def test_load_role_definition_validation_error(self): loader = RBACDefinitionsLoader() # Invalid permission which doesn't apply to the resource in question file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_one.yaml') expected_msg = 'Invalid permission type "rule_all" for resource type "action"' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_role_definition_from_file, file_path=file_path) # Invalid permission type which doesn't exist file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_two.yaml') expected_msg = '.*Failed validating \'enum\'.*' self.assertRaisesRegexp(jsonschema.ValidationError, expected_msg, loader.load_role_definition_from_file, file_path=file_path)
def test_load_role_definition_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/roles/role_three.yaml') role_definition_api = loader.load_role_definition_from_file(file_path=file_path) self.assertEqual(role_definition_api.name, 'role_three') self.assertTrue('all the pack permissions on pack dummy_pack_1' in role_definition_api.description) self.assertEqual(len(role_definition_api.permission_grants), 4) self.assertEqual(role_definition_api.permission_grants[0]['resource_uid'], 'pack:dummy_pack_1') self.assertEqual(role_definition_api.permission_grants[1]['resource_uid'], 'pack:dummy_pack_2') self.assertTrue('rule_view' in role_definition_api.permission_grants[1]['permission_types']) self.assertEqual(role_definition_api.permission_grants[2]['permission_types'], ['action_execute']) self.assertEqual(role_definition_api.permission_grants[3]['resource_uid'], None) self.assertEqual(role_definition_api.permission_grants[3]['permission_types'], ['action_list', 'rule_list'])
def test_load_group_to_role_mappings_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_one.yaml') role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path) self.assertEqual(role_mapping_api.group, 'some ldap group') self.assertEqual(role_mapping_api.roles, ['pack_admin']) self.assertEqual(role_mapping_api.description, None) self.assertTrue(role_mapping_api.enabled) self.assertTrue(role_mapping_api.file_path.endswith('mappings/mapping_one.yaml')) file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_two.yaml') role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path) self.assertEqual(role_mapping_api.group, 'CN=stormers,OU=groups,DC=stackstorm,DC=net') self.assertEqual(role_mapping_api.roles, ['role_one', 'role_two', 'role_three']) self.assertEqual(role_mapping_api.description, 'Grant 3 roles to stormers group members') self.assertFalse(role_mapping_api.enabled) self.assertEqual(role_mapping_api.file_path, 'mappings/mapping_two.yaml')
def test_file_paths_sorting(self, mock_glob): mock_glob.return_value = [ '/tmp/bar/d.yaml', '/tmp/bar/c.yaml', '/tmp/foo/a.yaml', '/tmp/a/f.yaml' ] expected_result = [ '/tmp/foo/a.yaml', '/tmp/bar/c.yaml', '/tmp/bar/d.yaml', '/tmp/a/f.yaml' ] loader = RBACDefinitionsLoader() file_paths = loader._get_role_definitions_file_paths() self.assertEqual(file_paths, expected_result) file_paths = loader._get_role_assiginments_file_paths() self.assertEqual(file_paths, expected_result) file_paths = loader._get_group_to_role_maps_file_paths() self.assertEqual(file_paths, expected_result)
def test_load_group_to_role_mappings_missing_mandatory_attribute(self): loader = RBACDefinitionsLoader() file_path = os.path.join( get_fixtures_base_path(), 'rbac_invalid/mappings/mapping_one_missing_roles.yaml') expected_msg = '\'roles\' is a required property' self.assertRaisesRegexp( jsonschema.ValidationError, expected_msg, loader.load_group_to_role_map_assignment_from_file, file_path=file_path) file_path = os.path.join( get_fixtures_base_path(), 'rbac_invalid/mappings/mapping_two_missing_group.yaml') expected_msg = '\'group\' is a required property' self.assertRaisesRegexp( jsonschema.ValidationError, expected_msg, loader.load_group_to_role_map_assignment_from_file, file_path=file_path)