def test_export_assignments():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(ASSIGNMENTS))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
type_elements = ["subject", "object", "action"]
for type_element in type_elements:
key = type_element + "_assignments"
assert key in data["content"]
assert isinstance(data["content"][key], list)
assert len(data["content"][key]) == 1
assignment_elt = data["content"][key][0]
assert type_element in assignment_elt
assert isinstance(assignment_elt[type_element], dict)
if type_element == "subject":
assert assignment_elt[type_element]["name"] == "testuser"
else:
assert assignment_elt[type_element]["name"] == "test " + type_element + " e0"
assert "category" in assignment_elt
assert isinstance(assignment_elt["category"], dict)
assert assignment_elt["category"]["name"] == "test " + type_element + " categories"
assert "assignments" in assignment_elt
assert isinstance(assignment_elt["assignments"], list)
assert len(assignment_elt["assignments"]) == 1
assert assignment_elt["assignments"][0]["name"] == "test " + type_element + " data"
import_export_utilities.clean_all(client)
def test_export_subject_object_action():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(SUBJECTS_OBJECTS_ACTIONS))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
type_elements = ["subject", "object", "action"]
for type_element in type_elements:
key = type_element + "s"
assert key in data["content"]
assert isinstance(data["content"][key], list)
assert len(data["content"][key]) == 1
element = data["content"][key][0]
if type_element == "subject":
assert element["name"] == "testuser"
else:
assert element["name"] == "test "+ type_element
assert element["description"] == "description of the " + type_element
assert "policies" in element
assert isinstance(element["policies"], list)
assert len(element["policies"]) == 1
assert isinstance(element["policies"][0], dict)
assert element["policies"][0]["name"] == "test policy"
assert isinstance(element["extra"], dict)
key_dict = "field_extra_" + type_element
value_dict = "value extra " + type_element
assert key_dict in element["extra"]
assert element["extra"][key_dict] == value_dict
def test_import_meta_rules():
client = utilities.register_client()
import_export_utilities.clean_all(client)
# import some categories
req = client.post("/import",
content_type='application/json',
data=json.dumps(PRE_META_RULES))
data = utilities.get_json(req.data)
assert data == "Import ok !"
counter = -1
for meta_rule in META_RULES:
counter = counter + 1
req = client.post("/import",
content_type='application/json',
data=json.dumps(meta_rule))
if counter != 3:
assert req.status_code == 500
continue
else:
data = utilities.get_json(req.data)
assert data == "Import ok !"
assert req.status_code == 200
req, meta_rules = test_meta_rules.get_meta_rules(client)
meta_rules = meta_rules["meta_rules"]
key = list(meta_rules.keys())[0]
assert isinstance(meta_rules, dict)
assert meta_rules[key]["name"] == "good meta rule"
assert meta_rules[key]["description"] == "valid meta rule"
assert len(meta_rules[key]["subject_categories"]) == 1
assert len(meta_rules[key]["object_categories"]) == 1
assert len(meta_rules[key]["action_categories"]) == 1
subject_category_key = meta_rules[key]["subject_categories"][0]
object_category_key = meta_rules[key]["object_categories"][0]
action_category_key = meta_rules[key]["action_categories"][0]
req, sub_cat = test_categories.get_subject_categories(client)
sub_cat = sub_cat["subject_categories"]
assert sub_cat[subject_category_key][
"name"] == "test subject categories"
req, ob_cat = test_categories.get_object_categories(client)
ob_cat = ob_cat["object_categories"]
assert ob_cat[object_category_key]["name"] == "test object categories"
req, ac_cat = test_categories.get_action_categories(client)
ac_cat = ac_cat["action_categories"]
assert ac_cat[action_category_key]["name"] == "test action categories"
import_export_utilities.clean_all(client)
def test_import_policies():
client = utilities.register_client()
import_export_utilities.clean_all(client)
counter = -1
for policy_description in POLICIES:
counter = counter + 1
req = client.post("/import",
content_type='application/json',
data=json.dumps(policy_description))
try:
data = utilities.get_json(req.data)
assert data == "Import ok !"
except Exception:
assert counter == 2 # this is an expected failure
continue
req, policies = test_policies.get_policies(client)
policies = policies["policies"]
assert len(list(policies.keys())) == 1
values = list(policies.values())
assert values[0]["name"] == "test policy"
if counter < 3:
assert values[0]["genre"] == "authz"
assert values[0]["description"] == "description"
else:
assert values[0]["genre"] == "not authz ?"
assert values[0]["description"] == "changes taken into account"
assert len(values[0]["model_id"]) > 0
import_export_utilities.clean_all(client)
def test_import_rules():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import",
content_type='application/json',
data=json.dumps(PRE_ASSIGNMENTS))
data = utilities.get_json(req.data)
assert data == "Import ok !"
counter = -1
for rule in RULES:
counter = counter + 1
req = client.post("/import",
content_type='application/json',
data=json.dumps(rule))
if counter < 5:
assert req.status_code == 500
continue
assert req.status_code == 200
req, rules = test_rules.test_get_rules()
rules = rules["rules"]
rules = rules["rules"]
assert len(rules) == 1
rules = rules[0]
assert rules["enabled"]
assert rules["instructions"]["decision"] == "grant"
req, meta_rules = test_meta_rules.get_meta_rules(client)
assert meta_rules["meta_rules"][list(
meta_rules["meta_rules"].keys())[0]]["name"] == "good meta rule"
def test_perimeter_update_object_description_and_name():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data)
value1 = list(objects["objects"].values())[0]
perimeter_id = value1['id']
data = {
'name': value1['name'] + "update",
'description': value1['description'] + "update"
}
req = client.patch("/objects/{}".format(perimeter_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
objects = utilities.get_json(req.data)
value2 = list(objects["objects"].values())[0]
assert req.status_code == 200
assert value1['name'] + 'update' == value2['name']
assert value1['id'] == value2['id']
assert value1['description'] + 'update' == value2['description']
def add_actions(client, name, policy_id=None, data=None, perimeter_id=None):
if not policy_id:
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy(
subject_category_name="subject_category1" + uuid4().hex,
object_category_name="object_category1" + uuid4().hex,
action_category_name="action_category1" + uuid4().hex,
meta_rule_name="meta_rule_1" + uuid4().hex,
model_name="model1" + uuid4().hex)
if not data:
data = {
"name": name + uuid4().hex,
"description": "description of {}".format(name),
}
if not perimeter_id:
req = client.post("/policies/{}/actions/".format(policy_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
else:
req = client.post("/policies/{}/actions/{}".format(
policy_id, perimeter_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
actions = utilities.get_json(req.data)
return req, actions
def get_actions(client):
req = client.get("/actions")
assert req.status_code == 200
actions = utilities.get_json(req.data)
assert isinstance(actions, dict)
assert "actions" in actions
return actions
def test_import_subject_object_action_categories():
client = utilities.register_client()
type_elements = ["subject", "object", "action"]
for type_element in type_elements:
import_export_utilities.clean_all(client)
counter = -1
# set the getters and the comparison values
if type_element == "subject":
elements = SUBJECT_CATEGORIES
get_method = test_categories.get_subject_categories
elif type_element == "object":
elements = OBJECT_CATEGORIES
get_method = test_categories.get_object_categories
else:
elements = ACTION_CATEGORIES
get_method = test_categories.get_action_categories
for element in elements:
req = client.post("/import",
content_type='application/json',
data=json.dumps(element))
counter = counter + 1
data = utilities.get_json(req.data)
assert data == "Import ok !"
req, get_elements = get_method(client)
get_elements = get_elements[type_element + "_categories"]
assert len(list(get_elements.keys())) == 1
values = list(get_elements.values())
assert values[0]["name"] == "test " + type_element + " categories"
assert values[0][
"description"] == type_element + " category description"
def get_subjects(client):
req = client.get("/subjects")
assert req.status_code == 200
subjects = utilities.get_json(req.data)
assert isinstance(subjects, dict)
assert "subjects" in subjects
return subjects
def test_update_policies_with_blank_model():
policy_name = "testuser" + uuid4().hex
client = utilities.register_client()
req = model_helper.add_model(model_id="mls_model_id" + uuid4().hex)
model_id = list(req.keys())[0]
data = {
"name": policy_name,
"description": "description of {}".format(policy_name),
"model_id": model_id,
"genre": "genre"
}
req = client.post("/policies/", data=json.dumps(data),
headers={'Content-Type': 'application/json'})
policy_id = next(iter(utilities.get_json(req.data)['policies']))
data = {
"name": policy_name,
"description": "description of {}".format(policy_name),
"model_id": "",
"genre": "genre"
}
req = client.patch("/policies/{}".format(policy_id), data=json.dumps(data),
headers={'Content-Type': 'application/json'})
assert req.status_code == 200
def get_objects(client):
req = client.get("/objects")
assert req.status_code == 200
objects = utilities.get_json(req.data)
assert isinstance(objects, dict)
assert "objects" in objects
return objects
def update_meta_rules(client, name, metaRuleId, data=None):
if not data:
subject_category = category_helper.add_subject_category(
value={
"name": "subject category name update" + uuid4().hex,
"description": "description 1"
})
subject_category_id = list(subject_category.keys())[0]
object_category = category_helper.add_object_category(
value={
"name": "object category name update" + uuid4().hex,
"description": "description 1"
})
object_category_id = list(object_category.keys())[0]
action_category = category_helper.add_action_category(
value={
"name": "action category name update" + uuid4().hex,
"description": "description 1"
})
action_category_id = list(action_category.keys())[0]
data = {
"name": name,
"subject_categories": [subject_category_id],
"object_categories": [object_category_id],
"action_categories": [action_category_id]
}
req = client.patch("/meta_rules/{}".format(metaRuleId),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
meta_rules = utilities.get_json(req.data)
return req, meta_rules
def add_object_categories(client, name):
data = {"name": name, "description": "description of {}".format(name)}
req = client.post("/object_categories",
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
object_categories = utilities.get_json(req.data)
return req, object_categories
def add_subject_assignment_without_cat_id(client):
data = {"id": "subject_id", "category_id": "", "data_id": "data_id"}
req = client.post("/policies/{}/subject_assignments".format("1111"),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
subject_assignment = utilities.get_json(req.data)
return req, subject_assignment
def get_object_data(client, policy_id, category_id=None):
if category_id is None:
req = client.get("/policies/{}/object_data".format(policy_id))
else:
req = client.get("/policies/{}/object_data/{}".format(
policy_id, category_id))
object_data = utilities.get_json(req.data)
return req, object_data
def add_models(client, name):
data = {
"name": name,
"description": "description of {}".format(name),
"meta_rules": ["meta_rule_id1", "meta_rule_id2"]
}
req = client.post("/models",
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
models = utilities.get_json(req.data)
return req, models
def test_export_subject_object_action_categories():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(SUBJECT_OBJECT_ACTION_CATEGORIES))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
type_elements = ["subject", "object", "action"]
for type_element in type_elements:
key = type_element + "_categories"
assert key in data["content"]
assert isinstance(data["content"][key], list)
assert len(data["content"][key]) == 1
category = data["content"][key][0]
assert category["name"] == "test " + type_element + " categories"
assert category["description"] == type_element + " category description"
def test_export_models():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(MODEL_WITHOUT_META_RULES))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
assert "models" in data["content"]
assert isinstance(data["content"]["models"], list)
assert len(data["content"]["models"]) == 1
model = data["content"]["models"][0]
assert model["name"] == "test model"
assert model["description"] == "model description"
assert isinstance(model["meta_rules"], list)
assert len(model["meta_rules"]) == 0
def update_meta_rules_without_subject_category_ids(client, name):
data = {
"name": name,
"subject_categories": [],
"object_categories": ["object_category_id1"],
"action_categories": ["action_category_id1"]
}
req = client.post("/meta_rules",
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
meta_rules = utilities.get_json(req.data)
return req, meta_rules
def update_model_without_meta_rules_ids(client, model_id):
name = "model_id" + uuid4().hex
data = {
"name": name,
"description": "description of {}".format(name),
"meta_rules": []
}
req = client.patch("/models/{}".format(model_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
models = utilities.get_json(req.data)
return req, models
def add_policies(client, name):
data = {
"name": name,
"description": "description of {}".format(name),
"model_id": "modelId",
"genre": "genre"
}
req = client.post("/policies",
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
policies = utilities.get_json(req.data)
return req, policies
def add_rules_without_rule(client, policy_id):
data = {
"meta_rule_id": "meta_rule_id1",
"instructions": ({
"decision": "grant"
}, ),
"enabled": True
}
req = client.post("/policies/{}/rules".format(policy_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
rules = utilities.get_json(req.data)
return req, rules
def test_update_policy_name_with_existed_one():
policy_name1 = "testuser" + uuid4().hex
client = utilities.register_client()
req = model_helper.add_model(model_id="mls_model_id" + uuid4().hex)
model_id = list(req.keys())[0]
data = {
"name": policy_name1,
"description": "description of {}".format(policy_name1),
"model_id": model_id,
"genre": "genre"
}
req = client.post("/policies/", data=json.dumps(data),
headers={'Content-Type': 'application/json'})
policy_id1 = next(iter(utilities.get_json(req.data)['policies']))
policy_name2 = "testuser" + uuid4().hex
client = utilities.register_client()
req = model_helper.add_model(model_id="mls_model_id" + uuid4().hex)
model_id = list(req.keys())[0]
data = {
"name": policy_name2,
"description": "description of {}".format(policy_name2),
"model_id": model_id,
"genre": "genre"
}
req = client.post("/policies/", data=json.dumps(data),
headers={'Content-Type': 'application/json'})
policy_id2 = next(iter(utilities.get_json(req.data)['policies']))
data = {
"name": policy_name1,
"description": "description of {}".format(policy_name1),
"model_id": model_id,
"genre": "genre"
}
req = client.patch("/policies/{}".format(policy_id2), data=json.dumps(data),
headers={'Content-Type': 'application/json'})
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def add_subject_data(client, name):
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy(
subject_category_name="subject_category1" + uuid4().hex,
object_category_name="object_category1" + uuid4().hex,
action_category_name="action_category1" + uuid4().hex,
meta_rule_name="meta_rule_1" + uuid4().hex)
data = {"name": name, "description": "description of {}".format(name)}
req = client.post("/policies/{}/subject_data/{}".format(
policy_id, subject_category_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
subject_data = utilities.get_json(req.data)
return req, subject_data
def add_policies(client, name):
req = model_helper.add_model(model_id="mls_model_id" + uuid4().hex)
model_id = list(req.keys())[0]
data = {
"name": name,
"description": "description of {}".format(name),
"model_id": model_id,
"genre": "genre"
}
req = client.post("/policies", data=json.dumps(data),
headers={'Content-Type': 'application/json'})
policies = utilities.get_json(req.data)
return req, policies
def test_update_policies_connected_to_rules_with_blank_model():
client = utilities.register_client()
req, rules, policy_id = data_builder.add_rules(client)
req = client.get("/policies")
data = utilities.get_json(req.data)
for policy_obj_id in data['policies']:
if policy_obj_id == policy_id:
policy = data['policies'][policy_obj_id]
policy['model_id'] = ''
req = client.patch("/policies/{}".format(policy_id), data=json.dumps(policy),
headers={'Content-Type': 'application/json'})
assert req.status_code == 400
assert json.loads(req.data)["message"] == '400: Policy update error'
def test_export_rules():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(RULES))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
assert "rules" in data["content"]
assert isinstance(data["content"]["rules"], list)
assert len(data["content"]["rules"]) == 1
rule = data["content"]["rules"][0]
assert "instructions" in rule
assert "decision" in rule["instructions"]
assert rule["instructions"]["decision"] == "grant"
assert "enabled" in rule
assert rule["enabled"]
assert "meta_rule" in rule
assert rule["meta_rule"]["name"] == "meta rule"
assert "policy" in rule
assert rule["policy"]["name"] == "test policy"
assert "rule" in rule
rule = rule["rule"]
assert "subject_data" in rule
assert isinstance(rule["subject_data"], list)
assert len(rule["subject_data"]) == 1
assert rule["subject_data"][0]["name"] == "test subject data"
assert "object_data" in rule
assert isinstance(rule["object_data"], list)
assert len(rule["object_data"]) == 1
assert rule["object_data"][0]["name"] == "test object data"
assert "action_data" in rule
assert isinstance(rule["action_data"], list)
assert len(rule["action_data"]) == 1
assert rule["action_data"][0]["name"] == "test action data"
def test_export_policies():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(POLICIES))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
assert "policies" in data["content"]
assert isinstance(data["content"]["policies"], list)
assert len(data["content"]["policies"]) == 1
policy = data["content"]["policies"][0]
assert policy["name"] == "test policy"
assert policy["genre"] == "authz"
assert policy["description"] == "policy description"
assert "model" in policy
assert "name" in policy["model"]
model = policy["model"]
assert model["name"] == "test model"
def update_meta_rules(client, name, metaRuleId):
data = {
"name":
name,
"subject_categories":
["subject_category_id1_update", "subject_category_id2_update"],
"object_categories": ["object_category_id1_update"],
"action_categories": ["action_category_id1_update"]
}
req = client.patch("/meta_rules/{}".format(metaRuleId),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
meta_rules = utilities.get_json(req.data)
return req, meta_rules
