def test_make_data_policy_action(data_policy_actions_dict, tagger): action_type = data_policy_actions_dict[0]["type"] rules_config = data_policy_actions_dict[0]["rules"] rule1 = rules_config[0] rule1_conditions = rule1["exceptions"]["conditions"] rule1_iam_groups = rule1_conditions[0]["iam_groups"] rule2 = rules_config[1] rule2_conditions = rule2["exceptions"]["conditions"] rule2_iam_groups = (rule2_conditions[0]["iam_groups"] + rule2_conditions[1]["iam_groups"]) expected_action = pol.MaskingAction( type=action_type, rules=[ pol.PolicyRule( type=rule1["type"], exceptions=pol.make_policy_exceptions( iam_groups=rule1_iam_groups, operator=rule1["exceptions"]["operator"], ), config=pol.MaskingRuleConfig( fields=[ pol.ColumnTag( name=rule1["config"]["fields"]["tags"][0], hasLeafNodes=tagger.is_root_tag( rule1["config"]["fields"]["tags"][0]), ) ], maskingConfig=pol.MaskingConfig(type="Consistent Value"), ), ), pol.PolicyRule( type=rule2["type"], exceptions=pol.make_policy_exceptions( iam_groups=rule2_iam_groups, operator=rule2["exceptions"]["operator"], ), config=pol.MaskingRuleConfig( fields=[ pol.ColumnTag( name=rule2["config"]["fields"]["tags"][0], hasLeafNodes=tagger.is_root_tag( rule2["config"]["fields"]["tags"][0]), ), pol.ColumnTag( name=rule2["config"]["fields"]["tags"][1], hasLeafNodes=tagger.is_root_tag( rule2["config"]["fields"]["tags"][1]), ), ], maskingConfig=pol.MaskingConfig(type="Consistent Value"), ), ), ], ) action = pol.make_data_policy_action( action_type=action_type, rules_config=rules_config, tagger=tagger, ) assert action == expected_action
def test_make_policy_rule(data_policy_actions_dict, tagger): example_rule = data_policy_actions_dict[0]["rules"][0] rule_type = example_rule["type"] config_field_tags = example_rule["config"]["fields"]["tags"] exceptions_config = example_rule["exceptions"] iam_groups = exceptions_config["conditions"][0]["iam_groups"] operator = exceptions_config["operator"] expected_rule = pol.PolicyRule( type=rule_type, exceptions=pol.make_policy_exceptions(iam_groups=iam_groups, operator=operator), config=pol.MaskingRuleConfig( fields=[ pol.ColumnTag( name=config_field_tags[0], hasLeafNodes=tagger.is_root_tag(config_field_tags[0]), ) ], maskingConfig=pol.MaskingConfig(type="Consistent Value"), ), ) rule = pol.make_policy_rule( rule_type=rule_type, exceptions_config=exceptions_config, config_field_tags=config_field_tags, tagger=tagger, ) assert rule == expected_rule
def test_make_policy_exceptions(data_policy_actions_dict): conditions = data_policy_actions_dict[0]["rules"][0]["exceptions"]["conditions"] iam_groups = conditions[0]["iam_groups"] expected_exceptions = pol.PolicyExceptions( operator="and", conditions=[ pol.GroupCondition(group=pol.PolicyGroup(name="group1", iam="okta")) ], ) exceptions = pol.make_policy_exceptions(iam_groups=iam_groups, operator="and") assert exceptions == expected_exceptions
def test_make_subscription_policy_action(subscription_policy_actions_dict, tagger): exceptions_config = subscription_policy_actions_dict[0]["exceptions"] exception_conditions = exceptions_config["conditions"] iam_groups = exception_conditions[0]["iam_groups"] allow_discovery = subscription_policy_actions_dict[0]["allowDiscovery"] automatic_subscription = subscription_policy_actions_dict[0][ "automaticSubscription"] expected_action = pol.SubscriptionPolicyAction( type="subscription", subscriptionType="policy", allowDiscovery=False, automaticSubscription=True, exceptions=pol.make_policy_exceptions( iam_groups=iam_groups, operator=exceptions_config["operator"]), ) action = pol.make_subscription_policy_action(exceptions_config, allow_discovery, automatic_subscription, tagger) assert action == expected_action