def test_to_policy():
policy_json = {
"uid": "a381fdd3-b73a-4858-a57b-94085628b0f1",
"description": "Block user 'Max' when ip in CIDR 192.168.1.0/24",
"rules": {
"subject": {
"$.name": {
"condition": "Equals",
"value": "Max"
}
},
"context": {
"$.ip": {
"condition": "Not",
"value": {
"condition": "CIDR",
"value": "192.168.1.0/24"
}
}
}
},
"targets": {
"subject_id": "user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"
},
"effect": "deny"
}
policy = Policy.from_json(policy_json)
model = PolicyModel.from_policy(policy)
new_policy = model.to_policy()
assert policy.uid == new_policy.uid
assert policy.description == new_policy.description
assert policy.priority == new_policy.priority
def test_get_aggregate_pipeline(subject_id, resource_id, action_id, pipeline):
returned_pipeline = PolicyModel.get_aggregate_pipeline(
subject_id, resource_id, action_id)
assert sorted(
returned_pipeline[0]['$match']['tags.action.id']['$in']) == sorted(
pipeline[0]['$match']['tags.action.id']['$in'])
assert sorted(
returned_pipeline[0]['$match']['tags.resource.id']['$in']) == sorted(
pipeline[0]['$match']['tags.resource.id']['$in'])
assert sorted(
returned_pipeline[0]['$match']['tags.subject.id']['$in']) == sorted(
pipeline[0]['$match']['tags.subject.id']['$in'])
assert sorted(returned_pipeline[1]['$match']['tags.action.id']['$not']
['$elemMatch']['$nin']) == sorted(
pipeline[1]['$match']['tags.action.id']['$not']
['$elemMatch']['$nin'])
assert sorted(returned_pipeline[1]['$match']['tags.resource.id']['$not']
['$elemMatch']['$nin']) == sorted(
pipeline[1]['$match']['tags.resource.id']['$not']
['$elemMatch']['$nin'])
assert sorted(returned_pipeline[1]['$match']['tags.subject.id']['$not']
['$elemMatch']['$nin']) == sorted(
pipeline[1]['$match']['tags.subject.id']['$not']
['$elemMatch']['$nin'])
def test_to_doc():
policy_json = {
"uid": "a381fdd3-b73a-4858-a57b-94085628b0f1",
"description": "Block user 'Max' when ip in CIDR 192.168.1.0/24",
"rules": {
"subject": {
"$.name": {
"condition": "Equals",
"value": "Max"
}
},
"context": {
"$.ip": {
"condition": "Not",
"value": {
"condition": "CIDR",
"value": "192.168.1.0/24"
}
}
}
},
"targets": {
"subject_id": "user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"
},
"effect": "deny"
}
policy = Policy.from_json(policy_json)
policy_doc = {
"_id": policy.uid,
"policy_str": json.dumps(policy.to_json()),
"tags": {}
}
model = PolicyModel.from_doc(policy_doc)
new_policy_doc = model.to_doc()
assert policy_doc == new_policy_doc
def test_from_policy():
policy_json = {
"uid": "a381fdd3-b73a-4858-a57b-94085628b0f1",
"description": "Block user 'Max' when ip in CIDR 192.168.1.0/24",
"rules": {
"subject": {
"$.name": {
"condition": "Equals",
"value": "Max"
}
},
"context": {
"$.ip": {
"condition": "Not",
"value": {
"condition": "CIDR",
"value": "192.168.1.0/24"
}
}
}
},
"targets": {
"subject_id": "user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"
},
"effect": "deny"
}
policy = Policy.from_json(policy_json)
model = PolicyModel.from_policy(policy)
assert isinstance(model, PolicyModel)
assert isinstance(model.policy_str, str)
assert isinstance(model._id, str)
assert isinstance(model.tags, dict)
assert model.policy_str == json.dumps(policy.to_json())
assert model._id == policy.uid
assert model.tags == {
"subject": [{
"id": ["user::b90b2998-9e1b-4ac5-a743-b060b2634dbb"]
}],
"resource": [{
"id": ["*"]
}],
"action": [{
"id": ["*"]
}]
}
def test__targets_to_tags(policy_json, tags):
policy = Policy.from_json(policy_json)
assert PolicyModel._targets_to_tags(policy.targets) == tags
