def test_add_policies_with_same_name():
name = uuid4().hex
policy_name = name
client = utilities.register_client()
req, policies = add_policies(client, policy_name)
assert req.status_code == 200
assert isinstance(policies, dict)
value = list(policies["policies"].values())[0]
assert "policies" in policies
assert value['name'] == policy_name
assert value["description"] == "description of {}".format(policy_name)
client = utilities.register_client()
req, policies = add_policies(client, policy_name)
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_add_three_meta_rules_with_different_combination_but_similar_items():
client = utilities.register_client()
meta_rule_name1 = uuid4().hex
req, meta_rules = add_meta_rules(client, meta_rule_name1)
assert req.status_code == 200
for meta_rule_id in meta_rules['meta_rules']:
if meta_rules['meta_rules'][meta_rule_id]['name'] == meta_rule_name1:
data = meta_rules['meta_rules'][meta_rule_id]
break
meta_rule_name2 = uuid4().hex
req, meta_rules = add_meta_rules(client, meta_rule_name2)
for meta_rule_id in meta_rules['meta_rules']:
if meta_rules['meta_rules'][meta_rule_id]['name'] == meta_rule_name2:
data['subject_categories'] += meta_rules['meta_rules'][
meta_rule_id]['subject_categories']
data['object_categories'] += meta_rules['meta_rules'][
meta_rule_id]['object_categories']
data['action_categories'] += meta_rules['meta_rules'][
meta_rule_id]['action_categories']
break
data['name'] = uuid4().hex
req, meta_rules = add_meta_rules(client, name=data['name'], data=data)
assert req.status_code == 200
def test_get_subject_assignment():
client = utilities.register_client()
policy_id = builder.get_policy_id_with_subject_assignment()
req, subject_assignment = get_subject_assignment(client, policy_id)
assert req.status_code == 200
assert isinstance(subject_assignment, dict)
assert "subject_assignments" in subject_assignment
def test_add_model_with_name_contain_space():
clean_models()
client = utilities.register_client()
req, models = add_models(client, "test<br>user")
assert req.status_code == 400
assert json.loads(
req.data)["message"] == "Key: 'name', [Forbidden characters in string]"
def clean_models():
client = utilities.register_client()
req, models = get_models(client)
for key, value in models['models'].items():
print(key)
print(value)
client.delete("/models/{}".format(key))
def test_import_subject_object_action_categories():
client = utilities.register_client()
type_elements = ["subject", "object", "action"]
for type_element in type_elements:
import_export_utilities.clean_all(client)
counter = -1
# set the getters and the comparison values
if type_element == "subject":
elements = SUBJECT_CATEGORIES
get_method = test_categories.get_subject_categories
elif type_element == "object":
elements = OBJECT_CATEGORIES
get_method = test_categories.get_object_categories
else:
elements = ACTION_CATEGORIES
get_method = test_categories.get_action_categories
for element in elements:
req = client.post("/import",
content_type='application/json',
data=json.dumps(element))
counter = counter + 1
data = utilities.get_json(req.data)
assert data == "Import ok !"
req, get_elements = get_method(client)
get_elements = get_elements[type_element + "_categories"]
assert len(list(get_elements.keys())) == 1
values = list(get_elements.values())
assert values[0]["name"] == "test " + type_element + " categories"
assert values[0][
"description"] == type_element + " category description"
def test_export_subject_object_action():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(SUBJECTS_OBJECTS_ACTIONS))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
type_elements = ["subject", "object", "action"]
for type_element in type_elements:
key = type_element + "s"
assert key in data["content"]
assert isinstance(data["content"][key], list)
assert len(data["content"][key]) == 1
element = data["content"][key][0]
if type_element == "subject":
assert element["name"] == "testuser"
else:
assert element["name"] == "test "+ type_element
assert element["description"] == "description of the " + type_element
assert "policies" in element
assert isinstance(element["policies"], list)
assert len(element["policies"]) == 1
assert isinstance(element["policies"][0], dict)
assert element["policies"][0]["name"] == "test policy"
assert isinstance(element["extra"], dict)
key_dict = "field_extra_" + type_element
value_dict = "value extra " + type_element
assert key_dict in element["extra"]
assert element["extra"][key_dict] == value_dict
def test_get_subject_data():
policy_id = utilities.get_policy_id()
client = utilities.register_client()
req, subject_data = get_subject_data(client, policy_id)
assert req.status_code == 200
assert isinstance(subject_data, dict)
assert "subject_data" in subject_data
def test_get_action_data():
policy_id = utilities.get_policy_id()
client = utilities.register_client()
req, action_data = get_action_data(client, policy_id)
assert req.status_code == 200
assert isinstance(action_data, dict)
assert "action_data" in action_data
def test_perimeter_delete_object():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
object_id = builder.create_object(policy_id)
req = client.delete("/policies/{}/objects/{}".format(policy_id, object_id))
assert req.status_code == 200
def test_export_assignments():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import", content_type='application/json', data=json.dumps(ASSIGNMENTS))
data = utilities.get_json(req.data)
assert data == "Import ok !"
req = client.get("/export")
assert req.status_code == 200
data = utilities.get_json(req.data)
assert "content" in data
type_elements = ["subject", "object", "action"]
for type_element in type_elements:
key = type_element + "_assignments"
assert key in data["content"]
assert isinstance(data["content"][key], list)
assert len(data["content"][key]) == 1
assignment_elt = data["content"][key][0]
assert type_element in assignment_elt
assert isinstance(assignment_elt[type_element], dict)
if type_element == "subject":
assert assignment_elt[type_element]["name"] == "testuser"
else:
assert assignment_elt[type_element]["name"] == "test " + type_element + " e0"
assert "category" in assignment_elt
assert isinstance(assignment_elt["category"], dict)
assert assignment_elt["category"]["name"] == "test " + type_element + " categories"
assert "assignments" in assignment_elt
assert isinstance(assignment_elt["assignments"], list)
assert len(assignment_elt["assignments"]) == 1
assert assignment_elt["assignments"][0]["name"] == "test " + type_element + " data"
import_export_utilities.clean_all(client)
def test_perimeter_add_same_subject_perimeter_id_with_new_policy_id():
client = utilities.register_client()
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
name = "testuser"
perimeter_id = uuid4().hex
data = {
"name": name + uuid4().hex,
"description": "description of {}".format(name),
"password": "******".format(name),
"email": "{}@moon".format(name)
}
add_subjects(client,
policy_id1,
data['name'],
perimeter_id=perimeter_id,
data=data)
policies2 = policy_helper.add_policies()
policy_id2 = list(policies2.keys())[0]
req, subjects = add_subjects(client,
policy_id2,
data['name'],
perimeter_id=perimeter_id,
data=data)
value = list(subjects["subjects"].values())[0]
assert req.status_code == 200
assert value["name"]
assert value["email"]
assert len(value['policy_list']) == 2
assert policy_id1 in value['policy_list']
assert policy_id2 in value['policy_list']
def test_perimeter_update_object_name_with_existed_one():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data1 = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data1)
value1 = list(objects["objects"].values())[0]
name = 'testuser' + uuid4().hex
data2 = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data2)
value2 = list(objects["objects"].values())[0]
perimeter_id2 = value2['id']
data3 = {'name': value1['name']}
req = client.patch("/objects/{}".format(perimeter_id2),
data=json.dumps(data3),
headers={'Content-Type': 'application/json'})
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Object Existing'
def test_get_action_assignment():
policy_id = builder.get_policy_id_with_action_assignment()
client = utilities.register_client()
req, action_assignment = get_action_assignment(client, policy_id)
assert req.status_code == 200
assert isinstance(action_assignment, dict)
assert "action_assignments" in action_assignment
def test_perimeter_update_object_description_and_name():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, objects = add_objects(client,
'testuser',
policyId=policy_id1,
data=data)
value1 = list(objects["objects"].values())[0]
perimeter_id = value1['id']
data = {
'name': value1['name'] + "update",
'description': value1['description'] + "update"
}
req = client.patch("/objects/{}".format(perimeter_id),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
objects = utilities.get_json(req.data)
value2 = list(objects["objects"].values())[0]
assert req.status_code == 200
assert value1['name'] + 'update' == value2['name']
assert value1['id'] == value2['id']
assert value1['description'] + 'update' == value2['description']
def test_perimeter_add_same_subject_name_with_same_policy_id():
client = utilities.register_client()
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
perimeter_id = uuid4().hex
name = "testuser" + uuid4().hex
data = {
"name": name,
"description": "description of {}".format(name),
"password": "******".format(name),
"email": "{}@moon".format(name)
}
req, subjects = add_subjects(client,
policy_id1,
None,
perimeter_id=perimeter_id,
data=data)
value = list(subjects["subjects"].values())[0]
data = {
"name": value['name'],
"description": "description of {}".format(value['name']),
"password": "******".format(value['name']),
"email": "{}@moon".format(value['name'])
}
req, subjects = add_subjects(client, policy_id1, None, data=data)
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Policy Already Exists'
def test_perimeter_update_subject_wrong_id():
client = utilities.register_client()
name = 'testuser' + uuid4().hex
policies1 = policy_helper.add_policies()
policy_id1 = list(policies1.keys())[0]
data = {
"name": name,
"description": "description of {}".format('testuser'),
}
req, subjects = add_subjects(client,
policy_id=policy_id1,
name='testuser',
data=data)
value1 = list(subjects["subjects"].values())[0]
perimeter_id = value1['id']
data = {
'name': value1['name'] + "update",
'description': value1['description'] + "update"
}
req = client.patch("/subjects/{}".format(perimeter_id + "wrong"),
data=json.dumps(data),
headers={'Content-Type': 'application/json'})
assert req.status_code == 400
assert json.loads(
req.data)["message"] == '400: Perimeter content is invalid.'
def test_import_policies():
client = utilities.register_client()
import_export_utilities.clean_all(client)
counter = -1
for policy_description in POLICIES:
counter = counter + 1
req = client.post("/import",
content_type='application/json',
data=json.dumps(policy_description))
try:
data = utilities.get_json(req.data)
assert data == "Import ok !"
except Exception:
assert counter == 2 # this is an expected failure
continue
req, policies = test_policies.get_policies(client)
policies = policies["policies"]
assert len(list(policies.keys())) == 1
values = list(policies.values())
assert values[0]["name"] == "test policy"
if counter < 3:
assert values[0]["genre"] == "authz"
assert values[0]["description"] == "description"
else:
assert values[0]["genre"] == "not authz ?"
assert values[0]["description"] == "changes taken into account"
assert len(values[0]["model_id"]) > 0
import_export_utilities.clean_all(client)
def test_update_meta_rules_without_name():
client = utilities.register_client()
req_update = update_model(client, "<a></a>", "1234567")
assert req_update[0].status_code == 400
assert json.loads(
req_update[0].data
)["message"] == "Key: 'name', [Forbidden characters in string]"
def test_import_rules():
client = utilities.register_client()
import_export_utilities.clean_all(client)
req = client.post("/import",
content_type='application/json',
data=json.dumps(PRE_ASSIGNMENTS))
data = utilities.get_json(req.data)
assert data == "Import ok !"
counter = -1
for rule in RULES:
counter = counter + 1
req = client.post("/import",
content_type='application/json',
data=json.dumps(rule))
if counter < 5:
assert req.status_code == 500
continue
assert req.status_code == 200
req, rules = test_rules.test_get_rules()
rules = rules["rules"]
rules = rules["rules"]
assert len(rules) == 1
rules = rules[0]
assert rules["enabled"]
assert rules["instructions"]["decision"] == "grant"
req, meta_rules = test_meta_rules.get_meta_rules(client)
assert meta_rules["meta_rules"][list(
meta_rules["meta_rules"].keys())[0]]["name"] == "good meta rule"
def test_update_policies_with_blank_model():
policy_name = "testuser" + uuid4().hex
client = utilities.register_client()
req = model_helper.add_model(model_id="mls_model_id" + uuid4().hex)
model_id = list(req.keys())[0]
data = {
"name": policy_name,
"description": "description of {}".format(policy_name),
"model_id": model_id,
"genre": "genre"
}
req = client.post("/policies/", data=json.dumps(data),
headers={'Content-Type': 'application/json'})
policy_id = next(iter(utilities.get_json(req.data)['policies']))
data = {
"name": policy_name,
"description": "description of {}".format(policy_name),
"model_id": "",
"genre": "genre"
}
req = client.patch("/policies/{}".format(policy_id), data=json.dumps(data),
headers={'Content-Type': 'application/json'})
assert req.status_code == 200
def test_update_meta_rules():
client = utilities.register_client()
req = add_meta_rules(client, "testuser")
meta_rule_id = list(req[1]['meta_rules'])[0]
req_update = update_meta_rules(client, "testuser", meta_rule_id)
assert req_update[0].status_code == 200
delete_meta_rules(client, "testuser")
get_meta_rules(client)
def test_delete_policy_with_dependencies_subject_data():
client = utilities.register_client()
req, rules, policy_id = data_builder.add_rules(client)
req = client.delete("/policies/{}/rules/{}".format(policy_id, next(iter(rules['rules']))))
assert req.status_code == 200
req = client.delete("/policies/{}".format(policy_id))
assert req.status_code == 400
assert json.loads(req.data)["message"] == '400: Policy With Data Error'
def test_delete_policies():
client = utilities.register_client()
policy = policy_helper.add_policies()
policy_id = list(policy.keys())[0]
req = client.delete("/policies/{}".format(policy_id))
assert req.status_code == 200
def test_delete_subject_data():
client = utilities.register_client()
subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy(
)
data_id = builder.create_subject_data(policy_id, subject_category_id)
success_req = delete_subject_data(client, policy_id, subject_category_id,
data_id)
assert success_req.status_code == 200
def test_add_subject_categories_with_existed_name():
client = utilities.register_client()
name = uuid4().hex
req, subject_categories = add_subject_categories(client, name)
assert req.status_code == 200
req, subject_categories = add_subject_categories(client, name)
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Subject Category Existing'
def test_update_model_with_empty_name():
clean_models()
client = utilities.register_client()
req = add_models(client, "testuser")
model_id = list(req[1]['models'])[0]
req_update = update_model(client, "", model_id)
assert req_update[0].status_code == 400
assert req_update[1]['message'] == '400: Model Unknown'
def test_get_rules():
policy_id = utilities.get_policy_id()
client = utilities.register_client()
req, rules = get_rules(client, policy_id)
assert req.status_code == 200
assert isinstance(rules, dict)
assert "rules" in rules
return req, rules
def test_add_meta_rule_with_existing_name_error():
client = utilities.register_client()
name = uuid4().hex
req, meta_rules = add_meta_rules(client, name)
assert req.status_code == 200
req, meta_rules = add_meta_rules(client, name)
assert req.status_code == 409
assert json.loads(req.data)["message"] == '409: Meta Rule Existing'
def test_perimeter_delete_subject():
client = utilities.register_client()
policies = policy_helper.add_policies()
policy_id = list(policies.keys())[0]
req, subjects = add_subjects(client, policy_id, "testuser")
subject_id = list(subjects["subjects"].values())[0]["id"]
req = client.delete("/policies/{}/subjects/{}".format(
policy_id, subject_id))
assert req.status_code == 200
