def test_pure_policies(self): xproto = \ """ policy my_policy < exists x:a=b > """ proto = \ """ option my_policy = "policy:< exists x:a=b >"; """ target = XProtoTestHelpers.write_tmp_target( """ {{ policies }} """) args_xproto = FakeArgs() args_xproto.inputs = xproto args_xproto.target = target xproto_gen = XOSGenerator.generate(args_xproto) args_proto = FakeArgs() args_proto.inputs = proto args_proto.target = target args_proto.rev = True proto_gen = XOSGenerator.generate(args_proto) self.assertEqual(proto_gen, xproto_gen)
def test_equal(self): xproto = \ """ policy output < not (ctx.user = obj.user) > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output) # This loads the generated function, which should look like this: """ def policy_output_validator(obj, ctx): i2 = (ctx.user == obj.user) i1 = (not i2) if (not i1): raise Exception('Necessary Failure') """ obj = FakeArgs() obj.user = 1 ctx = FakeArgs() ctx.user = 1 with self.assertRaises(Exception): policy_output_validator(obj, ctx)
def test_basic_proto(self): xtarget = XProtoTestHelpers.write_tmp_target("{{ proto }}") xproto = \ """ message Person { required string name = 1; required int32 id = 2; // Unique ID number for this person. optional string email = 3 [symphony = "da da da dum"]; enum PhoneType { MOBILE = 0; HOME = 1; WORK = 2; } required string number = 1; optional PhoneType type = 2; repeated PhoneNumber phones = 4; } """ args = FakeArgs() args.inputs = xproto args.target = xtarget output = XOSGenerator.generate(args) self.assertIn("PhoneNumber", output)
def test_user_policy(self): xproto = \ """ policy test_policy < ctx.user.is_admin | ctx.user.id = obj.id | (exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.permission = "role:admin" & Privilege.object_type = "Site" & Privilege.object_id = ctx.user.site.id) > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output) # This loads the generated function, which should look like this: """ def policy_output_enforcer(obj, ctx): i2 = ctx.user.is_admin i4 = (ctx.user.id == obj.id) i5 = Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(permission='role:admin'), Q(object_type='Site'), Q(object_id=ctx.user.site.id))[0] i3 = (i4 or i5) i1 = (i2 or i3) return i1 """ # FIXME: Test this policy by executing it self.assertTrue(policy_output_enforcer is not None)
def test_slice_name_validation(self): xproto = \ """ policy test_policy < not obj.id -> {{ obj.name.startswith(obj.site.login_base) }} > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) obj = FakeArgs() obj.isolation = 'container' obj.kind = 'not a container' exec( output ) # This loads the generated function, which should look like this: """ def policy_output_validator(obj, ctx): i3 = obj.id i4 = obj.name.startswith(obj.site.login_base) i2 = ((not i3) or i4) i1 = (not i2) if (not i1): raise ValidationError('Necessary Failure') """ with self.assertRaises(Exception): policy_output_validator(obj, {})
def test_field_graph(self): xproto = \ """ message VRouterDevice (PlCoreBase){ optional string name = 1 [help_text = "device friendly name", max_length = 20, null = True, db_index = False, blank = True, unique_with="openflow_id"]; required string openflow_id = 2 [help_text = "device identifier in ONOS", max_length = 20, null = False, db_index = False, blank = False, unique_with="name"]; required string config_key = 3 [default = "basic", max_length = 32, blank = False, help_text = "configuration key", null = False, db_index = False, unique_with="driver"]; required string driver = 4 [help_text = "driver type", max_length = 32, null = False, db_index = False, blank = False, unique_with="vrouter_service"]; required manytoone vrouter_service->VRouterService:devices = 5 [db_index = True, null = False, blank = False]; required string A = 6 [unique_with="B"]; required string B = 7 [unique_with="C"]; required string C = 8 [unique_with="A"]; required string D = 9; required string E = 10 [unique_with="F,G"]; required string F = 11; required string G = 12; } """ target = XProtoTestHelpers.write_tmp_target( """ {{ xproto_field_graph_components(proto.messages.0.fields) }} """) args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args) output = eval(output) self.assertIn({'A','B','C'}, output) self.assertIn({'openflow_id','name'}, output) self.assertIn({'config_key','vrouter_service','driver'}, output) self.assertIn({'E','F','G'}, output) union = reduce(lambda acc,x: acc | x, output) self.assertNotIn('D', union)
def test_call_policy_child_none(self): xproto = \ """ policy sub_policy < ctx.user = obj.user > policy output < *sub_policy(child) > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output, globals( )) # This loads the generated function, which should look like this: """ def sub_policy_security_check(obj, ctx): i1 = (ctx.user == obj.user) return i1 def output_security_check(obj, ctx): if obj.child: i1 = sub_policy_security_check(obj.child, ctx) else: i1 = True return i1 """ obj = FakeArgs() obj.child = None ctx = FakeArgs() ctx.user = 1
def test_instance_container(self): xproto = \ """ policy test_policy < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) obj = FakeArgs() obj.isolation = 'container' obj.kind = 'not a container' exec(output) # This loads the generated function, which should look like this: """ def policy_output_validator(obj, ctx): i4 = (obj.isolation == 'container') i5 = (self.isolation == 'container_vm') i2 = (i4 or i5) i3 = (obj.image.kind == 'container') i1 = (i2 or i3) return i1 """ with self.assertRaises(Exception): policy_output_validator(obj, {})
def test_slice_name_validation(self): xproto = \ """ policy test_policy < not obj.id -> {{ obj.name.startswith(obj.site.login_base) }} > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) obj = FakeArgs() obj.isolation = 'container' obj.kind = 'not a container' exec(output) # This loads the generated function, which should look like this: """ def policy_output_validator(obj, ctx): i3 = obj.id i4 = obj.name.startswith(obj.site.login_base) i2 = ((not i3) or i4) i1 = (not i2) if (not i1): raise ValidationError('Necessary Failure') """ with self.assertRaises(Exception): policy_output_validator(obj, {})
def test_one_to_many_in_modeldef(self): xproto = \ """ option app_label = "test"; message ServiceDependency { required manytoone provider_service->Service:provided_dependencies = 1; required manytoone subscriber_service->Service:subscribed_dependencies = 2; } message Service { required string name = 1; } """ args = FakeArgs() args.inputs = xproto args.target = 'modeldefs.xtarget' output = XOSProcessor.process(args) # Service deps model self.assertIn( '{model: Service, type: manytoone, on_field: provider_service}', output) self.assertIn( '{model: Service, type: manytoone, on_field: provider_service}', output) # Service model self.assertIn( '{model: ServiceDependency, type: onetomany, on_field: provider_service}', output) self.assertIn( '{model: ServiceDependency, type: onetomany, on_field: provider_service}', output)
def test_call_policy(self): xproto = \ """ policy sub_policy < ctx.user = obj.user > policy output < *sub_policy(child) > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output, globals( )) # This loads the generated function, which should look like this: """ def policy_sub_policy_enforcer(obj, ctx): i1 = (ctx.user == obj.user) return i1 def policy_output_enforcer(obj, ctx): i1 = policy_sub_policy_enforcer(obj.child, ctx) return i1 """ obj = FakeArgs() obj.child = FakeArgs() obj.child.user = 1 ctx = FakeArgs() ctx.user = 1 verdict = policy_output_enforcer(obj, ctx) self.assertTrue(verdict)
def test_singularize(self): proto = \ """ message TestSingularize { // The following field has an explicitly specified singular required int many = 1 [singular = "one"]; // The following fields have automatically computed singulars required int sheep = 2; required int radii = 2; required int slices = 2; required int networks = 2; required int omf_friendlies = 2; } """ target = XProtoTestHelpers.write_tmp_target( """ {% for m in proto.messages.0.fields -%} {{ xproto_singularize(m) }}, {%- endfor %} """) args = FakeArgs() args.inputs = proto args.target = target output = XOSGenerator.generate(args) self.assertEqual("one,sheep,radius,slice,network,omf_friendly", output.lstrip().rstrip().rstrip(','))
def test_pluralize(self): proto = \ """ message TestPluralize { // The following field has an explicitly specified plural required int anecdote = 1 [plural = "data"]; // The following fields have automatically computed plurals required int sheep = 2; required int radius = 2; required int slice = 2; required int network = 2; required int omf_friendly = 2; } """ target = XProtoTestHelpers.write_tmp_target(""" {% for m in proto.messages.0.fields -%} {{ xproto_pluralize(m) }}, {%- endfor %} """) args = FakeArgs() args.inputs = proto args.target = target output = XOSProcessor.process(args) self.assertEqual("data,sheep,radii,slices,networks,omf_friendlies", output.lstrip().rstrip().rstrip(','))
def test_singularize(self): proto = \ """ message TestSingularize { // The following field has an explicitly specified singular required int many = 1 [singular = "one"]; // The following fields have automatically computed singulars required int sheep = 2; required int radii = 2; required int slices = 2; required int networks = 2; required int omf_friendlies = 2; } """ target = XProtoTestHelpers.write_tmp_target(""" {% for m in proto.messages.0.fields -%} {{ xproto_singularize(m) }}, {%- endfor %} """) args = FakeArgs() args.inputs = proto args.target = target output = XOSProcessor.process(args) self.assertEqual("one,sheep,radius,slice,network,omf_friendly", output.lstrip().rstrip().rstrip(','))
def test_pluralize(self): proto = \ """ message TestPluralize { // The following field has an explicitly specified plural required int anecdote = 1 [plural = "data"]; // The following fields have automatically computed plurals required int sheep = 2; required int radius = 2; required int slice = 2; required int network = 2; required int omf_friendly = 2; } """ target = XProtoTestHelpers.write_tmp_target( """ {% for m in proto.messages.0.fields -%} {{ xproto_pluralize(m) }}, {%- endfor %} """) args = FakeArgs() args.inputs = proto args.target = target output = XOSGenerator.generate(args) self.assertEqual("data,sheep,radii,slices,networks,omf_friendlies", output.lstrip().rstrip().rstrip(','))
def test_bin(self): xproto = \ """ policy output < (ctx.is_admin = True | obj.empty = True) | False> """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output) # This loads the generated function, which should look like this: """ def policy_output_validator(obj, ctx): i2 = (ctx.is_admin == True) i3 = (obj.empty == True) i1 = (i2 or i3) if (not i1): raise Exception('Necessary Failure') """ obj = FakeArgs() obj.empty = False ctx = FakeArgs() ctx.is_admin = False with self.assertRaises(Exception): verdict = policy_output_validator(obj, ctx)
def test_call_policy(self): xproto = \ """ policy sub_policy < ctx.user = obj.user > policy output < *sub_policy(child) > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output,globals()) # This loads the generated function, which should look like this: """ def policy_sub_policy_enforcer(obj, ctx): i1 = (ctx.user == obj.user) return i1 def policy_output_enforcer(obj, ctx): i1 = policy_sub_policy_enforcer(obj.child, ctx) return i1 """ obj = FakeArgs() obj.child = FakeArgs() obj.child.user = 1 ctx = FakeArgs() ctx.user = 1 verdict = policy_output_enforcer(obj, ctx) self.assertTrue(verdict)
def test_equal(self): xproto = \ """ policy output < ctx.user = obj.user > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output) # This loads the generated function, which should look like this: """ def policy_output_enforcer(obj, ctx): i1 = (ctx.user == obj.user) return i1 """ obj = FakeArgs() obj.user = 1 ctx = FakeArgs() ctx.user = 1 verdict = policy_output_enforcer(obj, ctx)
def test_bin(self): xproto = \ """ policy output < ctx.is_admin = True | obj.empty = True> """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output) # This loads the generated function, which should look like this: """ def policy_output_enforcer(obj, ctx): i2 = (ctx.is_admin == True) i3 = (obj.empty == True) i1 = (i2 or i3) return i1 """ obj = FakeArgs() obj.empty = True ctx = FakeArgs() ctx.is_admin = True verdict = policy_output_enforcer(obj, ctx) self.assertTrue(verdict)
def test_equal(self): xproto = \ """ policy output < ctx.user = obj.user > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec( output ) # This loads the generated function, which should look like this: """ def output_security_check(obj, ctx): i1 = (ctx.user == obj.user) return i1 """ obj = FakeArgs() obj.user = 1 ctx = FakeArgs() ctx.user = 1 verdict = output_security_check(obj, ctx)
def test_one_to_many_in_modeldef(self): xproto = \ """ option app_label = "test"; message ServiceDependency { required manytoone provider_service->Service:provided_dependencies = 1; required manytoone subscriber_service->Service:subscribed_dependencies = 2; } message Service { required string name = 1; } """ args = FakeArgs() args.inputs = xproto args.target = 'modeldefs.xtarget' output = XOSGenerator.generate(args) # Service deps model self.assertIn('{model: Service, type: manytoone, on_field: provider_service}', output) self.assertIn('{model: Service, type: manytoone, on_field: provider_service}', output) # Service model self.assertIn('{model: ServiceDependency, type: onetomany, on_field: provider_service}', output) self.assertIn('{model: ServiceDependency, type: onetomany, on_field: provider_service}', output)
def test_package_fqn(self): args = FakeArgs() target = XProtoTestHelpers.write_tmp_target(""" {% for m in proto.messages %} {{ m.name }},{{ m.package }},{{ m.fqn }} {% endfor %} """) xproto =\ """ package xos.core; message Port (PlCoreBase,ParameterMixin) { required manytoone network->Network:links = 1 [db_index = True, null = False, blank = False]; optional manytoone instance->Instance:ports = 2 [db_index = True, null = True, blank = True]; optional string ip = 3 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", null = True, db_index = False]; optional string port_id = 4 [help_text = "Neutron port id", max_length = 256, null = True, db_index = False, blank = True]; optional string mac = 5 [help_text = "MAC address associated with this port", max_length = 256, null = True, db_index = False, blank = True]; required bool xos_created = 6 [default = False, null = False, db_index = False, blank = True]; } """ args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args) self.assertIn('Port,xos.core,xos.core.Port', output)
def test_instance_container(self): xproto = \ """ policy test_policy < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) obj = FakeArgs() obj.isolation = 'container' obj.kind = 'not a container' exec( output ) # This loads the generated function, which should look like this: """ def policy_output_validator(obj, ctx): i4 = (obj.isolation == 'container') i5 = (self.isolation == 'container_vm') i2 = (i4 or i5) i3 = (obj.image.kind == 'container') i1 = (i2 or i3) return i1 """ with self.assertRaises(Exception): policy_output_validator(obj, {})
def test_user_policy(self): xproto = \ """ policy test_policy < ctx.user.is_admin | ctx.user.id = obj.id | (exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.permission = "role:admin" & Privilege.object_type = "Site" & Privilege.object_id = ctx.user.site.id) > """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSProcessor.process(args) exec( output ) # This loads the generated function, which should look like this: """ def policy_output_enforcer(obj, ctx): i2 = ctx.user.is_admin i4 = (ctx.user.id == obj.id) i5 = Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(permission='role:admin'), Q(object_type='Site'), Q(object_id=ctx.user.site.id))[0] i3 = (i4 or i5) i1 = (i2 or i3) return i1 """ # FIXME: Test this policy by executing it self.assertTrue(policy_output_enforcer is not None)
def test_bin(self): xproto = \ """ policy output < ctx.is_admin = True | obj.empty = True> """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec( output ) # This loads the generated function, which should look like this: """ def output_security_check(obj, ctx): i2 = (ctx.is_admin == True) i3 = (obj.empty == True) i1 = (i2 or i3) return i1 """ obj = FakeArgs() obj.empty = True ctx = FakeArgs() ctx.is_admin = True verdict = output_security_check(obj, ctx) self.assertTrue(verdict)
def test_base_class_fields(self): target = XProtoTestHelpers.write_tmp_target( """ {% for m in proto.messages %} {{ m.name }} { {%- for b in m.bases %} {%- if proto.message_table[b.fqn] -%} {%- set model = proto.message_table[b.fqn] %} {% for f in model.fields %} {{ f.type }} {{ f.name }}; {% endfor %} {%- endif -%} {% endfor %} } {% endfor %} """) xproto =\ """ package xos.network; message Port (PlCoreBase,ParameterMixin){ required manytoone network->Network:links = 1 [db_index = True, null = False, blank = False]; optional manytoone instance->Instance:ports = 2 [db_index = True, null = True, blank = True]; optional string ip = 3 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", null = True, db_index = False]; optional string port_id = 4 [help_text = "Neutron port id", max_length = 256, null = True, db_index = False, blank = True]; optional string mac = 5 [help_text = "MAC address associated with this port", max_length = 256, null = True, db_index = False, blank = True]; required bool xos_created = 6 [default = False, null = False, db_index = False, blank = True]; } package xos.someotherpackage; message Instance (xos.network.Port){ optional string instance_id = 1 [max_length = 200, content_type = "stripped", blank = True, help_text = "Nova instance id", null = True, db_index = False]; optional string instance_uuid = 2 [max_length = 200, content_type = "stripped", blank = True, help_text = "Nova instance uuid", null = True, db_index = False]; required string name = 3 [max_length = 200, content_type = "stripped", blank = False, help_text = "Instance name", null = False, db_index = False]; optional string instance_name = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "OpenStack generated name", null = True, db_index = False]; optional string ip = 5 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", null = True, db_index = False]; required manytoone image->Image:instances = 6 [db_index = True, null = False, blank = False]; optional manytoone creator->User:instances = 7 [db_index = True, null = True, blank = True]; required manytoone slice->Slice:instances = 8 [db_index = True, null = False, blank = False]; required manytoone deployment->Deployment:instance_deployment = 9 [db_index = True, null = False, blank = False]; required manytoone node->Node:instances = 10 [db_index = True, null = False, blank = False]; required int32 numberCores = 11 [help_text = "Number of cores for instance", default = 0, null = False, db_index = False, blank = False]; required manytoone flavor->Flavor:instance = 12 [help_text = "Flavor of this instance", default = "get_default_flavor()", null = False, db_index = True, blank = False]; optional string userData = 13 [help_text = "user_data passed to instance during creation", null = True, db_index = False, blank = True]; required string isolation = 14 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, null = False, db_index = False]; optional string volumes = 15 [help_text = "Comma-separated list of directories to expose to parent context", null = True, db_index = False, blank = True]; optional manytoone parent->Instance:instance = 16 [help_text = "Parent Instance for containers nested inside of VMs", null = True, db_index = True, blank = True]; required manytomany tags->Tag = 17 [db_index = False, null = False, blank = True]; } """ args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args) self.assertIn('xos_created', output)
def test_xproto_model_to_oneof_key(self): """ [XOS-GenX] in some models we need to have a combine key on variable fields, for example, keys can be subscriber_service_id + oneof(provider_service_id, provider_network_id) """ xproto = \ """ option app_label = "test"; message Foo { option tosca_key = "key1, oneof(key_2, key_3)"; required string name = 1 [ null = "False", blank="False"]; required string key_1 = 2 [ null = "False", blank="False", tosca_key_one_of = "key_2"]; required string key_2 = 3 [ null = "False", blank="False", tosca_key_one_of = "key_1"]; required string key_3 = 4 [ null = "False", blank="False", tosca_key_one_of = "key_4"]; required string key_4 = 5 [ null = "False", blank="False", tosca_key_one_of = "key_3"]; } """ args = FakeArgs() args.inputs = xproto args.target = self.target_tosca_keys output = XOSGenerator.generate(args) self.assertIn("['name', ['key_4', 'key_3'], ['key_1', 'key_2']]", output) xproto = \ """ option app_label = "test"; message Foo { option tosca_key = "key1, oneof(key_2, key_3)"; required string name = 1 [ null = "False", blank="False"]; required manytoone key_1->Bar:key_1s = 2; required manytoone key_2->Bar:key_2s = 3 [tosca_key_one_of = "key_1"]; required manytoone key_3->Bar:key_3s = 4 [tosca_key_one_of = "key_1"]; } """ args.inputs = xproto output = XOSGenerator.generate(args) self.assertIn("['name', ['key_1_id', 'key_3_id', 'key_2_id']]", output)
def test_generator_custom_target_from_inputs(self): """ [XOS-GenX] Generate output from base.xproto """ args = FakeArgs() args.inputs = open(TEST_XPROTO).read() args.target = TEST_TARGET output = XOSGenerator.generate(args) self.assertEqual(output, TEST_EXPECTED_OUTPUT)
def test_xproto_lib(self): target = XProtoTestHelpers.write_tmp_target(""" {{ xproto_first_non_empty([None, None, None, None, None, None, "Eureka"]) }} """) args = FakeArgs() args.inputs = '' args.target = target output = XOSProcessor.process(args) self.assertIn("Eureka", output)
def test_xproto_lib(self): target = XProtoTestHelpers.write_tmp_target( """ {{ xproto_first_non_empty([None, None, None, None, None, None, "Eureka"]) }} """) args = FakeArgs() args.inputs = '' args.target = target output = XOSGenerator.generate(args) self.assertIn("Eureka", output)
def test_context(self): target = XProtoTestHelpers.write_tmp_target(""" {{ context.what }} """) args = FakeArgs() args.inputs = '' args.target = target args.kv = 'what:what is what' output = XOSProcessor.process(args) self.assertIn("what is what", output)
def test_slice_policy(self): xproto = \ """ policy site_policy < ctx.user.is_admin | (ctx.write_access -> exists Privilege: Privilege.object_type = "Site" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission_id = "role:admin") > policy test_policy < ctx.user.is_admin | (*site_policy(site) & ((exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Slice" & Privilege.object_id = obj.id & (ctx.write_access->Privilege.permission="role:admin")) | (exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Site" & Privilege.object_id = obj.site.id & Privilege.permission = "role:admin")) )> """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSProcessor.process(args) exec( output ) # This loads the generated function, which should look like this: """ def policy_output_enforcer(obj, ctx): i2 = ctx.user.is_admin i4 = policy_site_policy_enforcer(obj.site, ctx) i10 = ctx.write_access i11 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Slice'), Q(object_id=obj.id), Q(permission='role:admin')))) i8 = (i10 and i11) i14 = ctx.write_access i12 = (not i14) i13 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Slice'), Q(object_id=obj.id)))) i9 = (i12 and i13) i6 = (i8 or i9) i7 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Site'), Q(object_id=obj.site.id), Q(permission='role:admin')))) i5 = (i6 or i7) i3 = (i4 and i5) i1 = (i2 or i3) return i1 """ # FIXME: Test this policy by executing it self.assertTrue(policy_output_enforcer is not None)
def test_slice_policy(self): xproto = \ """ policy site_policy < ctx.user.is_admin | (ctx.write_access -> exists Privilege: Privilege.object_type = "Site" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission_id = "role:admin") > policy test_policy < ctx.user.is_admin | (*site_policy(site) & ((exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Slice" & Privilege.object_id = obj.id & (ctx.write_access->Privilege.permission="role:admin")) | (exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Site" & Privilege.object_id = obj.site.id & Privilege.permission = "role:admin")) )> """ args = FakeArgs() args.inputs = xproto args.target = self.target output = XOSGenerator.generate(args) exec(output) # This loads the generated function, which should look like this: """ def policy_output_enforcer(obj, ctx): i2 = ctx.user.is_admin i4 = policy_site_policy_enforcer(obj.site, ctx) i10 = ctx.write_access i11 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Slice'), Q(object_id=obj.id), Q(permission='role:admin')))) i8 = (i10 and i11) i14 = ctx.write_access i12 = (not i14) i13 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Slice'), Q(object_id=obj.id)))) i9 = (i12 and i13) i6 = (i8 or i9) i7 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Site'), Q(object_id=obj.site.id), Q(permission='role:admin')))) i5 = (i6 or i7) i3 = (i4 and i5) i1 = (i2 or i3) return i1 """ # FIXME: Test this policy by executing it self.assertTrue(policy_output_enforcer is not None)
def test_context(self): target = XProtoTestHelpers.write_tmp_target( """ {{ context.what }} """) args = FakeArgs() args.inputs = '' args.target = target args.kv='what:what is what' output = XOSGenerator.generate(args) self.assertIn("what is what", output)
def test_through_extensions(self): xtarget = XProtoTestHelpers.write_tmp_target("{{ proto.messages.0.links.0.through }}") xproto = \ """ message links { required manytomany vrouter_service->VRouterService/ServiceProxy:device_ports = 4 [db_index = True, null = False, blank = False]; } """ args = FakeArgs() args.inputs = xproto args.target = xtarget output = XOSGenerator.generate(args) self.assertIn("ServiceProxy", output)
def test_message_base(self): xtarget = XProtoTestHelpers.write_tmp_target("{{ proto.messages.0.bases }}") xproto = \ """ message base(Base) { } """ args = FakeArgs() args.inputs = xproto args.target = xtarget output = XOSGenerator.generate(args) self.assertIn("Base", output)
def test_file_methods(self): target = XProtoTestHelpers.write_tmp_target(""" {%% if file_exists("%s") %%} {{ include_file("%s") }} {%% endif %%} """ % (TEST_FILE, TEST_FILE)) args = FakeArgs() args.inputs = '' args.target = target args.attic = OUTPUT_DIR output = XOSProcessor.process(args) self.assertIn(TEST_OUTPUT, output)
def test_message_base(self): xtarget = XProtoTestHelpers.write_tmp_target( "{{ proto.messages.0.bases }}") xproto = \ """ message base(Base) { } """ args = FakeArgs() args.inputs = xproto args.target = xtarget output = XOSGenerator.generate(args) self.assertIn("Base", output)
def test_constant(self): xproto = \ """ policy true_policy < True > """ target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.true_policy }}") args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args).replace('t','T') self.assertTrue(eval(output))
def test_through_extensions(self): xtarget = XProtoTestHelpers.write_tmp_target( "{{ proto.messages.0.links.0.through }}") xproto = \ """ message links { required manytomany vrouter_service->VRouterService/ServiceProxy:device_ports = 4 [db_index = True, null = False, blank = False]; } """ args = FakeArgs() args.inputs = xproto args.target = xtarget output = XOSGenerator.generate(args) self.assertIn("ServiceProxy", output)
def test_policy_missing_function(self): xproto = \ """ policy slice_policy < exists Privilege: Privilege.object_id = obj.id > policy network_slice_policy < *slice_policyX(slice) > """ target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.network_slice_policy }} ") args = FakeArgs() args.inputs = xproto args.target = target with self.assertRaises(Exception): output = XOSGenerator.generate(args)
def test_not_static_options(self): xproto = \ """ option app_label = "test"; message Foo { required string name = 1 [ null = "False", blank="False"]; } """ args = FakeArgs() args.inputs = xproto args.target = 'modeldefs.xtarget' output = XOSGenerator.generate(args) self.assertNotIn("options:", output)
def test_file_methods(self): target = XProtoTestHelpers.write_tmp_target( """ {%% if file_exists("%s") %%} {{ include_file("%s") }} {%% endif %%} """%(TEST_FILE, TEST_FILE) ) args = FakeArgs() args.inputs = '' args.target = target args.attic = OUTPUT_DIR output = XOSGenerator.generate(args) self.assertIn(TEST_OUTPUT, output)
def test_not_default_value_in_modeldef(self): xproto = \ """ option app_label = "test"; message Foo { required string name = 1 [ null = "False", blank="False"]; } """ args = FakeArgs() args.inputs = xproto args.target = 'modeldefs.xtarget' output = XOSProcessor.process(args) self.assertNotIn('default:', output)
def test_global_options(self): xtarget = XProtoTestHelpers.write_tmp_target("{{ options }}") xproto = \ """ option kind = "vsg"; option verbose_name = "vSG Service"; """ args = FakeArgs() args.inputs = xproto args.target = xtarget output = XOSGenerator.generate(args) self.assertIn("vsg", output) self.assertIn("vSG Service", output)
def test_constant(self): xproto = \ """ policy true_policy < True > """ target = XProtoTestHelpers.write_tmp_target( "{{ proto.policies.true_policy }}") args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args).replace('t', 'T') self.assertTrue(eval(output))
def test_message_options(self): xtarget = XProtoTestHelpers.write_tmp_target("{{ proto.messages.0.options.type }}") xproto = \ """ message link { option type = "e1000"; } """ args = FakeArgs() args.inputs = xproto args.target = xtarget output = XOSGenerator.generate(args) self.assertIn("e1000", output) pass
def test_not_default_value_in_modeldef(self): xproto = \ """ option app_label = "test"; message Foo { required string name = 1 [ null = "False", blank="False"]; } """ args = FakeArgs() args.inputs = xproto args.target = 'modeldefs.xtarget' output = XOSGenerator.generate(args) self.assertNotIn('default:', output)
def test_policy_missing_function(self): xproto = \ """ policy slice_policy < exists Privilege: Privilege.object_id = obj.id > policy network_slice_policy < *slice_policyX(slice) > """ target = XProtoTestHelpers.write_tmp_target( "{{ proto.policies.network_slice_policy }} ") args = FakeArgs() args.inputs = xproto args.target = target with self.assertRaises(Exception): output = XOSGenerator.generate(args)
def test_static_options(self): xproto = \ """ option app_label = "test"; message Foo { required string name = 1 [ null = "False", blank="False"]; required string isolation = 14 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, null = False, db_index = False]; } """ args = FakeArgs() args.inputs = xproto args.target = 'modeldefs.xtarget' output = XOSGenerator.generate(args) self.assertIn("options:", output) self.assertIn(" {'id': 'container_vm', 'label': 'Container In VM'}", output)
def test_forall(self): # This one we only parse xproto = \ """ policy instance < forall Instance: exists Credential: Credential.obj_id = Instance.obj_id > """ target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.instance }}") args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args) (op, operands), = eval(output).items() self.assertEqual(op,'forall')
def test_policy_function(self): xproto = \ """ policy slice_policy < exists Privilege: Privilege.object_id = obj.id > policy network_slice_policy < *slice_policy(slice) > """ target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.network_slice_policy }} ") args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args) (op, operands), = eval(output).items() self.assertIn('slice_policy', operands) self.assertIn('slice', operands)
def test_gui_hidden_model_fields(self): xproto = \ """ option app_label = "test"; message Foo { required string name = 1 [ null = "False", blank="False"]; required string secret = 1 [ null = "False", blank="False", gui_hidden = "True"]; } """ args = FakeArgs() args.inputs = xproto args.target = 'modeldefs.xtarget' output = XOSGenerator.generate(args) yaml_ir = yaml.load(output) self.assertEqual(len(yaml_ir['items']), 1) self.assertIn('name', output) self.assertNotIn('secret', output)
def test_annotation(self): xproto = \ """ policy true_policy < True > message always::true_policy { required int still = 9; } """ target = XProtoTestHelpers.write_tmp_target("{{ proto.messages.0 }}") args = FakeArgs() args.inputs = xproto args.target = target output = XOSGenerator.generate(args) self.assertIn("true_policy", output)