def test_multi_action_request():
s = Subject("user", "tom")
a = Action("edit")
actions = [a]
r = Resource("bk_paas", "app", "bk-test", {})
rs = [r]
# invalid
isubject = Subject(1, "tom")
iaction = Action(1)
iactions = [iaction]
iresource = Resource("", "app", "bk-test", {})
iresources = [iresource]
with pytest.raises(TypeError):
MultiActionRequest(1, s, actions, rs, None).validate()
with pytest.raises(TypeError):
MultiActionRequest("bk_paas", 1, actions, rs, None).validate()
with pytest.raises(TypeError):
MultiActionRequest("bk_paas", s, 1, rs, None).validate()
with pytest.raises(TypeError):
MultiActionRequest("bk_paas", s, actions, 1, None).validate()
with pytest.raises(TypeError):
MultiActionRequest("bk_paas", s, actions, rs, [1, 2]).validate()
with pytest.raises(ValueError):
MultiActionRequest("", s, actions, rs, None).validate()
with pytest.raises(ValueError):
MultiActionRequest("bk_paas", isubject, actions, rs, None).validate()
with pytest.raises(ValueError):
MultiActionRequest("bk_paas", s, iactions, rs, None).validate()
with pytest.raises(ValueError):
MultiActionRequest("bk_paas", s, actions, iresources, None).validate()
r = MultiActionRequest("bk_paas", s, actions, rs, None)
assert r.system == "bk_paas"
assert r.subject == s
assert r.actions == actions
assert r.resources == rs
assert r.environment is None
assert r.to_dict()["system"] == "bk_paas"
def test_resource_multi_actions_allowed():
# any
data = [{"condition": {"field": "flow.id", "value": [], "op": "any"}, "action": {"id": "flow_edit"}},
{"condition": {"field": "flow.id", "value": [], "op": "any"}, "action": {"id": "flow_view"}},
{"condition": None, "action": {"id": "flow_delete"}}]
with patch.object(IAM, "_do_policy_query_by_actions", return_value=data):
subject = Subject("user", "admin")
action1 = Action("flow_edit")
action2 = Action("flow_view")
action3 = Action("flow_delete")
resource1 = Resource("bk_sops", "flow", "1", {})
r = MultiActionRequest(
"bk_sops",
subject,
[action1, action2, action3],
[resource1],
None
)
iam = new_mock_iam()
result = iam.resource_multi_actions_allowed(r)
# {'flow_edit': True, 'flow_view': True, 'flow_delete': False}
assert "flow_edit" in result and result["flow_edit"]
assert "flow_view" in result and result["flow_view"]
assert "flow_delete" in result and (not result["flow_delete"])
def test_subject():
with pytest.raises(TypeError):
Subject(1, "id").validate()
with pytest.raises(TypeError):
Subject("1", 2).validate()
with pytest.raises(ValueError):
Subject("", "1").validate()
with pytest.raises(ValueError):
Subject("1", "").validate()
s = Subject("host", "1")
assert s.type == "host"
assert s.to_dict()["type"] == "host"
assert s.id == "1"
assert s.to_dict()["id"] == "1"
with pytest.raises(AttributeError):
s.invalidattr = "aaa"
def test_iam_validate_request():
iam = new_mock_iam()
# invalid type
with pytest.raises(AuthInvalidRequest):
iam._validate_request(None)
with pytest.raises(AuthInvalidRequest):
iam._validate_request(1)
# invalid value
r = Request("test", "tom", "edit", [], {})
with pytest.raises(TypeError):
iam._validate_request(r)
r = Request("test", Subject("app", "abc"), Action("edit"), [], {})
assert iam._validate_request(r) is None
def test_iam_validate_multi_action_request():
iam = new_mock_iam()
# invalid type
with pytest.raises(AuthInvalidRequest):
iam._validate_multi_action_request(None)
with pytest.raises(AuthInvalidRequest):
iam._validate_multi_action_request(1)
r = MultiActionRequest("test", "tom", "edit", [], {})
with pytest.raises(TypeError):
iam._validate_multi_action_request(r)
subject = Subject("user", "admin")
action1 = Action("flow_edit")
r = MultiActionRequest("bk_sops", subject, [
action1,
], [], None)
assert iam._validate_multi_action_request(r) is None
def new_valid_request():
return Request("test", Subject("app", "abc"), Action("edit"), [], {})
def test_request():
s = Subject("user", "tom")
a = Action("edit")
r = Resource("bk_paas", "app", "bk-test", {})
rs = [r]
# invalid
isubject = Subject(1, "tom")
iaction = Action(1)
iresource = Resource("", "app", "bk-test", {})
iresources = [iresource]
with pytest.raises(TypeError):
Request(1, s, a, rs, None).validate()
with pytest.raises(TypeError):
Request("bk_paas", 1, a, rs, None).validate()
with pytest.raises(TypeError):
Request("bk_paas", s, 1, rs, None).validate()
with pytest.raises(TypeError):
Request("bk_paas", s, a, 1, None).validate()
with pytest.raises(TypeError):
Request("bk_paas", s, a, rs, [1, 2]).validate()
with pytest.raises(ValueError):
Request("", s, a, rs, None).validate()
# with pytest.raises(ValueError):
# Request("bk_paas", s, a, [], None).validate()
with pytest.raises(ValueError):
Request("bk_paas", isubject, a, rs, None).validate()
with pytest.raises(ValueError):
Request("bk_paas", s, iaction, rs, None).validate()
# with pytest.raises(ValueError):
# Request("bk_paas", s, a, [], None).validate()
with pytest.raises(ValueError):
Request("bk_paas", s, a, iresources, None).validate()
r = Request("bk_paas", s, a, rs, None)
assert r.system == "bk_paas"
assert r.subject == s
assert r.action == a
assert r.resources == rs
assert r.environment is None
assert r.to_dict()["system"] == "bk_paas"
# hash
r1 = Request(
"demo",
Subject("user", "tom"),
Action("access_developer_center"),
rs,
None,
)
r2 = Request(
"demo",
Subject("user", "tom"),
Action("access_developer_center"),
rs,
None,
)
r3 = Request(
"demo",
Subject("user", "tom1"),
Action("access_developer_center"),
rs,
None,
)
assert hash(r1) == hash(r1)
assert hash(r1) == hash(r2)
assert hash(r1) != hash(r3)
assert hash(r2) != hash(r3)