def test_import_geofence_from_policy_does_not_require_name(self):
policy = ServiceSecurityPolicy()
self.assertEqual(len(policy.timefences), 0)
policy.set_policy(
{
'minimum_requirements': [],
'factors': [
{
'quickfail': False,
'priority': 1,
'requirement': 'forced requirement',
'attributes': {
'locations': [
{
'latitude': 36.15986241774762,
'longitude': -115.15869140624999,
'radius': 20700
}
]
},
'factor': 'geofence'
}
]
}
)
self.assertEqual(len(policy.geofences), 1)
geofence = policy.geofences[0]
self.assertIsNone(geofence.name)
self.assertEqual(geofence.latitude, 36.15986241774762)
self.assertEqual(geofence.longitude, -115.15869140624999)
self.assertEqual(geofence.radius, 20700)
def test_add_timefence_object(self):
policy = ServiceSecurityPolicy()
start_time = time(hour=12, minute=30, second=30)
end_time = time(hour=23, minute=45, second=45)
policy.add_timefence("Fence 1", start_time, end_time, monday=True, wednesday=True, sunday=True)
self.assertEqual(len(policy.timefences), 1)
timefence = policy.timefences[0]
self.assertIn("Monday", timefence.days)
self.assertTrue(timefence.monday)
self.assertNotIn("Tuesday", timefence.days)
self.assertFalse(timefence.tuesday)
self.assertIn("Wednesday", timefence.days)
self.assertTrue(timefence.wednesday)
self.assertNotIn("Thursday", timefence.days)
self.assertFalse(timefence.thursday)
self.assertNotIn("Friday", timefence.days)
self.assertFalse(timefence.friday)
self.assertNotIn("Saturday", timefence.days)
self.assertFalse(timefence.saturday)
self.assertIn("Sunday", timefence.days)
self.assertTrue(timefence.sunday)
self.assertEqual(timefence.start_time, start_time)
self.assertEqual(timefence.end_time, end_time)
self.assertEqual(timefence.timezone, "UTC")
def get_advanced_service_policy(self, service_id):
"""
Retrieves a Service's Security Policy
:param service_id: Unique Service ID
:raise: launchkey.exceptions.ServiceNotFound - No Service could be
found matching the input ID
:return: ConditionalGeoFencePolicy, FactorsPolicy, MethodAmountPolicy
or LegacyPolicy
:raises UnknownPolicyError: in the event an unrecognized policy type
is received
:raises InvalidFenceType: in the event an unrecognized fence type is
received
"""
response = self._transport.post("{}/policy/item".format(
self.__service_base_path[0:-1]),
self._subject,
service_id=str(service_id))
policy_data = self._validate_response(response.data,
ServiceSecurityPolicyValidator)
if policy_data["type"] == "COND_GEO":
inside = self.__process_nested_service_policy(
policy_data["inside"])
outside = self.__process_nested_service_policy(
policy_data["outside"])
policy = ConditionalGeoFencePolicy(
inside,
outside,
deny_rooted_jailbroken=policy_data["deny_rooted_jailbroken"],
deny_emulator_simulator=policy_data["deny_emulator_simulator"],
fences=self.__generate_fence_objects_from_policy(policy_data))
elif policy_data["type"] == "LEGACY":
ss_policy = ServiceSecurityPolicy()
ss_policy.set_policy(policy_data)
policy = self.__service_security_policy_to_legacy_policy(ss_policy)
elif policy_data["type"] == "METHOD_AMOUNT":
policy = MethodAmountPolicy(
deny_rooted_jailbroken=policy_data["deny_rooted_jailbroken"],
deny_emulator_simulator=policy_data["deny_emulator_simulator"],
fences=self.__generate_fence_objects_from_policy(policy_data),
amount=policy_data["amount"])
elif policy_data["type"] == "FACTORS":
policy = FactorsPolicy(
deny_rooted_jailbroken=policy_data["deny_rooted_jailbroken"],
deny_emulator_simulator=policy_data["deny_emulator_simulator"],
inherence_required="INHERENCE" in policy_data["factors"],
knowledge_required="KNOWLEDGE" in policy_data["factors"],
possession_required="POSSESSION" in policy_data["factors"],
fences=self.__generate_fence_objects_from_policy(policy_data))
else:
raise UnknownPolicyException(
"The Policy {0} was not a known Policy type".format(
policy_data["type"]))
return policy
def test_add_timefence_timezone(self):
policy = ServiceSecurityPolicy()
policy.add_timefence("A Fence", time(tzinfo=pytz.timezone("US/Pacific")),
time(tzinfo=pytz.timezone("US/Pacific")))
self.assertEqual(policy.timefences[0].timezone, "US/Pacific")
retrieved = policy.get_policy()
factor = retrieved['factors'][1] if \
retrieved['factors'][1]['factor'] == 'timefence' else retrieved['factors'][0]
self.assertEqual(factor['attributes']['time fences'][0]['timezone'], "US/Pacific")
def test_remove_timefence(self):
# Create a policy and add two time fences
policy = ServiceSecurityPolicy()
policy.add_timefence("my timefence", time(hour=10), time(hour=11))
policy.add_timefence("my timefence 2", time(hour=12), time(hour=13))
self.assertEqual(len(policy.timefences), 2)
retrieved = policy.get_policy()
factor = retrieved['factors'][1] if \
retrieved['factors'][1]['factor'] == 'timefence' else retrieved['factors'][0]
self.assertEqual(len(factor['attributes']['time fences']), 2)
# Remove the first time fence
policy.remove_timefence('my timefence')
self.assertEqual(len(policy.timefences), 1)
retrieved = policy.get_policy()
factor = retrieved['factors'][1] if \
retrieved['factors'][1]['factor'] == 'timefence' else retrieved['factors'][0]
# Verify the correct time fence was removed
self.assertEqual(len(factor['attributes']['time fences']), 1)
self.assertEqual(factor['attributes']['time fences'][0]['name'], "my timefence 2")
self.assertEqual(factor['attributes']['time fences'][0]['start hour'], 12)
self.assertEqual(factor['attributes']['time fences'][0]['end hour'], 13)
self.assertEqual(policy.timefences[0].name, "my timefence 2")
self.assertEqual(policy.timefences[0].start_time.hour, 12)
self.assertEqual(policy.timefences[0].end_time.hour, 13)
def __init__(self, organization_factory):
self.previous_service_policy = None
self.current_service_policy = ServiceSecurityPolicy()
super(
DirectoryServicePolicyManager,
self,
).__init__(organization_factory)
def test_set_service_policy_invalid_params(self):
self._transport.put.side_effect = LaunchKeyAPIException(
{
"error_code": "ARG-001",
"error_detail": ""
}, 400)
with self.assertRaises(InvalidParameters):
self._client.set_service_policy(ANY, ServiceSecurityPolicy())
def test_add_multiple_timefences(self):
policy = ServiceSecurityPolicy()
self.assertEqual(len(policy.timefences), 0)
start_time = time(hour=12, minute=30, second=30)
end_time = time(hour=23, minute=45, second=45)
policy.add_timefence("Fence 1",
start_time,
end_time,
monday=True,
wednesday=True,
sunday=True)
self.assertEqual(len(policy.timefences), 1)
retrieved = policy.get_policy()
self.assertEqual(len(retrieved['factors']), 2)
factor = retrieved['factors'][1] \
if retrieved['factors'][1]['factor'] == 'timefence' else retrieved['factors'][0]
self.assertEqual(factor['factor'], 'timefence')
self.assertEqual(len(factor['attributes']['time fences']), 1)
fence = factor['attributes']['time fences'][0]
self.assertEqual(fence['name'], "Fence 1")
self.assertEqual(fence['start hour'], 12)
self.assertEqual(fence['start minute'], 30)
self.assertEqual(fence['end hour'], 23)
self.assertEqual(fence['end minute'], 45)
self.assertEqual(fence['timezone'], "UTC")
self.assertIn('Monday', fence['days'])
self.assertIn('Wednesday', fence['days'])
self.assertIn('Sunday', fence['days'])
# Add a second timefence
start_time_2 = time(hour=20, minute=10, second=10)
end_time_2 = time(hour=22, minute=50, second=20)
policy.add_timefence("Fence 2",
start_time_2,
end_time_2,
tuesday=True,
thursday=True,
friday=True,
saturday=True)
self.assertEqual(len(policy.timefences), 2)
retrieved = policy.get_policy()
self.assertEqual(len(retrieved['factors']), 2)
factor = retrieved['factors'][1] \
if retrieved['factors'][1]['factor'] == 'timefence' else retrieved['factors'][0]
self.assertEqual(factor['factor'], 'timefence')
self.assertEqual(len(factor['attributes']['time fences']), 2)
fence = factor['attributes']['time fences'][1]
self.assertEqual(fence['name'], "Fence 2")
self.assertEqual(fence['start hour'], 20)
self.assertEqual(fence['start minute'], 10)
self.assertEqual(fence['end hour'], 22)
self.assertEqual(fence['end minute'], 50)
self.assertEqual(fence['timezone'], "UTC")
self.assertIn('Tuesday', fence['days'])
self.assertIn('Thursday', fence['days'])
self.assertIn('Friday', fence['days'])
self.assertIn('Saturday', fence['days'])
def test_add_geofence(self):
policy = ServiceSecurityPolicy()
latitude = MagicMock(spec=int)
longitude = MagicMock(spec=int)
radius = MagicMock(spec=int)
policy.add_geofence(latitude, longitude, radius, 'a fence')
retrieved = policy.get_policy()
self.assertEqual(len(retrieved['factors']), 2)
factor = retrieved['factors'][1] if retrieved['factors'][1]['factor'] == 'geofence' else retrieved['factors'][0]
self.assertEqual(factor['factor'], 'geofence')
self.assertEqual(len(factor['attributes']['locations']), 1)
location = factor['attributes']['locations'][0]
self.assertEqual(location['latitude'], float(latitude))
self.assertEqual(location['longitude'], float(longitude))
self.assertEqual(location['radius'], float(radius))
# Add a second geofence
latitude2 = MagicMock(spec=int)
longitude2 = MagicMock(spec=int)
radius2 = MagicMock(spec=int)
policy.add_geofence(latitude2, longitude2, radius2, 'another fence')
retrieved = policy.get_policy()
self.assertEqual(len(retrieved['factors']), 2)
factor = retrieved['factors'][1] if retrieved['factors'][1]['factor'] == 'geofence' else retrieved['factors'][0]
self.assertEqual(factor['factor'], 'geofence')
self.assertEqual(len(factor['attributes']['locations']), 2)
location = factor['attributes']['locations'][1]
self.assertEqual(location['latitude'], float(latitude2))
self.assertEqual(location['longitude'], float(longitude2))
self.assertEqual(location['radius'], float(radius2))
def test_import_timefence_from_policy(self):
policy = ServiceSecurityPolicy()
self.assertEqual(len(policy.timefences), 0)
policy.set_policy(
{
'minimum_requirements': [],
'factors': [
{
'quickfail': False,
'priority': 1,
'requirement': 'forced requirement',
'attributes': {
'time fences': [
{
'name': 'my timefence',
'days': ['Monday', 'Friday'],
'start minute': 0,
'start hour': 12,
'timezone': 'US/Pacific',
'end hour': 13,
'end minute': 0
}
]
},
'factor': 'timefence'
}
]
}
)
self.assertEqual(len(policy.timefences), 1)
timefence = policy.timefences[0]
self.assertTrue(timefence.monday)
self.assertFalse(timefence.tuesday)
self.assertFalse(timefence.wednesday)
self.assertFalse(timefence.thursday)
self.assertTrue(timefence.friday)
self.assertFalse(timefence.saturday)
self.assertFalse(timefence.sunday)
self.assertEqual(timefence.name, 'my timefence')
self.assertEqual(timefence.start_time, time(hour=12, minute=0, tzinfo=pytz.timezone("US/Pacific")))
self.assertEqual(timefence.end_time, time(hour=13, minute=0, tzinfo=pytz.timezone("US/Pacific")))
self.assertEqual(timefence.timezone, "US/Pacific")
def get_service_policy(self, service_id):
"""
NOTE: This method is being deprecated. Use
`get_advanced_service_policy` instead!
Retrieves a Service's Security Policy
:param service_id: Unique Service ID
:raise: launchkey.exceptions.ServiceNotFound - No Service could be
found matching the input ID
:return: launchkey.entities.service.ServiceSecurityPolicy object
containing policy details
:return: None if policy returned from `get_advanced_service_policy` is
not a legacy policy
"""
current_policy = self.get_advanced_service_policy(service_id)
if not isinstance(current_policy, LegacyPolicy):
warnings.warn("Policy received was not a legacy policy and cannot "
"be converted into a ServiceSecurityPolicy.",
category=DeprecationWarning)
return None
policy = ServiceSecurityPolicy(
any=current_policy.amount,
knowledge=current_policy.knowledge_required,
inherence=current_policy.inherence_required,
possession=current_policy.possession_required,
jailbreak_protection=current_policy.deny_rooted_jailbroken
)
for fence in current_policy.fences:
policy.add_geofence(
fence.latitude,
fence.longitude,
fence.radius,
name=fence.name
)
for fence in current_policy.time_restrictions:
policy.add_timefence(
fence.name,
fence.start_time,
fence.end_time,
monday=fence.monday,
tuesday=fence.tuesday,
wednesday=fence.wednesday,
thursday=fence.thursday,
friday=fence.friday,
saturday=fence.saturday,
sunday=fence.sunday
)
return policy
def test_add_multiple_timefences(self):
policy = ServiceSecurityPolicy()
self.assertEqual(len(policy.timefences), 0)
start_time = time(hour=12, minute=30, second=30)
end_time = time(hour=23, minute=45, second=45)
policy.add_timefence("Fence 1", start_time, end_time, monday=True, wednesday=True, sunday=True)
self.assertEqual(len(policy.timefences), 1)
retrieved = policy.get_policy()
self.assertEqual(len(retrieved['factors']), 2)
factor = retrieved['factors'][1] \
if retrieved['factors'][1]['factor'] == 'timefence' else retrieved['factors'][0]
self.assertEqual(factor['factor'], 'timefence')
self.assertEqual(len(factor['attributes']['time fences']), 1)
fence = factor['attributes']['time fences'][0]
self.assertEqual(fence['name'], "Fence 1")
self.assertEqual(fence['start hour'], 12)
self.assertEqual(fence['start minute'], 30)
self.assertEqual(fence['end hour'], 23)
self.assertEqual(fence['end minute'], 45)
self.assertEqual(fence['timezone'], "UTC")
self.assertIn('Monday', fence['days'])
self.assertIn('Wednesday', fence['days'])
self.assertIn('Sunday', fence['days'])
# Add a second timefence
start_time_2 = time(hour=20, minute=10, second=10)
end_time_2 = time(hour=22, minute=50, second=20)
policy.add_timefence("Fence 2", start_time_2, end_time_2, tuesday=True, thursday=True, friday=True,
saturday=True)
self.assertEqual(len(policy.timefences), 2)
retrieved = policy.get_policy()
self.assertEqual(len(retrieved['factors']), 2)
factor = retrieved['factors'][1] \
if retrieved['factors'][1]['factor'] == 'timefence' else retrieved['factors'][0]
self.assertEqual(factor['factor'], 'timefence')
self.assertEqual(len(factor['attributes']['time fences']), 2)
fence = factor['attributes']['time fences'][1]
self.assertEqual(fence['name'], "Fence 2")
self.assertEqual(fence['start hour'], 20)
self.assertEqual(fence['start minute'], 10)
self.assertEqual(fence['end hour'], 22)
self.assertEqual(fence['end minute'], 50)
self.assertEqual(fence['timezone'], "UTC")
self.assertIn('Tuesday', fence['days'])
self.assertIn('Thursday', fence['days'])
self.assertIn('Friday', fence['days'])
self.assertIn('Saturday', fence['days'])
def test_set_service_policy_success(self):
expected_service_id = 'expected-service-id'
self._client.set_service_policy(expected_service_id[:],
ServiceSecurityPolicy())
self._transport.put.assert_called_once_with(
self._expected_base_endpoint[0:-1] + '/policy',
self._expected_subject,
service_id=expected_service_id,
policy={
'minimum_requirements': [],
'factors': [{
'quickfail': False,
'priority': 1,
'requirement': 'forced requirement',
'attributes': {
'factor enabled': 0
},
'factor': 'device integrity'
}]
})
def test_add_duplicate_geofence_name(self):
policy = ServiceSecurityPolicy()
policy.add_geofence(1, 1, 1, 'a Fence')
with self.assertRaises(DuplicateGeoFenceName):
policy.add_geofence(2, 2, 2, 'A fence')
def test_remove_partially_invalid_timefence(self):
policy = ServiceSecurityPolicy()
policy.add_timefence("name", time(), time())
policy.timefences.pop()
with self.assertRaises(InvalidTimeFenceName):
policy.remove_timefence("name")
def test_remove_invalid_timefence_existing_timefence(self):
policy = ServiceSecurityPolicy()
policy.add_timefence("Existing Timefence", time(), time())
with self.assertRaises(InvalidTimeFenceName):
policy.remove_timefence("Nonexistent Timefence")
def test_remove_invalid_timefence_no_timefences(self):
policy = ServiceSecurityPolicy()
with self.assertRaises(InvalidTimeFenceName):
policy.remove_timefence("Nonexistent Timefence")
def test_set_service_policy_success(self):
self._client.set_service_policy(ANY, ServiceSecurityPolicy())
self._transport.put.assert_called_once()
def test_mismatched_time_zones(self):
policy = ServiceSecurityPolicy()
with self.assertRaises(MismatchedTimeFenceTimezones):
policy.add_timefence("A Fence", time(), time(tzinfo=pytz.timezone("US/Pacific")))
def test_invalid_end_time(self):
policy = ServiceSecurityPolicy()
with self.assertRaises(InvalidTimeFenceEndTime):
policy.add_timefence("A Fence", time(), "End Time")
def test_invalid_start_time(self):
policy = ServiceSecurityPolicy()
with self.assertRaises(InvalidTimeFenceStartTime):
policy.add_timefence("A Fence", 'Start Time', time())
def test_add_duplicate_timefence_name(self):
policy = ServiceSecurityPolicy()
policy.add_timefence("a Fence", time(), time())
with self.assertRaises(DuplicateTimeFenceName):
policy.add_timefence('A fence', time(), time())