermissionType.RULE_CREATE, PermissionType.RULE_VIEW, PermissionType.RULE_MODIFY, PermissionType.RULE_DELETE] for name in permissions: user_db = UserDB(name=name) user_db = User.add_or_update(user_db) self.users[name] = user_db # Roles # action_create grant on parent pack grant_db = PermissionGrantDB(resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[name]) grant_db = PermissionGrant.add_or_update(grant_db) grant_2_db = PermissionGrantDB(resource_uid='action:wolfpack:action-1', resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) permission_grants = [str(grant_db.id), str(grant_2_db.id)] role_db = RoleDB(name=name, permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles[name] = role_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=role_db.name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user='******', role='role_two', source='assignments/user_two.yaml', is_remote=True) UserRoleAssignment.add_or_update(role_assignment_db)
def _insert_common_mock_role_assignments(self): # Insert common mock role assignments role_assignment_admin = UserRoleAssignmentDB( user=self.users['admin'].name, role=self.roles['admin_role'].name, source='assignments/admin.yaml') role_assignment_admin = UserRoleAssignment.add_or_update( role_assignment_admin) role_assignment_observer = UserRoleAssignmentDB( user=self.users['observer'].name, role=self.roles['observer_role'].name, source='assignments/observer.yaml') role_assignment_observer = UserRoleAssignment.add_or_update( role_assignment_observer) user_db = self.users['1_custom_role_no_permissions'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_1'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def _insert_common_mock_role_assignments(self): # Insert common mock role assignments role_assignment_admin = UserRoleAssignmentDB( user=self.users['admin'].name, role=self.roles['admin_role'].name, source='assignments/admin.yaml') role_assignment_admin = UserRoleAssignment.add_or_update(role_assignment_admin) role_assignment_observer = UserRoleAssignmentDB( user=self.users['observer'].name, role=self.roles['observer_role'].name, source='assignments/observer.yaml') role_assignment_observer = UserRoleAssignment.add_or_update(role_assignment_observer) user_db = self.users['1_custom_role_no_permissions'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_1'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def assign_role_to_user( role_db, user_db, description=None, is_remote=False, source=None, ignore_already_exists_error=False, ): """ Assign role to a user. :param role_db: Role to assign. :type role_db: :class:`RoleDB` :param user_db: User to assign the role to. :type user_db: :class:`UserDB` :param description: Optional assingment description. :type description: ``str`` :param include_remote: True if this a remote assignment. :type include_remote: ``bool`` :param source: Source from where this assignment comes from. For example, path of a file if it's a local assignment or mapping or "API". :type source: ``str`` :param: ignore_already_exists_error: True to ignore error if an assignment already exists. :type ignore_already_exists_error: ``bool`` """ role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=role_db.name, source=source, description=description, is_remote=is_remote, ) try: role_assignment_db = UserRoleAssignment.add_or_update( role_assignment_db) except (NotUniqueError, StackStormDBObjectConflictError) as e: if not ignore_already_exists_error: raise e role_assignment_db = UserRoleAssignment.query( user=user_db.name, role=role_db.name, source=source, description=description).first() return role_assignment_db
def assign_role_to_user(role_db, user_db): """ Assign role to a user. :param role_db: Role to assign. :type role_db: :class:`RoleDB` :param user_db: User to assign the role to. :type user_db: :class:`UserDB` """ role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=role_db.name) role_assignment_db = UserRoleAssignment.add_or_update(role_assignment_db) return role_assignment_db
def assign_role_to_user(role_db, user_db, description=None): """ Assign role to a user. :param role_db: Role to assign. :type role_db: :class:`RoleDB` :param user_db: User to assign the role to. :type user_db: :class:`UserDB` :param description: Optional assingment description. :type description: ``str`` """ role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=role_db.name, description=description) role_assignment_db = UserRoleAssignment.add_or_update(role_assignment_db) return role_assignment_db
def assign_role_to_user(role_db, user_db, description=None): """ Assign role to a user. :param role_db: Role to assign. :type role_db: :class:`RoleDB` :param user_db: User to assign the role to. :type user_db: :class:`UserDB` :param description: Optional assingment description. :type description: ``str`` """ role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=role_db.name, description=description) role_assignment_db = UserRoleAssignment.add_or_update(role_assignment_db) return role_assignment_db
def setUp(self): super(RBACServicesTestCase, self).setUp() # TODO: Share mocks self.users = {} self.roles = {} self.resources = {} # Create some mock users user_1_db = UserDB(name='admin') user_1_db = User.add_or_update(user_1_db) self.users['admin'] = user_1_db user_2_db = UserDB(name='observer') user_2_db = User.add_or_update(user_2_db) self.users['observer'] = user_2_db user_3_db = UserDB(name='no_roles') user_3_db = User.add_or_update(user_3_db) self.users['no_roles'] = user_3_db user_4_db = UserDB(name='custom_role') user_4_db = User.add_or_update(user_4_db) self.users['1_custom_role'] = user_4_db # Create some mock roles role_1_db = rbac_services.create_role(name='custom_role_1') role_2_db = rbac_services.create_role(name='custom_role_2', description='custom role 2') self.roles['custom_role_1'] = role_1_db self.roles['custom_role_2'] = role_2_db # Create some mock role assignments role_assignment_1 = UserRoleAssignmentDB( user=self.users['1_custom_role'].name, role=self.roles['custom_role_1'].name) role_assignment_1 = UserRoleAssignment.add_or_update(role_assignment_1) # Create some mock resources on which permissions can be granted rule_1_db = RuleDB(pack='test1', name='rule1', ref='test1.rule1') rule_1_db = Rule.add_or_update(rule_1_db) self.resources['rule_1'] = rule_1_db
def setUp(self): super(RBACServicesTestCase, self).setUp() # TODO: Share mocks self.users = {} self.roles = {} self.resources = {} # Create some mock users user_1_db = UserDB(name='admin') user_1_db = User.add_or_update(user_1_db) self.users['admin'] = user_1_db user_2_db = UserDB(name='observer') user_2_db = User.add_or_update(user_2_db) self.users['observer'] = user_2_db user_3_db = UserDB(name='no_roles') user_3_db = User.add_or_update(user_3_db) self.users['no_roles'] = user_3_db user_4_db = UserDB(name='custom_role') user_4_db = User.add_or_update(user_4_db) self.users['1_custom_role'] = user_4_db # Create some mock roles role_1_db = rbac_services.create_role(name='custom_role_1') role_2_db = rbac_services.create_role(name='custom_role_2', description='custom role 2') self.roles['custom_role_1'] = role_1_db self.roles['custom_role_2'] = role_2_db # Create some mock role assignments role_assignment_1 = UserRoleAssignmentDB(user=self.users['1_custom_role'].name, role=self.roles['custom_role_1'].name) role_assignment_1 = UserRoleAssignment.add_or_update(role_assignment_1) # Create some mock resources on which permissions can be granted rule_1_db = RuleDB(pack='test1', name='rule1', ref='test1.rule1') rule_1_db = Rule.add_or_update(rule_1_db) self.resources['rule_1'] = rule_1_db
def assign_role_to_user(role_db, user_db, description=None, is_remote=False): """ Assign role to a user. :param role_db: Role to assign. :type role_db: :class:`RoleDB` :param user_db: User to assign the role to. :type user_db: :class:`UserDB` :param description: Optional assingment description. :type description: ``str`` :param include_remote: True if this a remote assignment. :type include_remote: ``bool`` """ role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=role_db.name, description=description, is_remote=is_remote) role_assignment_db = UserRoleAssignment.add_or_update(role_assignment_db) return role_assignment_db
def _insert_common_mock_role_assignments(self): # Insert common mock role assignments role_assignment_admin = UserRoleAssignmentDB(user=self.users["admin"].name, role=self.roles["admin_role"].name) role_assignment_admin = UserRoleAssignment.add_or_update(role_assignment_admin) role_assignment_observer = UserRoleAssignmentDB( user=self.users["observer"].name, role=self.roles["observer_role"].name ) role_assignment_observer = UserRoleAssignment.add_or_update(role_assignment_observer) user_db = self.users["1_custom_role_no_permissions"] role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=self.roles["custom_role_1"].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users["custom_role_pack_grant"] role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=self.roles["custom_role_pack_grant"].name) UserRoleAssignment.add_or_update(role_assignment_db)
def assign_role_to_user(role_db, user_db, description=None, is_remote=False, source=None, ignore_already_exists_error=False): """ Assign role to a user. :param role_db: Role to assign. :type role_db: :class:`RoleDB` :param user_db: User to assign the role to. :type user_db: :class:`UserDB` :param description: Optional assingment description. :type description: ``str`` :param include_remote: True if this a remote assignment. :type include_remote: ``bool`` :param source: Source from where this assignment comes from. For example, path of a file if it's a local assignment or mapping or "API". :type source: ``str`` :param: ignore_already_exists_error: True to ignore error if an assignment already exists. :type ignore_already_exists_error: ``bool`` """ role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=role_db.name, source=source, description=description, is_remote=is_remote) try: role_assignment_db = UserRoleAssignment.add_or_update(role_assignment_db) except (NotUniqueError, StackStormDBObjectConflictError) as e: if not ignore_already_exists_error: raise e role_assignment_db = UserRoleAssignment.query(user=user_db.name, role=role_db.name, source=source, description=description).first() return role_assignment_db
def setUp(self): super(RuleControllerRBACTestCase, self).setUp() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'rule_with_webhook_trigger.yaml' RuleControllerRBACTestCase.RULE_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'rules': [file_name]})['rules'][file_name] file_name = 'rule_example_pack.yaml' RuleControllerRBACTestCase.RULE_2 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'rules': [file_name]})['rules'][file_name] # Insert mock users, roles and assignments self = self self.users = {} self.roles = {} # Users user_1_db = UserDB(name='rule_create') user_1_db = User.add_or_update(user_1_db) self.users['rule_create'] = user_1_db user_2_db = UserDB(name='rule_create_webhook_create') user_2_db = User.add_or_update(user_2_db) self.users['rule_create_webhook_create'] = user_2_db user_3_db = UserDB(name='rule_create_webhook_create_core_local_execute') user_3_db = User.add_or_update(user_3_db) self.users['rule_create_webhook_create_core_local_execute'] = user_3_db # Roles # rule_create grant on parent pack grant_db = PermissionGrantDB(resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='rule_create', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['rule_create'] = role_1_db # rule_create grant on parent pack, webhook_create on webhook "sample" grant_1_db = PermissionGrantDB(resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB(resource_uid='webhook:sample', resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_CREATE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) permission_grants = [str(grant_1_db.id), str(grant_2_db.id)] role_2_db = RoleDB(name='rule_create_webhook_create', permission_grants=permission_grants) role_2_db = Role.add_or_update(role_2_db) self.roles['rule_create_webhook_create'] = role_2_db # rule_create grant on parent pack, webhook_create on webhook "sample", action_execute on # core.local grant_1_db = PermissionGrantDB(resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB(resource_uid='webhook:sample', resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_CREATE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) grant_3_db = PermissionGrantDB(resource_uid='action:core:local', resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_3_db = PermissionGrant.add_or_update(grant_3_db) permission_grants = [str(grant_1_db.id), str(grant_2_db.id), str(grant_3_db.id)] role_3_db = RoleDB(name='rule_create_webhook_create_core_local_execute', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['rule_create_webhook_create_core_local_execute'] = role_3_db # Role assignments user_db = self.users['rule_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_create_webhook_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create_webhook_create'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_create_webhook_create_core_local_execute'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create_webhook_create_core_local_execute'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='1_role_action_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_action_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_action_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_action_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_action_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_action_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_action_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_action_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_action_execute_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_action_execute_grant'] = user_5_db user_6_db = UserDB(name='action_pack_action_create_grant') user_6_db = User.add_or_update(user_6_db) self.users['action_pack_action_create_grant'] = user_6_db user_7_db = UserDB(name='action_pack_action_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['action_pack_action_all_grant'] = user_7_db user_8_db = UserDB(name='action_action_create_grant') user_8_db = User.add_or_update(user_8_db) self.users['action_action_create_grant'] = user_8_db user_9_db = UserDB(name='action_action_all_grant') user_9_db = User.add_or_update(user_9_db) self.users['action_action_all_grant'] = user_9_db user_10_db = UserDB(name='custom_role_action_list_grant') user_10_db = User.add_or_update(user_10_db) self.users['custom_role_action_list_grant'] = user_10_db # Create some mock resources on which permissions can be granted action_1_db = ActionDB(pack='test_pack_1', name='action1', entry_point='', runner_type={'name': 'local-shell-cmd'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db action_2_db = ActionDB(pack='test_pack_1', name='action2', entry_point='', runner_type={'name': 'local-shell-cmd'}) action_2_db = Action.add_or_update(action_1_db) self.resources['action_2'] = action_2_db action_3_db = ActionDB(pack='test_pack_2', name='action3', entry_point='', runner_type={'name': 'local-shell-cmd'}) action_3_db = Action.add_or_update(action_3_db) self.resources['action_3'] = action_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "action_view" on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_action_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_action_pack_grant'] = role_3_db # Custom role 4 - one grant on action # "action_view" on action_3 grant_db = PermissionGrantDB(resource_uid=self.resources['action_3'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_grant'] = role_4_db # Custom role - "action_all" grant on a parent action pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_action_all_grant'] = role_4_db # Custom role - "action_all" grant on action grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_all_grant'] = role_4_db # Custom role - "action_execute" on action_1 grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_action_execute_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_action_execute_grant'] = role_5_db # Custom role - "action_create" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_6_db = RoleDB(name='action_pack_action_create_grant', permission_grants=permission_grants) role_6_db = Role.add_or_update(role_6_db) self.roles['action_pack_action_create_grant'] = role_6_db # Custom role - "action_all" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_7_db = RoleDB(name='action_pack_action_all_grant', permission_grants=permission_grants) role_7_db = Role.add_or_update(role_7_db) self.roles['action_pack_action_all_grant'] = role_7_db # Custom role - "action_create" grant on action_1 grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_8_db = RoleDB(name='action_action_create_grant', permission_grants=permission_grants) role_8_db = Role.add_or_update(role_8_db) self.roles['action_action_create_grant'] = role_8_db # Custom role - "action_all" grant on action_1 grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_9_db = RoleDB(name='action_action_all_grant', permission_grants=permission_grants) role_9_db = Role.add_or_update(role_9_db) self.roles['action_action_all_grant'] = role_9_db # Custom role - "action_list" grant grant_db = PermissionGrantDB(resource_uid=None, resource_type=None, permission_types=[PermissionType.ACTION_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_10_db = RoleDB(name='custom_role_action_list_grant', permission_grants=permission_grants) role_10_db = Role.add_or_update(role_10_db) self.roles['custom_role_action_list_grant'] = role_10_db # Create some mock role assignments user_db = self.users['custom_role_action_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_execute_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_pack_action_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_pack_action_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_pack_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_action_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_action_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(InquiryRBACControllerTestCase, self).setUp() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) # Insert mock users, roles and assignments assignments = { "user_get_db": { "roles": ["role_get"], "permissions": [PermissionType.INQUIRY_VIEW], "resource_type": ResourceType.INQUIRY, "resource_uid": 'inquiry' }, "user_list_db": { "roles": ["role_list"], "permissions": [PermissionType.INQUIRY_LIST], "resource_type": ResourceType.INQUIRY, "resource_uid": 'inquiry' }, "user_respond_db": { "roles": ["role_respond"], "permissions": [PermissionType.INQUIRY_RESPOND], "resource_type": ResourceType.INQUIRY, "resource_uid": 'inquiry' }, "user_respond_paramtest": { "roles": ["role_respond_2"], "permissions": [PermissionType.INQUIRY_RESPOND], "resource_type": ResourceType.INQUIRY, "resource_uid": 'inquiry' }, "user_respond_inherit": { "roles": ["role_inherit"], "permissions": [PermissionType.ACTION_EXECUTE], "resource_type": ResourceType.ACTION, "resource_uid": 'action:wolfpack:inquiry-workflow' } } # Create users for user in assignments.keys(): user_db = UserDB(name=user) user_db = User.add_or_update(user_db) self.users[user] = user_db # Create grants and assign to roles for assignment_details in assignments.values(): grant_db = PermissionGrantDB( permission_types=assignment_details["permissions"], resource_uid=assignment_details["resource_uid"], resource_type=assignment_details["resource_type"] ) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] for role in assignment_details["roles"]: role_db = RoleDB(name=role, permission_grants=permission_grants) Role.add_or_update(role_db) # Assign users to roles for user_name, assignment_details in assignments.items(): user_db = self.users[user_name] for role in assignment_details['roles']: role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=role, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) # Create Inquiry data = { 'action': 'wolfpack.ask', 'parameters': { "roles": [ 'role_respond' ] } } result = { "schema": SCHEMA_DEFAULT, "roles": ['role_respond'], "users": [], "route": "", "ttl": 1440 } result_default = { "schema": SCHEMA_DEFAULT, "roles": [], "users": [], "route": "", "ttl": 1440 } # Use admin user for creating test objects user_db = self.users['admin'] self.use_user(user_db) # Create workflow wf_data = { 'action': 'wolfpack.inquiry-workflow' } post_resp = self.app.post_json('/v1/executions', wf_data) wf_id = str(post_resp.json.get('id')) inquiry_with_parent = { 'action': 'wolfpack.ask', # 'parameters': {}, 'context': { "parent": { 'execution_id': wf_id } } } resp = self._do_create_inquiry(data, result) self.assertEqual(resp.status_int, http_client.OK) self.inquiry_id = resp.json.get('id') # Validated expected context for inquiries under RBAC expected_context = { 'pack': 'wolfpack', 'user': '******', 'rbac': { 'user': '******', 'roles': ['admin'] } } self.assertEqual(resp.json['context'], expected_context) # Create inquiry in workflow resp = self._do_create_inquiry(inquiry_with_parent, result_default) self.assertEqual(resp.status_int, http_client.OK) self.inquiry_inherit_id = resp.json.get('id') # Validated expected context for inquiries under RBAC expected_context = { 'pack': 'wolfpack', 'parent': { 'execution_id': wf_id }, 'user': '******', 'rbac': { 'user': '******', 'roles': ['admin'] } } self.assertEqual(resp.json['context'], expected_context)
def setUp(self): super(ActionAliasPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='alias_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['alias_pack_grant'] = user_1_db user_2_db = UserDB(name='alias_grant') user_2_db = User.add_or_update(user_2_db) self.users['alias_grant'] = user_2_db user_3_db = UserDB(name='pack_alias_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['pack_alias_all_grant'] = user_3_db user_4_db = UserDB(name='alias_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['alias_all_grant'] = user_4_db user_5_db = UserDB(name='alias_modify_grant') user_5_db = User.add_or_update(user_5_db) self.users['alias_modify_grant'] = user_5_db user_6_db = UserDB(name='alias_pack_alias_create_grant') user_6_db = User.add_or_update(user_6_db) self.users['alias_pack_alias_create_grant'] = user_6_db user_7_db = UserDB(name='alias_pack_alias_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['alias_pack_alias_all_grant'] = user_7_db user_8_db = UserDB(name='alias_alias_create_grant') user_8_db = User.add_or_update(user_8_db) self.users['alias_alias_create_grant'] = user_8_db user_10_db = UserDB(name='alias_list_grant') user_10_db = User.add_or_update(user_10_db) self.users['alias_list_grant'] = user_10_db # Create some mock resources on which permissions can be granted alias_1_db = ActionAliasDB(pack='test_pack_1', name='alias1', formats=['a'], action_ref='core.local') self.resources['alias_1'] = alias_1_db alias_2_db = ActionAliasDB(pack='test_pack_1', name='alias2', formats=['a'], action_ref='core.local') self.resources['alias_2'] = alias_2_db alias_3_db = ActionAliasDB(pack='test_pack_2', name='alias3', formats=['a'], action_ref='core.local') self.resources['alias_3'] = alias_3_db # Create some mock roles with associated permission grants # One grant on parent pack, action_alias_view on pack1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='alias_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['alias_pack_grant'] = role_3_db # "action_alias_view" on alias_3 grant_db = PermissionGrantDB(resource_uid=self.resources['alias_3'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='alias_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['alias_grant'] = role_4_db # Custom role - "action_alias_all" grant on a parent pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='pack_alias_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['pack_alias_all_grant'] = role_4_db # Custom role - "action_alias_all" grant on alias grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='alias_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['alias_all_grant'] = role_4_db # Custom role - "alias_modify" on alias_1 grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='alias_modify_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['alias_modify_grant'] = role_5_db # Custom role - "action_alias_create" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_6_db = RoleDB(name='alias_pack_alias_create_grant', permission_grants=permission_grants) role_6_db = Role.add_or_update(role_6_db) self.roles['alias_pack_alias_create_grant'] = role_6_db # Custom role - "action_alias_all" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_7_db = RoleDB(name='alias_pack_alias_all_grant', permission_grants=permission_grants) role_7_db = Role.add_or_update(role_7_db) self.roles['alias_pack_alias_all_grant'] = role_7_db # Custom role - "action_alias_create" grant on alias_1 grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_8_db = RoleDB(name='alias_alias_create_grant', permission_grants=permission_grants) role_8_db = Role.add_or_update(role_8_db) self.roles['alias_alias_create_grant'] = role_8_db # Custom role - "alias_list" grant grant_db = PermissionGrantDB(resource_uid=None, resource_type=None, permission_types=[PermissionType.ACTION_ALIAS_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_10_db = RoleDB(name='alias_list_grant', permission_grants=permission_grants) role_10_db = Role.add_or_update(role_10_db) self.roles['alias_list_grant'] = role_10_db # Create some mock role assignments user_db = self.users['alias_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['pack_alias_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['pack_alias_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_modify_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_pack_alias_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_pack_alias_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_pack_alias_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_pack_alias_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_alias_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_alias_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionExecutionRBACControllerTestCase, self).setUp() runners_registrar.register_runners() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='multiple_roles') user_1_db = User.add_or_update(user_1_db) self.users['multiple_roles'] = user_1_db user_2_db = UserDB(name='user_two') user_2_db = User.add_or_update(user_2_db) self.users['user_two'] = user_2_db user_3_db = UserDB(name='user_three') user_3_db = User.add_or_update(user_3_db) self.users['user_three'] = user_3_db # Roles roles = ['role_1', 'role_2', 'role_3'] for role in roles: role_db = RoleDB(name=role) Role.add_or_update(role_db) # action_execute, execution_list on parent pack # action_view on parent pack grant_1_db = PermissionGrantDB(resource_uid='pack:wolfpack', resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_EXECUTE, PermissionType.ACTION_VIEW]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.EXECUTION, permission_types=[PermissionType.EXECUTION_LIST]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) permission_grants = [str(grant_1_db.id), str(grant_2_db.id)] role_1_db = RoleDB(name='role_4', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['role_4'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=user_1_db.name, role='admin', source='assignments/%s.yaml' % user_1_db.name) UserRoleAssignment.add_or_update(role_assignment_db) for role in roles: role_assignment_db = UserRoleAssignmentDB( user=user_1_db.name, role=role, source='assignments/%s.yaml' % user_1_db.name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=user_2_db.name, role='role_4', source='assignments/%s.yaml' % user_2_db.name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=user_3_db.name, role='role_4', source='assignments/%s.yaml' % user_2_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ApiKeyControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db( fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'apikey1.yaml' ApiKeyControllerRBACTestCase.API_KEY_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'apikeys': [file_name]})['apikeys'][file_name] file_name = 'apikey2.yaml' ApiKeyControllerRBACTestCase.API_KEY_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'apikeys': [file_name]})['apikeys'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='api_key_list') user_1_db = User.add_or_update(user_1_db) self.users['api_key_list'] = user_1_db user_2_db = UserDB(name='api_key_view') user_2_db = User.add_or_update(user_2_db) self.users['api_key_view'] = user_2_db user_3_db = UserDB(name='api_key_create') user_3_db = User.add_or_update(user_3_db) self.users['api_key_create'] = user_3_db # Roles # api_key_list grant_db = PermissionGrantDB( resource_uid=None, resource_type=ResourceType.API_KEY, permission_types=[PermissionType.API_KEY_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='api_key_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['api_key_list'] = role_1_db # api_key_view on apikey1 api_key_uid = self.models['apikeys']['apikey1.yaml'].get_uid() grant_db = PermissionGrantDB( resource_uid=api_key_uid, resource_type=ResourceType.API_KEY, permission_types=[PermissionType.API_KEY_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='api_key_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['api_key_view'] = role_1_db # api_key_list grant_db = PermissionGrantDB( resource_uid=None, resource_type=ResourceType.API_KEY, permission_types=[PermissionType.API_KEY_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='api_key_create', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['api_key_create'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['api_key_list'].name, role=self.roles['api_key_list'].name, source='assignments/%s.yaml' % self.users['api_key_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['api_key_view'].name, role=self.roles['api_key_view'].name, source='assignments/%s.yaml' % self.users['api_key_view'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['api_key_create'].name, role=self.roles['api_key_create'].name, source='assignments/%s.yaml' % self.users['api_key_create'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ExecutionPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_unrelated_pack_action_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_unrelated_pack_action_grant'] = user_1_db user_2_db = UserDB(name='custom_role_pack_action_grant_unrelated_permission') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_pack_action_grant_unrelated_permission'] = user_2_db user_3_db = UserDB(name='custom_role_pack_action_view_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_action_view_grant'] = user_3_db user_4_db = UserDB(name='custom_role_action_view_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_action_view_grant'] = user_4_db user_5_db = UserDB(name='custom_role_pack_action_execute_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_pack_action_execute_grant'] = user_5_db user_6_db = UserDB(name='custom_role_action_execute_grant') user_6_db = User.add_or_update(user_6_db) self.users['custom_role_action_execute_grant'] = user_6_db user_7_db = UserDB(name='custom_role_pack_action_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['custom_role_pack_action_all_grant'] = user_7_db user_8_db = UserDB(name='custom_role_action_all_grant') user_8_db = User.add_or_update(user_8_db) self.users['custom_role_action_all_grant'] = user_8_db # Create some mock resources on which permissions can be granted action_1_db = ActionDB(pack='test_pack_2', name='action1', entry_point='', runner_type={'name': 'run-local'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db runner = {'name': 'run-python'} liveaction = {'action': 'test_pack_2.action1'} status = action_constants.LIVEACTION_STATUS_REQUESTED action = {'uid': action_1_db.get_uid(), 'pack': 'test_pack_2'} exec_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) exec_1_db = ActionExecution.add_or_update(exec_1_db) self.resources['exec_1'] = exec_1_db # Create some mock roles with associated permission grants # Custom role - one grant to an unrelated pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_unrelated_pack_action_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_unrelated_pack_action_grant'] = role_db # Custom role - one grant of unrelated permission type to parent action pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_grant_unrelated_permission', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_grant_unrelated_permission'] = role_db # Custom role - one grant of "action_view" to the parent pack of the action the execution # belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_view_grant'] = role_db # Custom role - one grant of "action_view" to the action the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_view_grant'] = role_db # Custom role - one grant of "action_execute" to the parent pack of the action the # execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_execute_grant'] = role_db # Custom role - one grant of "action_execute" to the the action the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_execute_grant'] = role_db # Custom role - "action_all" grant on a parent action pack the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_action_all_grant'] = role_4_db # Custom role - "action_all" grant on action the execution belongs to grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_all_grant'] = role_4_db # Create some mock role assignments user_db = self.users['custom_role_unrelated_pack_action_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_unrelated_pack_action_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_grant_unrelated_permission'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_grant_unrelated_permission'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_view_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_view_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_execute_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_execute_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(SensorPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='1_role_sensor_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_sensor_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_sensor_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_sensor_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_sensor_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_sensor_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_sensor_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_sensor_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_sensor_list_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_sensor_list_grant'] = user_5_db # Create some mock resources on which permissions can be granted sensor_1_db = SensorTypeDB(pack='test_pack_1', name='sensor1') sensor_1_db = SensorType.add_or_update(sensor_1_db) self.resources['sensor_1'] = sensor_1_db sensor_2_db = SensorTypeDB(pack='test_pack_1', name='sensor2') sensor_2_db = SensorType.add_or_update(sensor_2_db) self.resources['sensor_2'] = sensor_2_db sensor_3_db = SensorTypeDB(pack='test_pack_2', name='sensor3') sensor_3_db = SensorType.add_or_update(sensor_3_db) self.resources['sensor_3'] = sensor_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "sensor_view" on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_sensor_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_sensor_pack_grant'] = role_3_db # Custom role 4 - one grant on pack # "sensor_view on sensor_3 grant_db = PermissionGrantDB( resource_uid=self.resources['sensor_3'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_grant'] = role_4_db # Custom role - "sensor_all" grant on a parent sensor pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_sensor_all_grant'] = role_4_db # Custom role - "sensor_all" grant on a sensor grant_db = PermissionGrantDB( resource_uid=self.resources['sensor_1'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_all_grant'] = role_4_db # Custom role - "sensor_list" grant grant_db = PermissionGrantDB( resource_uid=None, resource_type=None, permission_types=[PermissionType.SENSOR_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_sensor_list_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_sensor_list_grant'] = role_5_db # Create some mock role assignments user_db = self.users['custom_role_sensor_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_sensor_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionAliasPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='alias_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['alias_pack_grant'] = user_1_db user_2_db = UserDB(name='alias_grant') user_2_db = User.add_or_update(user_2_db) self.users['alias_grant'] = user_2_db user_3_db = UserDB(name='pack_alias_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['pack_alias_all_grant'] = user_3_db user_4_db = UserDB(name='alias_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['alias_all_grant'] = user_4_db user_5_db = UserDB(name='alias_modify_grant') user_5_db = User.add_or_update(user_5_db) self.users['alias_modify_grant'] = user_5_db user_6_db = UserDB(name='alias_pack_alias_create_grant') user_6_db = User.add_or_update(user_6_db) self.users['alias_pack_alias_create_grant'] = user_6_db user_7_db = UserDB(name='alias_pack_alias_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['alias_pack_alias_all_grant'] = user_7_db user_8_db = UserDB(name='alias_alias_create_grant') user_8_db = User.add_or_update(user_8_db) self.users['alias_alias_create_grant'] = user_8_db user_10_db = UserDB(name='alias_list_grant') user_10_db = User.add_or_update(user_10_db) self.users['alias_list_grant'] = user_10_db # Create some mock resources on which permissions can be granted alias_1_db = ActionAliasDB(pack='test_pack_1', name='alias1', formats=['a'], action_ref='core.local') self.resources['alias_1'] = alias_1_db alias_2_db = ActionAliasDB(pack='test_pack_1', name='alias2', formats=['a'], action_ref='core.local') self.resources['alias_2'] = alias_2_db alias_3_db = ActionAliasDB(pack='test_pack_2', name='alias3', formats=['a'], action_ref='core.local') self.resources['alias_3'] = alias_3_db # Create some mock roles with associated permission grants # One grant on parent pack, action_alias_view on pack1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='alias_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['alias_pack_grant'] = role_3_db # "action_alias_view" on alias_3 grant_db = PermissionGrantDB(resource_uid=self.resources['alias_3'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='alias_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['alias_grant'] = role_4_db # Custom role - "action_alias_all" grant on a parent pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='pack_alias_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['pack_alias_all_grant'] = role_4_db # Custom role - "action_alias_all" grant on alias grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='alias_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['alias_all_grant'] = role_4_db # Custom role - "alias_modify" on alias_1 grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='alias_modify_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['alias_modify_grant'] = role_5_db # Custom role - "action_alias_create" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_6_db = RoleDB(name='alias_pack_alias_create_grant', permission_grants=permission_grants) role_6_db = Role.add_or_update(role_6_db) self.roles['alias_pack_alias_create_grant'] = role_6_db # Custom role - "action_alias_all" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALIAS_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_7_db = RoleDB(name='alias_pack_alias_all_grant', permission_grants=permission_grants) role_7_db = Role.add_or_update(role_7_db) self.roles['alias_pack_alias_all_grant'] = role_7_db # Custom role - "action_alias_create" grant on alias_1 grant_db = PermissionGrantDB(resource_uid=self.resources['alias_1'].get_uid(), resource_type=ResourceType.ACTION_ALIAS, permission_types=[PermissionType.ACTION_ALIAS_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_8_db = RoleDB(name='alias_alias_create_grant', permission_grants=permission_grants) role_8_db = Role.add_or_update(role_8_db) self.roles['alias_alias_create_grant'] = role_8_db # Custom role - "alias_list" grant grant_db = PermissionGrantDB(resource_uid=None, resource_type=None, permission_types=[PermissionType.ACTION_ALIAS_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_10_db = RoleDB(name='alias_list_grant', permission_grants=permission_grants) role_10_db = Role.add_or_update(role_10_db) self.roles['alias_list_grant'] = role_10_db # Create some mock role assignments user_db = self.users['alias_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['pack_alias_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['pack_alias_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_modify_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_pack_alias_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_pack_alias_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_pack_alias_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_pack_alias_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_alias_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_alias_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['alias_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['alias_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(InquiryPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_inquiry_list_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_inquiry_list_grant'] = user_1_db user_2_db = UserDB(name='custom_role_inquiry_view_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_inquiry_view_grant'] = user_2_db user_3_db = UserDB(name='custom_role_inquiry_respond_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_inquiry_respond_grant'] = user_3_db user_4_db = UserDB(name='custom_role_inquiry_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_inquiry_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_inquiry_inherit') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_inquiry_inherit'] = user_5_db # Create a workflow for testing inheritance of action_execute permission # to inquiry_respond permission wf_db = ActionDB(pack='examples', name='mistral-ask-basic', entry_point='', runner_type={'name': 'mistral-v2'}) wf_db = Action.add_or_update(wf_db) self.resources['wf'] = wf_db runner = {'name': 'mistral-v2'} liveaction = {'action': 'examples.mistral-ask-basic'} status = action_constants.LIVEACTION_STATUS_PAUSED # Spawn workflow action = {'uid': wf_db.get_uid(), 'pack': 'examples'} wf_exc_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) wf_exc_db = ActionExecution.add_or_update(wf_exc_db) # Create an Inquiry on which permissions can be granted action_1_db = ActionDB(pack='core', name='ask', entry_point='', runner_type={'name': 'inquirer'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db runner = {'name': 'inquirer'} liveaction = {'action': 'core.ask'} status = action_constants.LIVEACTION_STATUS_PENDING # For now, Inquiries are "borrowing" the ActionExecutionDB model, # so we have to test with that model action = {'uid': action_1_db.get_uid(), 'pack': 'core'} inquiry_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) # A separate inquiry that has a parent (so we can test workflow permission inheritance) inquiry_2_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status, parent=str(wf_exc_db.id)) # A bit gross, but it's what we have to do since Inquiries # don't yet have their own data model def get_uid(): return "inquiry" inquiry_1_db.get_uid = get_uid inquiry_2_db.get_uid = get_uid inquiry_1_db = ActionExecution.add_or_update(inquiry_1_db) inquiry_2_db = ActionExecution.add_or_update(inquiry_2_db) self.resources['inquiry_1'] = inquiry_1_db self.resources['inquiry_2'] = inquiry_2_db ############################################################ # Create some mock roles with associated permission grants # ############################################################ # Custom role - "inquiry_list" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_list_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_list_grant'] = role_db # Custom role - "inquiry_view" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_view_grant'] = role_db # Custom role - "inquiry_respond" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_RESPOND]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_respond_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_respond_grant'] = role_db # Custom role - "inquiry_all" grant grant_db = PermissionGrantDB(resource_uid=self.resources['inquiry_1'].get_uid(), resource_type=ResourceType.INQUIRY, permission_types=[PermissionType.INQUIRY_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_all_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_all_grant'] = role_db # Custom role - inheritance grant grant_db = PermissionGrantDB(resource_uid=self.resources['wf'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_inquiry_inherit', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_inquiry_inherit'] = role_db ##################################### # Create some mock role assignments # ##################################### user_db = self.users['custom_role_inquiry_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_respond_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_respond_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_inquiry_inherit'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_inquiry_inherit'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(BaseRuleControllerRBACTestCase, self).setUp() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'rule_with_webhook_trigger.yaml' self.RULE_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'rules': [file_name]})['rules'][file_name] file_name = 'rule_example_pack.yaml' self.RULE_2 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'rules': [file_name]})['rules'][file_name] file_name = 'rule_action_doesnt_exist.yaml' self.RULE_3 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'rules': [file_name]})['rules'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='rule_create') user_1_db = User.add_or_update(user_1_db) self.users['rule_create'] = user_1_db user_2_db = UserDB(name='rule_create_webhook_create') user_2_db = User.add_or_update(user_2_db) self.users['rule_create_webhook_create'] = user_2_db user_3_db = UserDB( name='rule_create_webhook_create_core_local_execute') user_3_db = User.add_or_update(user_3_db) self.users['rule_create_webhook_create_core_local_execute'] = user_3_db user_4_db = UserDB(name='rule_create_1') user_4_db = User.add_or_update(user_4_db) self.users['rule_create_1'] = user_4_db user_5_db = UserDB(name='user_two') user_5_db = User.add_or_update(user_5_db) self.users['user_two'] = user_5_db user_6_db = UserDB(name='user_three') user_6_db = User.add_or_update(user_6_db) self.users['user_three'] = user_6_db # Roles # rule_create grant on parent pack grant_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='rule_create', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['rule_create'] = role_1_db # rule_create grant on parent pack, webhook_create on webhook "sample" grant_1_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB( resource_uid='webhook:sample', resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_CREATE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) permission_grants = [str(grant_1_db.id), str(grant_2_db.id)] role_2_db = RoleDB(name='rule_create_webhook_create', permission_grants=permission_grants) role_2_db = Role.add_or_update(role_2_db) self.roles['rule_create_webhook_create'] = role_2_db # rule_create grant on parent pack, webhook_create on webhook "sample", action_execute on # core.local grant_1_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB( resource_uid='webhook:sample', resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_CREATE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) grant_3_db = PermissionGrantDB( resource_uid='action:core:local', resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_3_db = PermissionGrant.add_or_update(grant_3_db) permission_grants = [ str(grant_1_db.id), str(grant_2_db.id), str(grant_3_db.id) ] role_3_db = RoleDB( name='rule_create_webhook_create_core_local_execute', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['rule_create_webhook_create_core_local_execute'] = role_3_db # rule_create, rule_list, webhook_create, action_execute on parent pack grant_6_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_LIST]) grant_6_db = PermissionGrant.add_or_update(grant_6_db) permission_grants = [ str(grant_1_db.id), str(grant_2_db.id), str(grant_3_db.id), str(grant_6_db.id) ] role_5_db = RoleDB( name='rule_create_list_webhook_create_core_local_execute', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles[ 'rule_create_list_webhook_create_core_local_execute'] = role_5_db # rule_create grant on parent pack, webhook_create on webhook "sample", action_execute on # examples and wolfpack grant_1_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB( resource_uid='webhook:sample', resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_CREATE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) grant_3_db = PermissionGrantDB( resource_uid='pack:wolfpack', resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_3_db = PermissionGrant.add_or_update(grant_3_db) grant_4_db = PermissionGrantDB( resource_uid=None, resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_LIST]) grant_4_db = PermissionGrant.add_or_update(grant_4_db) grant_5_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_5_db = PermissionGrant.add_or_update(grant_5_db) permission_grants = [ str(grant_1_db.id), str(grant_2_db.id), str(grant_3_db.id), str(grant_4_db.id), str(grant_5_db.id) ] role_4_db = RoleDB(name='rule_create_webhook_create_action_execute', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['rule_create_webhook_create_action_execute'] = role_4_db # Role assignments user_db = self.users['rule_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_create_webhook_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create_webhook_create'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_create_webhook_create_core_local_execute'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create_webhook_create_core_local_execute']. name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_create_1'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create_webhook_create_action_execute'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['user_two'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role='rule_create_list_webhook_create_core_local_execute', source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['user_three'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role='rule_create_list_webhook_create_core_local_execute', source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionExecutionRBACControllerTestCase, self).setUp() runners_registrar.register_runners() self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='multiple_roles') user_1_db = User.add_or_update(user_1_db) self.users['multiple_roles'] = user_1_db user_2_db = UserDB(name='user_two') user_2_db = User.add_or_update(user_2_db) self.users['user_two'] = user_2_db user_3_db = UserDB(name='user_three') user_3_db = User.add_or_update(user_3_db) self.users['user_three'] = user_3_db # Roles roles = ['role_1', 'role_2', 'role_3'] for role in roles: role_db = RoleDB(name=role) Role.add_or_update(role_db) # action_execute, execution_list on parent pack # action_view on parent pack grant_1_db = PermissionGrantDB(resource_uid='pack:wolfpack', resource_type=ResourceType.PACK, permission_types=[ PermissionType.ACTION_EXECUTE, PermissionType.ACTION_VIEW ]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB( resource_uid=None, resource_type=ResourceType.EXECUTION, permission_types=[PermissionType.EXECUTION_LIST]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) permission_grants = [str(grant_1_db.id), str(grant_2_db.id)] role_1_db = RoleDB(name='role_4', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['role_4'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=user_1_db.name, role='admin', source='assignments/%s.yaml' % user_1_db.name) UserRoleAssignment.add_or_update(role_assignment_db) for role in roles: role_assignment_db = UserRoleAssignmentDB( user=user_1_db.name, role=role, source='assignments/%s.yaml' % user_1_db.name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=user_2_db.name, role='role_4', source='assignments/%s.yaml' % user_2_db.name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=user_3_db.name, role='role_4', source='assignments/%s.yaml' % user_2_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RuleEnforcementPermissionsResolverTestCase, self).setUp() register_internal_trigger_types() # Create some mock users user_1_db = UserDB(name='1_role_rule_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_rule_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_rule_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_rule_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_rule_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_rule_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_rule_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_rule_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_rule_modify_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_rule_modify_grant'] = user_5_db user_6_db = UserDB(name='rule_pack_rule_create_grant') user_6_db = User.add_or_update(user_6_db) self.users['rule_pack_rule_create_grant'] = user_6_db user_7_db = UserDB(name='rule_pack_rule_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['rule_pack_rule_all_grant'] = user_7_db user_8_db = UserDB(name='rule_rule_create_grant') user_8_db = User.add_or_update(user_8_db) self.users['rule_rule_create_grant'] = user_8_db user_9_db = UserDB(name='rule_rule_all_grant') user_9_db = User.add_or_update(user_9_db) self.users['rule_rule_all_grant'] = user_9_db user_10_db = UserDB(name='custom_role_rule_list_grant') user_10_db = User.add_or_update(user_10_db) self.users['custom_role_rule_list_grant'] = user_10_db # Create some mock resources on which permissions can be granted rule_1_db = RuleDB(pack='test_pack_1', name='rule1', action={'ref': 'core.local'}, trigger='core.st2.key_value_pair.create') rule_1_db = Rule.add_or_update(rule_1_db) self.resources['rule_1'] = rule_1_db rule_enforcement_1_db = RuleEnforcementDB(trigger_instance_id=str(bson.ObjectId()), execution_id=str(bson.ObjectId()), rule={'ref': rule_1_db.ref, 'uid': rule_1_db.uid, 'id': str(rule_1_db.id)}) rule_enforcement_1_db = RuleEnforcement.add_or_update(rule_enforcement_1_db) self.resources['rule_enforcement_1'] = rule_enforcement_1_db rule_2_db = RuleDB(pack='test_pack_1', name='rule2') rule_2_db = Rule.add_or_update(rule_2_db) self.resources['rule_2'] = rule_2_db rule_enforcement_2_db = RuleEnforcementDB(trigger_instance_id=str(bson.ObjectId()), execution_id=str(bson.ObjectId()), rule={'ref': rule_2_db.ref, 'uid': rule_2_db.uid, 'id': str(rule_2_db.id)}) rule_enforcement_2_db = RuleEnforcement.add_or_update(rule_enforcement_2_db) self.resources['rule_enforcement_2'] = rule_enforcement_2_db rule_3_db = RuleDB(pack='test_pack_2', name='rule3') rule_3_db = Rule.add_or_update(rule_3_db) self.resources['rule_3'] = rule_3_db rule_enforcement_3_db = RuleEnforcementDB(trigger_instance_id=str(bson.ObjectId()), execution_id=str(bson.ObjectId()), rule={'ref': rule_3_db.ref, 'uid': rule_3_db.uid, 'id': str(rule_3_db.id)}) rule_enforcement_3_db = RuleEnforcement.add_or_update(rule_enforcement_3_db) self.resources['rule_enforcement_3'] = rule_enforcement_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "rule_view" on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_rule_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_rule_pack_grant'] = role_3_db # Custom role 4 - one grant on rule # "rule_view on rule_3 grant_db = PermissionGrantDB(resource_uid=self.resources['rule_3'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_grant'] = role_4_db # Custom role - "rule_all" grant on a parent rule pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_rule_all_grant'] = role_4_db # Custom role - "rule_all" grant on a rule grant_db = PermissionGrantDB(resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_all_grant'] = role_4_db # Custom role - "rule_modify" on role_1 grant_db = PermissionGrantDB(resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_rule_modify_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_rule_modify_grant'] = role_5_db # Custom role - "rule_create" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_6_db = RoleDB(name='rule_pack_rule_create_grant', permission_grants=permission_grants) role_6_db = Role.add_or_update(role_6_db) self.roles['rule_pack_rule_create_grant'] = role_6_db # Custom role - "rule_all" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_7_db = RoleDB(name='rule_pack_rule_all_grant', permission_grants=permission_grants) role_7_db = Role.add_or_update(role_7_db) self.roles['rule_pack_rule_all_grant'] = role_7_db # Custom role - "rule_create" grant on rule_1 grant_db = PermissionGrantDB(resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_8_db = RoleDB(name='rule_rule_create_grant', permission_grants=permission_grants) role_8_db = Role.add_or_update(role_8_db) self.roles['rule_rule_create_grant'] = role_8_db # Custom role - "rule_all" grant on rule_1 grant_db = PermissionGrantDB(resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_9_db = RoleDB(name='rule_rule_all_grant', permission_grants=permission_grants) role_9_db = Role.add_or_update(role_9_db) self.roles['rule_rule_all_grant'] = role_9_db # Custom role - "rule_list" grant grant_db = PermissionGrantDB(resource_uid=None, resource_type=None, permission_types=[PermissionType.RULE_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_10_db = RoleDB(name='custom_role_rule_list_grant', permission_grants=permission_grants) role_10_db = Role.add_or_update(role_10_db) self.roles['custom_role_rule_list_grant'] = role_10_db # Create some mock role assignments user_db = self.users['custom_role_rule_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_pack_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_grant'] role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=self.roles['custom_role_rule_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_modify_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_pack_rule_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_pack_rule_create_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_pack_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_pack_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_rule_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_rule_create_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_list_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUpClass(cls): super(RuleControllerRBACTestCase, cls).setUpClass() cls.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'rule_with_webhook_trigger.yaml' RuleControllerRBACTestCase.RULE_1 = cls.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'rules': [file_name]})['rules'][file_name] file_name = 'rule1.yaml' RuleControllerRBACTestCase.RULE_2 = cls.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'rules': [file_name]})['rules'][file_name] # Insert mock users, roles and assignments self = cls cls.users = {} cls.roles = {} # Users user_1_db = UserDB(name='rule_create') user_1_db = User.add_or_update(user_1_db) self.users['rule_create'] = user_1_db user_2_db = UserDB(name='rule_create_webhook_create') user_2_db = User.add_or_update(user_2_db) self.users['rule_create_webhook_create'] = user_2_db user_3_db = UserDB( name='rule_create_webhook_create_core_local_execute') user_3_db = User.add_or_update(user_3_db) self.users['rule_create_webhook_create_core_local_execute'] = user_3_db # Roles # rule_create grant on parent pack grant_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='rule_create', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['rule_create'] = role_1_db # rule_create grant on parent pack, webhook_create on webhook "sample" grant_1_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB( resource_uid='webhook:sample', resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_CREATE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) permission_grants = [str(grant_1_db.id), str(grant_2_db.id)] role_2_db = RoleDB(name='rule_create_webhook_create', permission_grants=permission_grants) role_2_db = Role.add_or_update(role_2_db) self.roles['rule_create_webhook_create'] = role_2_db # rule_create grant on parent pack, webhook_create on webhook "sample", action_execute on # core.local grant_1_db = PermissionGrantDB( resource_uid='pack:examples', resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_1_db = PermissionGrant.add_or_update(grant_1_db) grant_2_db = PermissionGrantDB( resource_uid='webhook:sample', resource_type=ResourceType.WEBHOOK, permission_types=[PermissionType.WEBHOOK_CREATE]) grant_2_db = PermissionGrant.add_or_update(grant_2_db) grant_3_db = PermissionGrantDB( resource_uid='action:core:local', resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_3_db = PermissionGrant.add_or_update(grant_3_db) permission_grants = [ str(grant_1_db.id), str(grant_2_db.id), str(grant_3_db.id) ] role_3_db = RoleDB( name='rule_create_webhook_create_core_local_execute', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['rule_create_webhook_create_core_local_execute'] = role_3_db # Role assignments user_db = self.users['rule_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_create_webhook_create'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create_webhook_create'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_create_webhook_create_core_local_execute'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_create_webhook_create_core_local_execute']. name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(TimerControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db( fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'cron1.yaml' TimerControllerRBACTestCase.TRIGGER_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'triggers': [file_name]})['triggers'][file_name] file_name = 'date1.yaml' TimerControllerRBACTestCase.TRIGGER_2 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'triggers': [file_name]})['triggers'][file_name] file_name = 'interval1.yaml' TimerControllerRBACTestCase.TRIGGER_3 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'triggers': [file_name]})['triggers'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='timer_list') user_1_db = User.add_or_update(user_1_db) self.users['timer_list'] = user_1_db user_2_db = UserDB(name='timer_view') user_2_db = User.add_or_update(user_2_db) self.users['timer_view'] = user_2_db # Roles # timer_list grant_db = PermissionGrantDB( resource_uid=None, resource_type=ResourceType.TIMER, permission_types=[PermissionType.TIMER_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='timer_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['timer_list'] = role_1_db # timer_View on timer 1 trigger_db = self.models['triggers']['cron1.yaml'] timer_uid = TimerDB(name=trigger_db.name, pack=trigger_db.pack).get_uid() grant_db = PermissionGrantDB( resource_uid=timer_uid, resource_type=ResourceType.TIMER, permission_types=[PermissionType.TIMER_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='timer_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['timer_view'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['timer_list'].name, role=self.roles['timer_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['timer_view'].name, role=self.roles['timer_view'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ActionPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='1_role_action_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_action_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_action_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_action_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_action_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_action_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_action_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_action_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_action_execute_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_action_execute_grant'] = user_5_db user_6_db = UserDB(name='action_pack_action_create_grant') user_6_db = User.add_or_update(user_6_db) self.users['action_pack_action_create_grant'] = user_6_db user_7_db = UserDB(name='action_pack_action_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['action_pack_action_all_grant'] = user_7_db user_8_db = UserDB(name='action_action_create_grant') user_8_db = User.add_or_update(user_8_db) self.users['action_action_create_grant'] = user_8_db user_9_db = UserDB(name='action_action_all_grant') user_9_db = User.add_or_update(user_9_db) self.users['action_action_all_grant'] = user_9_db user_10_db = UserDB(name='custom_role_action_list_grant') user_10_db = User.add_or_update(user_10_db) self.users['custom_role_action_list_grant'] = user_10_db # Create some mock resources on which permissions can be granted action_1_db = ActionDB(pack='test_pack_1', name='action1', entry_point='', runner_type={'name': 'run-local'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db action_2_db = ActionDB(pack='test_pack_1', name='action2', entry_point='', runner_type={'name': 'run-local'}) action_2_db = Action.add_or_update(action_1_db) self.resources['action_2'] = action_2_db action_3_db = ActionDB(pack='test_pack_2', name='action3', entry_point='', runner_type={'name': 'run-local'}) action_3_db = Action.add_or_update(action_3_db) self.resources['action_3'] = action_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "action_view" on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_action_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_action_pack_grant'] = role_3_db # Custom role 4 - one grant on action # "action_view" on action_3 grant_db = PermissionGrantDB(resource_uid=self.resources['action_3'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_grant'] = role_4_db # Custom role - "action_all" grant on a parent action pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_action_all_grant'] = role_4_db # Custom role - "action_all" grant on action grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_all_grant'] = role_4_db # Custom role - "action_execute" on action_1 grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_action_execute_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_action_execute_grant'] = role_5_db # Custom role - "action_create" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_6_db = RoleDB(name='action_pack_action_create_grant', permission_grants=permission_grants) role_6_db = Role.add_or_update(role_6_db) self.roles['action_pack_action_create_grant'] = role_6_db # Custom role - "action_all" grant on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_7_db = RoleDB(name='action_pack_action_all_grant', permission_grants=permission_grants) role_7_db = Role.add_or_update(role_7_db) self.roles['action_pack_action_all_grant'] = role_7_db # Custom role - "action_create" grant on action_1 grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_8_db = RoleDB(name='action_action_create_grant', permission_grants=permission_grants) role_8_db = Role.add_or_update(role_8_db) self.roles['action_action_create_grant'] = role_8_db # Custom role - "action_all" grant on action_1 grant_db = PermissionGrantDB(resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_9_db = RoleDB(name='action_action_all_grant', permission_grants=permission_grants) role_9_db = Role.add_or_update(role_9_db) self.roles['action_action_all_grant'] = role_9_db # Custom role - "action_list" grant grant_db = PermissionGrantDB(resource_uid=None, resource_type=None, permission_types=[PermissionType.ACTION_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_10_db = RoleDB(name='custom_role_action_list_grant', permission_grants=permission_grants) role_10_db = Role.add_or_update(role_10_db) self.roles['custom_role_action_list_grant'] = role_10_db # Create some mock role assignments user_db = self.users['custom_role_action_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_pack_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_execute_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_pack_action_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_pack_action_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_pack_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_action_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_action_create_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['action_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['action_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(TimerControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'cron1.yaml' TimerControllerRBACTestCase.TRIGGER_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'triggers': [file_name]})['triggers'][file_name] file_name = 'date1.yaml' TimerControllerRBACTestCase.TRIGGER_2 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'triggers': [file_name]})['triggers'][file_name] file_name = 'interval1.yaml' TimerControllerRBACTestCase.TRIGGER_3 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'triggers': [file_name]})['triggers'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='timer_list') user_1_db = User.add_or_update(user_1_db) self.users['timer_list'] = user_1_db user_2_db = UserDB(name='timer_view') user_2_db = User.add_or_update(user_2_db) self.users['timer_view'] = user_2_db # Roles # timer_list grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.TIMER, permission_types=[PermissionType.TIMER_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='timer_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['timer_list'] = role_1_db # timer_View on timer 1 trigger_db = self.models['triggers']['cron1.yaml'] timer_uid = TimerDB(name=trigger_db.name, pack=trigger_db.pack).get_uid() grant_db = PermissionGrantDB(resource_uid=timer_uid, resource_type=ResourceType.TIMER, permission_types=[PermissionType.TIMER_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='timer_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['timer_view'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['timer_list'].name, role=self.roles['timer_list'].name, source='assignments/%s.yaml' % self.users['timer_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['timer_view'].name, role=self.roles['timer_view'].name, source='assignments/%s.yaml' % self.users['timer_view'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RulePermissionsResolverTestCase, self).setUp() # Register internal triggers - this is needed so we can reference an internal trigger # inside a mock rule register_internal_trigger_types() # Create some mock users user_1_db = UserDB(name='1_role_rule_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_rule_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_rule_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_rule_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_rule_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_rule_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_rule_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_rule_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_rule_modify_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_rule_modify_grant'] = user_5_db user_6_db = UserDB(name='rule_pack_rule_create_grant') user_6_db = User.add_or_update(user_6_db) self.users['rule_pack_rule_create_grant'] = user_6_db user_7_db = UserDB(name='rule_pack_rule_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['rule_pack_rule_all_grant'] = user_7_db user_8_db = UserDB(name='rule_rule_create_grant') user_8_db = User.add_or_update(user_8_db) self.users['rule_rule_create_grant'] = user_8_db user_9_db = UserDB(name='rule_rule_all_grant') user_9_db = User.add_or_update(user_9_db) self.users['rule_rule_all_grant'] = user_9_db # Create some mock resources on which permissions can be granted rule_1_db = RuleDB(pack='test_pack_1', name='rule1', action={'ref': 'core.local'}, trigger='core.st2.key_value_pair.create') rule_1_db = Rule.add_or_update(rule_1_db) self.resources['rule_1'] = rule_1_db rule_2_db = RuleDB(pack='test_pack_1', name='rule2') rule_2_db = Rule.add_or_update(rule_2_db) self.resources['rule_2'] = rule_2_db rule_3_db = RuleDB(pack='test_pack_2', name='rule3') rule_3_db = Rule.add_or_update(rule_3_db) self.resources['rule_3'] = rule_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "rule_view" on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_rule_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_rule_pack_grant'] = role_3_db # Custom role 4 - one grant on rule # "rule_view on rule_3 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_3'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_grant'] = role_4_db # Custom role - "rule_all" grant on a parent rule pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_rule_all_grant'] = role_4_db # Custom role - "rule_all" grant on a rule grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_all_grant'] = role_4_db # Custom role - "rule_modify" on role_1 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_rule_modify_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_rule_modify_grant'] = role_5_db # Custom role - "rule_create" grant on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_6_db = RoleDB(name='rule_pack_rule_create_grant', permission_grants=permission_grants) role_6_db = Role.add_or_update(role_6_db) self.roles['rule_pack_rule_create_grant'] = role_6_db # Custom role - "rule_all" grant on pack_1 grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_7_db = RoleDB(name='rule_pack_rule_all_grant', permission_grants=permission_grants) role_7_db = Role.add_or_update(role_7_db) self.roles['rule_pack_rule_all_grant'] = role_7_db # Custom role - "rule_create" grant on rule_1 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_8_db = RoleDB(name='rule_rule_create_grant', permission_grants=permission_grants) role_8_db = Role.add_or_update(role_8_db) self.roles['rule_rule_create_grant'] = role_8_db # Custom role - "rule_all" grant on rule_1 grant_db = PermissionGrantDB( resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_9_db = RoleDB(name='rule_rule_all_grant', permission_grants=permission_grants) role_9_db = Role.add_or_update(role_9_db) self.roles['rule_rule_all_grant'] = role_9_db # Create some mock role assignments user_db = self.users['custom_role_rule_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_pack_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_modify_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_pack_rule_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_pack_rule_create_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_pack_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_pack_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_rule_create_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_rule_create_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['rule_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['rule_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RulePermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='1_role_rule_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_rule_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_rule_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_rule_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_rule_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_rule_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_rule_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_rule_all_grant'] = user_4_db user_5_db = UserDB(name='custom_role_rule_modify_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_rule_modify_grant'] = user_5_db # Create some mock resources on which permissions can be granted rule_1_db = RuleDB(pack='test_pack_1', name='rule1') rule_1_db = Rule.add_or_update(rule_1_db) self.resources['rule_1'] = rule_1_db rule_2_db = RuleDB(pack='test_pack_1', name='rule2') rule_2_db = Rule.add_or_update(rule_2_db) self.resources['rule_2'] = rule_2_db rule_3_db = RuleDB(pack='test_pack_2', name='rule3') rule_3_db = Rule.add_or_update(rule_3_db) self.resources['rule_3'] = rule_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "rule_view" on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_rule_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_rule_pack_grant'] = role_3_db # Custom role 4 - one grant on rule # "rule_view on rule_3 grant_db = PermissionGrantDB(resource_uid=self.resources['rule_3'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_grant'] = role_4_db # Custom role - "rule_all" grant on a parent rule pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_rule_all_grant'] = role_4_db # Custom role - "rule_all" grant on a rule grant_db = PermissionGrantDB(resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_rule_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_rule_all_grant'] = role_4_db # Custom role - "rule_modify" on role_1 grant_db = PermissionGrantDB(resource_uid=self.resources['rule_1'].get_uid(), resource_type=ResourceType.RULE, permission_types=[PermissionType.RULE_MODIFY]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_rule_modify_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_rule_modify_grant'] = role_5_db # Create some mock role assignments user_db = self.users['custom_role_rule_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_pack_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_grant'] role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=self.roles['custom_role_rule_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_rule_modify_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_rule_modify_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(RBACServicesTestCase, self).setUp() # TODO: Share mocks self.users = {} self.roles = {} self.resources = {} # Create some mock users user_1_db = UserDB(name='admin') user_1_db = User.add_or_update(user_1_db) self.users['admin'] = user_1_db user_2_db = UserDB(name='observer') user_2_db = User.add_or_update(user_2_db) self.users['observer'] = user_2_db user_3_db = UserDB(name='no_roles') user_3_db = User.add_or_update(user_3_db) self.users['no_roles'] = user_3_db user_5_db = UserDB(name='user_5') user_5_db = User.add_or_update(user_5_db) self.users['user_5'] = user_5_db user_4_db = UserDB(name='custom_role') user_4_db = User.add_or_update(user_4_db) self.users['1_custom_role'] = user_4_db # Create some mock roles role_1_db = rbac_services.create_role(name='custom_role_1') role_2_db = rbac_services.create_role(name='custom_role_2', description='custom role 2') self.roles['custom_role_1'] = role_1_db self.roles['custom_role_2'] = role_2_db rbac_services.create_role(name='role_1') rbac_services.create_role(name='role_2') rbac_services.create_role(name='role_3') rbac_services.create_role(name='role_4') # Create some mock role assignments role_assignment_1 = UserRoleAssignmentDB( user=self.users['1_custom_role'].name, role=self.roles['custom_role_1'].name, source='assignments/%s.yaml' % self.users['1_custom_role'].name) role_assignment_1 = UserRoleAssignment.add_or_update(role_assignment_1) # Note: User use pymongo to insert mock data because we want to insert a # raw document and skip mongoengine to leave is_remote field unpopulated client = MongoClient() db = client['st2-test'] db.user_role_assignment_d_b.insert_one({ 'user': '******', 'role': 'role_1' }) db.user_role_assignment_d_b.insert_one({ 'user': '******', 'role': 'role_2' }) db.user_role_assignment_d_b.insert_one({ 'user': '******', 'role': 'role_3', 'is_remote': False }) db.user_role_assignment_d_b.insert_one({ 'user': '******', 'role': 'role_4', 'is_remote': True }) # Create some mock resources on which permissions can be granted rule_1_db = RuleDB(pack='test1', name='rule1', ref='test1.rule1') rule_1_db = Rule.add_or_update(rule_1_db) self.resources['rule_1'] = rule_1_db
def setUp(self): super(APIControllersRBACTestCase, self).setUp() self.role_assignment_db_model = UserRoleAssignmentDB( user='******', role='role', source='assignments/user.yaml') UserRoleAssignment.add_or_update(self.role_assignment_db_model)
def setUp(self): super(TraceControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'trace_for_test_enforce.yaml' TraceControllerRBACTestCase.TRACE_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'traces': [file_name]})['traces'][file_name] file_name = 'trace_for_test_enforce_2.yaml' TraceControllerRBACTestCase.TRACE_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'traces': [file_name]})['traces'][file_name] file_name = 'trace_for_test_enforce_3.yaml' TraceControllerRBACTestCase.TRACE_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'traces': [file_name]})['traces'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='trace_list') user_1_db = User.add_or_update(user_1_db) self.users['trace_list'] = user_1_db user_2_db = UserDB(name='trace_view') user_2_db = User.add_or_update(user_2_db) self.users['trace_view'] = user_2_db # Roles # trace_list grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.TRACE, permission_types=[PermissionType.TRACE_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='trace_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['trace_list'] = role_1_db # trace_view on trace 1 trace_uid = self.models['traces']['trace_for_test_enforce.yaml'].get_uid() grant_db = PermissionGrantDB(resource_uid=trace_uid, resource_type=ResourceType.TRACE, permission_types=[PermissionType.TRACE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='trace_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['trace_view'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['trace_list'].name, role=self.roles['trace_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['trace_view'].name, role=self.roles['trace_view'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ApiKeyControllerRBACTestCase, self).setUp() self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK, fixtures_dict=TEST_FIXTURES) file_name = 'apikey1.yaml' ApiKeyControllerRBACTestCase.API_KEY_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'apikeys': [file_name]})['apikeys'][file_name] file_name = 'apikey2.yaml' ApiKeyControllerRBACTestCase.API_KEY_1 = self.fixtures_loader.load_fixtures( fixtures_pack=FIXTURES_PACK, fixtures_dict={'apikeys': [file_name]})['apikeys'][file_name] # Insert mock users, roles and assignments # Users user_1_db = UserDB(name='api_key_list') user_1_db = User.add_or_update(user_1_db) self.users['api_key_list'] = user_1_db user_2_db = UserDB(name='api_key_view') user_2_db = User.add_or_update(user_2_db) self.users['api_key_view'] = user_2_db user_3_db = UserDB(name='api_key_create') user_3_db = User.add_or_update(user_3_db) self.users['api_key_create'] = user_3_db # Roles # api_key_list grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.API_KEY, permission_types=[PermissionType.API_KEY_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='api_key_list', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['api_key_list'] = role_1_db # api_key_view on apikey1 api_key_uid = self.models['apikeys']['apikey1.yaml'].get_uid() grant_db = PermissionGrantDB(resource_uid=api_key_uid, resource_type=ResourceType.API_KEY, permission_types=[PermissionType.API_KEY_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='api_key_view', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['api_key_view'] = role_1_db # api_key_list grant_db = PermissionGrantDB(resource_uid=None, resource_type=ResourceType.API_KEY, permission_types=[PermissionType.API_KEY_CREATE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_1_db = RoleDB(name='api_key_create', permission_grants=permission_grants) role_1_db = Role.add_or_update(role_1_db) self.roles['api_key_create'] = role_1_db # Role assignments role_assignment_db = UserRoleAssignmentDB( user=self.users['api_key_list'].name, role=self.roles['api_key_list'].name, source='assignments/%s.yaml' % self.users['api_key_list'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['api_key_view'].name, role=self.roles['api_key_view'].name, source='assignments/%s.yaml' % self.users['api_key_view'].name) UserRoleAssignment.add_or_update(role_assignment_db) role_assignment_db = UserRoleAssignmentDB( user=self.users['api_key_create'].name, role=self.roles['api_key_create'].name, source='assignments/%s.yaml' % self.users['api_key_create'].name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(ExecutionPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='custom_role_unrelated_pack_action_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_unrelated_pack_action_grant'] = user_1_db user_2_db = UserDB( name='custom_role_pack_action_grant_unrelated_permission') user_2_db = User.add_or_update(user_2_db) self.users[ 'custom_role_pack_action_grant_unrelated_permission'] = user_2_db user_3_db = UserDB(name='custom_role_pack_action_view_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_action_view_grant'] = user_3_db user_4_db = UserDB(name='custom_role_action_view_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_action_view_grant'] = user_4_db user_5_db = UserDB(name='custom_role_pack_action_execute_grant') user_5_db = User.add_or_update(user_5_db) self.users['custom_role_pack_action_execute_grant'] = user_5_db user_6_db = UserDB(name='custom_role_action_execute_grant') user_6_db = User.add_or_update(user_6_db) self.users['custom_role_action_execute_grant'] = user_6_db user_7_db = UserDB(name='custom_role_pack_action_all_grant') user_7_db = User.add_or_update(user_7_db) self.users['custom_role_pack_action_all_grant'] = user_7_db user_8_db = UserDB(name='custom_role_action_all_grant') user_8_db = User.add_or_update(user_8_db) self.users['custom_role_action_all_grant'] = user_8_db user_9_db = UserDB(name='custom_role_execution_list_grant') user_9_db = User.add_or_update(user_5_db) self.users['custom_role_execution_list_grant'] = user_9_db # Create some mock resources on which permissions can be granted action_1_db = ActionDB(pack='test_pack_2', name='action1', entry_point='', runner_type={'name': 'run-local'}) action_1_db = Action.add_or_update(action_1_db) self.resources['action_1'] = action_1_db runner = {'name': 'run-python'} liveaction = {'action': 'test_pack_2.action1'} status = action_constants.LIVEACTION_STATUS_REQUESTED action = {'uid': action_1_db.get_uid(), 'pack': 'test_pack_2'} exec_1_db = ActionExecutionDB(action=action, runner=runner, liveaction=liveaction, status=status) exec_1_db = ActionExecution.add_or_update(exec_1_db) self.resources['exec_1'] = exec_1_db # Create some mock roles with associated permission grants # Custom role - one grant to an unrelated pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_unrelated_pack_action_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_unrelated_pack_action_grant'] = role_db # Custom role - one grant of unrelated permission type to parent action pack grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.RULE_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB( name='custom_role_pack_action_grant_unrelated_permission', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles[ 'custom_role_pack_action_grant_unrelated_permission'] = role_db # Custom role - one grant of "action_view" to the parent pack of the action the execution # belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_view_grant'] = role_db # Custom role - one grant of "action_view" to the action the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_view_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_view_grant'] = role_db # Custom role - one grant of "action_execute" to the parent pack of the action the # execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_pack_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_pack_action_execute_grant'] = role_db # Custom role - one grant of "action_execute" to the the action the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_EXECUTE]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_db = RoleDB(name='custom_role_action_execute_grant', permission_grants=permission_grants) role_db = Role.add_or_update(role_db) self.roles['custom_role_action_execute_grant'] = role_db # Custom role - "action_all" grant on a parent action pack the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['pack_2'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_action_all_grant'] = role_4_db # Custom role - "action_all" grant on action the execution belongs to grant_db = PermissionGrantDB( resource_uid=self.resources['action_1'].get_uid(), resource_type=ResourceType.ACTION, permission_types=[PermissionType.ACTION_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_action_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_action_all_grant'] = role_4_db # Custom role - "execution_list" grant grant_db = PermissionGrantDB( resource_uid=None, resource_type=None, permission_types=[PermissionType.EXECUTION_LIST]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_5_db = RoleDB(name='custom_role_execution_list_grant', permission_grants=permission_grants) role_5_db = Role.add_or_update(role_5_db) self.roles['custom_role_execution_list_grant'] = role_5_db # Create some mock role assignments user_db = self.users['custom_role_unrelated_pack_action_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_unrelated_pack_action_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users[ 'custom_role_pack_action_grant_unrelated_permission'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self. roles['custom_role_pack_action_grant_unrelated_permission'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_view_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_view_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_execute_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_execute_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_execute_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_action_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_action_all_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_execution_list_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_execution_list_grant'].name, source='assignments/%s.yaml' % user_db.name) UserRoleAssignment.add_or_update(role_assignment_db)
def setUp(self): super(SensorPermissionsResolverTestCase, self).setUp() # Create some mock users user_1_db = UserDB(name='1_role_sensor_pack_grant') user_1_db = User.add_or_update(user_1_db) self.users['custom_role_sensor_pack_grant'] = user_1_db user_2_db = UserDB(name='1_role_sensor_grant') user_2_db = User.add_or_update(user_2_db) self.users['custom_role_sensor_grant'] = user_2_db user_3_db = UserDB(name='custom_role_pack_sensor_all_grant') user_3_db = User.add_or_update(user_3_db) self.users['custom_role_pack_sensor_all_grant'] = user_3_db user_4_db = UserDB(name='custom_role_sensor_all_grant') user_4_db = User.add_or_update(user_4_db) self.users['custom_role_sensor_all_grant'] = user_4_db # Create some mock resources on which permissions can be granted sensor_1_db = SensorTypeDB(pack='test_pack_1', name='sensor1') sensor_1_db = SensorType.add_or_update(sensor_1_db) self.resources['sensor_1'] = sensor_1_db sensor_2_db = SensorTypeDB(pack='test_pack_1', name='sensor2') sensor_2_db = SensorType.add_or_update(sensor_2_db) self.resources['sensor_2'] = sensor_2_db sensor_3_db = SensorTypeDB(pack='test_pack_2', name='sensor3') sensor_3_db = SensorType.add_or_update(sensor_3_db) self.resources['sensor_3'] = sensor_3_db # Create some mock roles with associated permission grants # Custom role 2 - one grant on parent pack # "sensor_view" on pack_1 grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_3_db = RoleDB(name='custom_role_sensor_pack_grant', permission_grants=permission_grants) role_3_db = Role.add_or_update(role_3_db) self.roles['custom_role_sensor_pack_grant'] = role_3_db # Custom role 4 - one grant on pack # "sensor_view on sensor_3 grant_db = PermissionGrantDB(resource_uid=self.resources['sensor_3'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_VIEW]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_grant'] = role_4_db # Custom role - "sensor_all" grant on a parent sensor pack grant_db = PermissionGrantDB(resource_uid=self.resources['pack_1'].get_uid(), resource_type=ResourceType.PACK, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_pack_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_pack_sensor_all_grant'] = role_4_db # Custom role - "sensor_all" grant on a sensor grant_db = PermissionGrantDB(resource_uid=self.resources['sensor_1'].get_uid(), resource_type=ResourceType.SENSOR, permission_types=[PermissionType.SENSOR_ALL]) grant_db = PermissionGrant.add_or_update(grant_db) permission_grants = [str(grant_db.id)] role_4_db = RoleDB(name='custom_role_sensor_all_grant', permission_grants=permission_grants) role_4_db = Role.add_or_update(role_4_db) self.roles['custom_role_sensor_all_grant'] = role_4_db # Create some mock role assignments user_db = self.users['custom_role_sensor_pack_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_pack_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_grant'] role_assignment_db = UserRoleAssignmentDB(user=user_db.name, role=self.roles['custom_role_sensor_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_pack_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_pack_sensor_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db) user_db = self.users['custom_role_sensor_all_grant'] role_assignment_db = UserRoleAssignmentDB( user=user_db.name, role=self.roles['custom_role_sensor_all_grant'].name) UserRoleAssignment.add_or_update(role_assignment_db)