def test_get_pack_resource_file_abs_path(self): # Mock the packs path to point to the fixtures directory cfg.CONF.content.packs_base_paths = get_fixtures_base_path() # Invalid resource type expected_msg = 'Invalid resource type: fooo' self.assertRaisesRegexp(ValueError, expected_msg, get_pack_resource_file_abs_path, pack_name='dummy_pack_1', resource_type='fooo', file_path='test.py') # Invalid paths (directory traversal and absolute paths) file_paths = ['/tmp/foo.py', '../foo.py', '/etc/passwd', '../../foo.py'] for file_path in file_paths: expected_msg = 'Invalid file path: .*%s' % (file_path) self.assertRaisesRegexp(ValueError, expected_msg, get_pack_resource_file_abs_path, pack_name='dummy_pack_1', resource_type='action', file_path=file_path) # Valid paths file_paths = ['foo.py', 'a/foo.py', 'a/b/foo.py'] for file_path in file_paths: expected = os.path.join(get_fixtures_base_path(), 'dummy_pack_1/actions', file_path) result = get_pack_resource_file_abs_path(pack_name='dummy_pack_1', resource_type='action', file_path=file_path) self.assertEqual(result, expected)
def test_load_role_definitions_duplicate_role_definition(self): loader = RBACDefinitionsLoader() # Try to load all the roles from disk where two definitions refer to the same role file_path1 = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_three1.yaml') file_path2 = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_three2.yaml') file_paths = [file_path1, file_path2] loader._get_role_definitions_file_paths = mock.Mock() loader._get_role_definitions_file_paths.return_value = file_paths expected_msg = 'Duplicate definition file found for role "role_three_name_conflict"' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_role_definitions)
def test_load_role_definition_validation_error(self): loader = RBACDefinitionsLoader() # Invalid permission which doesn't apply to the resource in question file_path = os.path.join(get_fixtures_base_path(), "rbac_invalid/roles/role_one.yaml") expected_msg = 'Invalid permission type "rule_all" for resource type "action"' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_role_definition_from_file, file_path=file_path) # Invalid permission type which doesn't exist file_path = os.path.join(get_fixtures_base_path(), "rbac_invalid/roles/role_two.yaml") expected_msg = ".*Failed validating 'enum'.*" self.assertRaisesRegexp( jsonschema.ValidationError, expected_msg, loader.load_role_definition_from_file, file_path=file_path )
def test_load_user_role_assignments_duplicate_user_definition(self): loader = RBACDefinitionsLoader() # Try to load all the user role assignments from disk where two definitions refer to the # same user file_path1 = os.path.join(get_fixtures_base_path(), "rbac_invalid/assignments/user_foo1.yaml") file_path2 = os.path.join(get_fixtures_base_path(), "rbac_invalid/assignments/user_foo2.yaml") file_paths = [file_path1, file_path2] loader._get_role_assiginments_file_paths = mock.Mock() loader._get_role_assiginments_file_paths.return_value = file_paths expected_msg = 'Duplicate definition file found for user "userfoo"' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_user_role_assignments)
def test_register_from_pack_action_metadata_fails_validation(self): # No fail on failure flag, should succeed pack_dir = os.path.join(get_fixtures_base_path(), "dummy_pack_4") cmd = BASE_CMD_ARGS + ["--register-pack=%s" % (pack_dir)] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue("Registered 0 actions." in stderr) self.assertEqual(exit_code, 0) # Fail on failure, should fail pack_dir = os.path.join(get_fixtures_base_path(), "dummy_pack_4") cmd = BASE_CMD_ARGS + ["--register-pack=%s" % (pack_dir), "--register-fail-on-failure"] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue("object has no attribute 'get'" in stderr) self.assertEqual(exit_code, 1)
def test_register_from_pack_action_metadata_fails_validation(self): # No fail on failure flag, should succeed pack_dir = os.path.join(get_fixtures_base_path(), 'dummy_pack_4') cmd = BASE_REGISTER_ACTIONS_CMD_ARGS + ['--register-pack=%s' % (pack_dir)] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue('Registered 0 actions.' in stderr) self.assertEqual(exit_code, 0) # Fail on failure, should fail pack_dir = os.path.join(get_fixtures_base_path(), 'dummy_pack_4') cmd = BASE_REGISTER_ACTIONS_CMD_ARGS + ['--register-pack=%s' % (pack_dir), '--register-fail-on-failure'] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue('object has no attribute \'get\'' in stderr) self.assertEqual(exit_code, 1)
def test_load_role_definition_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/roles/role_three.yaml') role_definition_api = loader.load_role_definition_from_file( file_path=file_path) self.assertEqual(role_definition_api.name, 'role_three') self.assertTrue('all the pack permissions on pack dummy_pack_1' in role_definition_api.description) self.assertEqual(len(role_definition_api.permission_grants), 4) self.assertEqual( role_definition_api.permission_grants[0]['resource_uid'], 'pack:dummy_pack_1') self.assertEqual( role_definition_api.permission_grants[1]['resource_uid'], 'pack:dummy_pack_2') self.assertTrue('rule_view' in role_definition_api.permission_grants[1] ['permission_types']) self.assertEqual( role_definition_api.permission_grants[2]['permission_types'], ['action_execute']) self.assertTrue( 'resource_uid' not in role_definition_api.permission_grants[3]) self.assertEqual( role_definition_api.permission_grants[3]['permission_types'], ['action_list', 'rule_list'])
def test_register_from_pack_success(self): pack_dir = os.path.join(get_fixtures_base_path(), 'dummy_pack_1') cmd = BASE_REGISTER_ACTIONS_CMD_ARGS + ['--register-pack=%s' % (pack_dir)] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue('Registered 1 actions.' in stderr) self.assertEqual(exit_code, 0)
def test_register_from_pack_success(self): pack_dir = os.path.join(get_fixtures_base_path(), "dummy_pack_1") cmd = BASE_CMD_ARGS + ["--register-pack=%s" % (pack_dir)] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue("Registered 1 actions." in stderr) self.assertEqual(exit_code, 0)
def test_load_role_definition_with_all_global_permission_types(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/roles/role_seven.yaml') role_definition_api = loader.load_role_definition_from_file(file_path=file_path) self.assertEqual(role_definition_api.name, 'role_seven')
def test_load_user_role_assignments_duplicate_user_definition(self): loader = RBACDefinitionsLoader() # Try to load all the user role assignments from disk where two definitions refer to the # same user file_path1 = os.path.join(get_fixtures_base_path(), 'rbac_invalid/assignments/user_foo1.yaml') file_path2 = os.path.join(get_fixtures_base_path(), 'rbac_invalid/assignments/user_foo2.yaml') file_paths = [file_path1, file_path2] loader._get_role_assiginments_file_paths = mock.Mock() loader._get_role_assiginments_file_paths.return_value = file_paths expected_msg = 'Duplicate definition file found for user "userfoo"' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_user_role_assignments)
def test_register_triggers_from_pack(self): base_path = get_fixtures_base_path() pack_dir = os.path.join(base_path, 'dummy_pack_1') trigger_type_dbs = TriggerType.get_all() self.assertEqual(len(trigger_type_dbs), 0) count = triggers_registrar.register_triggers(pack_dir=pack_dir) self.assertEqual(count, 2) # Verify TriggerTypeDB and corresponding TriggerDB objects have been created trigger_type_dbs = TriggerType.get_all() trigger_dbs = Trigger.get_all() self.assertEqual(len(trigger_type_dbs), 2) self.assertEqual(len(trigger_dbs), 2) self.assertEqual(trigger_type_dbs[0].name, 'event_handler') self.assertEqual(trigger_type_dbs[0].pack, 'dummy_pack_1') self.assertEqual(trigger_dbs[0].name, 'event_handler') self.assertEqual(trigger_dbs[0].pack, 'dummy_pack_1') self.assertEqual(trigger_dbs[0].type, 'dummy_pack_1.event_handler') self.assertEqual(trigger_type_dbs[1].name, 'head_sha_monitor') self.assertEqual(trigger_type_dbs[1].pack, 'dummy_pack_1') self.assertEqual(trigger_type_dbs[1].payload_schema['type'], 'object')
def test_register_from_pack_success(self): pack_dir = os.path.join(get_fixtures_base_path(), 'dummy_pack_1') cmd = BASE_CMD_ARGS + ['--register-pack=%s' % (pack_dir)] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue('Registered 1 actions.' in stderr) self.assertEqual(exit_code, 0)
def test_register_from_pack_action_metadata_fails_validation(self): # No fail on failure flag, should succeed pack_dir = os.path.join(get_fixtures_base_path(), 'dummy_pack_4') cmd = BASE_CMD_ARGS + ['--register-pack=%s' % (pack_dir)] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue('Registered 0 actions.' in stderr) self.assertEqual(exit_code, 0) # Fail on failure, should fail pack_dir = os.path.join(get_fixtures_base_path(), 'dummy_pack_4') cmd = BASE_CMD_ARGS + [ '--register-pack=%s' % (pack_dir), '--register-fail-on-failure' ] exit_code, _, stderr = run_command(cmd=cmd) self.assertTrue('object has no attribute \'get\'' in stderr) self.assertEqual(exit_code, 1)
def _override_common_opts(): packs_base_path = get_fixtures_base_path() CONF.set_override(name='system_packs_base_path', override=packs_base_path, group='content') CONF.set_override(name='api_url', override='http://localhost', group='auth')
def _override_common_opts(): packs_base_path = get_fixtures_base_path() CONF.set_override(name="system_packs_base_path", override=packs_base_path, group="content") CONF.set_override(name="api_url", override="http://localhost", group="auth") CONF.set_override(name="admin_users", override=["admin_user"], group="system") CONF.set_override(name="mask_secrets", override=True, group="log") CONF.set_override(name="url", override="zake://", group="coordination") CONF.set_override(name="lock_timeout", override=1, group="coordination")
def _override_common_opts(): packs_base_path = get_fixtures_base_path() CONF.set_override(name='system_packs_base_path', override=packs_base_path, group='content') CONF.set_override(name='api_url', override='http://localhost', group='auth') CONF.set_override(name='admin_users', override=['admin_user'], group='system') CONF.set_override(name='mask_secrets', override=True, group='log') CONF.set_override(name='url', override='zake://', group='coordination') CONF.set_override(name='lock_timeout', override=1, group='coordination')
def test_load_user_role_assignments_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), "rbac/assignments/user3.yaml") user_role_assignment_api = loader.load_user_role_assignments_from_file(file_path=file_path) self.assertEqual(user_role_assignment_api.username, "user3") self.assertEqual(user_role_assignment_api.description, "Observer assignments") self.assertEqual(user_role_assignment_api.roles, ["observer"])
def test_script_with_paramters_parameter_serialization(self): models = self.fixtures_loader.load_models( fixtures_pack="generic", fixtures_dict={"actions": ["local_script_with_params.yaml"]} ) action_db = models["actions"]["local_script_with_params.yaml"] entry_point = os.path.join(get_fixtures_base_path(), "generic/actions/local_script_with_params.sh") action_parameters = { "param_string": "test string", "param_integer": 1, "param_float": 2.55, "param_boolean": True, "param_list": ["a", "b", "c"], "param_object": {"foo": "bar"}, } runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual(status, action_constants.LIVEACTION_STATUS_SUCCEEDED) self.assertTrue("PARAM_STRING=test string" in result["stdout"]) self.assertTrue("PARAM_INTEGER=1" in result["stdout"]) self.assertTrue("PARAM_FLOAT=2.55" in result["stdout"]) self.assertTrue("PARAM_BOOLEAN=1" in result["stdout"]) self.assertTrue("PARAM_LIST=a,b,c" in result["stdout"]) self.assertTrue('PARAM_OBJECT={"foo": "bar"}' in result["stdout"]) action_parameters = { "param_string": "test string", "param_integer": 1, "param_float": 2.55, "param_boolean": False, "param_list": ["a", "b", "c"], "param_object": {"foo": "bar"}, } runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual(status, action_constants.LIVEACTION_STATUS_SUCCEEDED) self.assertTrue("PARAM_BOOLEAN=0" in result["stdout"]) action_parameters = {"param_string": "", "param_integer": None, "param_float": None} runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual(status, action_constants.LIVEACTION_STATUS_SUCCEEDED) self.assertTrue("PARAM_STRING=\n" in result["stdout"]) self.assertTrue("PARAM_INTEGER=\n" in result["stdout"]) self.assertTrue("PARAM_FLOAT=\n" in result["stdout"])
def test_load_group_to_role_mappings_missing_mandatory_attribute(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/mappings/mapping_one_missing_roles.yaml') expected_msg = '\'roles\' is a required property' self.assertRaisesRegexp(jsonschema.ValidationError, expected_msg, loader.load_group_to_role_map_assignment_from_file, file_path=file_path) file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/mappings/mapping_two_missing_group.yaml') expected_msg = '\'group\' is a required property' self.assertRaisesRegexp(jsonschema.ValidationError, expected_msg, loader.load_group_to_role_map_assignment_from_file, file_path=file_path)
def test_load_user_role_assignments_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/assignments/user3.yaml') user_role_assignment_api = loader.load_user_role_assignments_from_file(file_path=file_path) self.assertEqual(user_role_assignment_api.username, 'user3') self.assertEqual(user_role_assignment_api.description, 'Observer assignments') self.assertEqual(user_role_assignment_api.roles, ['observer'])
def test_load_group_to_role_mappings_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_one.yaml') role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path) self.assertEqual(role_mapping_api.group, 'some ldap group') self.assertEqual(role_mapping_api.roles, ['pack_admin']) self.assertEqual(role_mapping_api.description, None) self.assertTrue(role_mapping_api.enabled) file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_two.yaml') role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path) self.assertEqual(role_mapping_api.group, 'CN=stormers,OU=groups,DC=stackstorm,DC=net') self.assertEqual(role_mapping_api.roles, ['role_one', 'role_two', 'role_three']) self.assertEqual(role_mapping_api.description, 'Grant 3 roles to stormers group members') self.assertFalse(role_mapping_api.enabled)
def _override_common_opts(): packs_base_path = get_fixtures_base_path() CONF.set_override(name='base_path', override=packs_base_path, group='system') CONF.set_override(name='system_packs_base_path', override=packs_base_path, group='content') CONF.set_override(name='packs_base_paths', override=packs_base_path, group='content') CONF.set_override(name='api_url', override='http://127.0.0.1', group='auth') CONF.set_override(name='mask_secrets', override=True, group='log') CONF.set_override(name='url', override='zake://', group='coordination') CONF.set_override(name='lock_timeout', override=1, group='coordination')
def test_register_policy_invalid_policy_type_references(self): # Policy references an invalid (inexistent) policy type registrar = PolicyRegistrar() policy_path = os.path.join(get_fixtures_base_path(), "dummy_pack_1/policies/policy_2.yaml") expected_msg = 'Referenced policy_type "action.mock_policy_error" doesnt exist' self.assertRaisesRegexp( ValueError, expected_msg, registrar._register_policy, pack="dummy_pack_1", policy=policy_path )
def test_make_sure_policy_parameters_are_validated_during_register(self): # Policy where specified parameters fail schema validation registrar = PolicyRegistrar() policy_path = os.path.join(get_fixtures_base_path(), 'dummy_pack_1/policies/policy_3.yaml') expected_msg = '100 is greater than the maximum of 5' self.assertRaisesRegexp(jsonschema.ValidationError, expected_msg, registrar._register_policy, pack='dummy_pack_1', policy=policy_path)
def test_load_user_role_assignments_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/assignments/user3.yaml') user_role_assignment_api = loader.load_user_role_assignments_from_file(file_path=file_path) self.assertEqual(user_role_assignment_api.username, 'user3') self.assertEqual(user_role_assignment_api.description, 'Observer assignments') self.assertEqual(user_role_assignment_api.roles, ['observer']) self.assertEqual(user_role_assignment_api.file_path, 'assignments/user3.yaml')
def test_load_sample_role_definition(self): """ Validate that the sample role definition which we ship with default installation works. """ loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/roles/role_sample.yaml') role_api = loader.load_role_definition_from_file(file_path=file_path) self.assertEqual(role_api.name, 'sample') self.assertFalse(role_api.enabled)
def test_get_all(self): packs_path = os.path.join(get_fixtures_base_path(), 'packs/') config_schema_count = len( glob.glob('%s/*/config.schema.yaml' % (packs_path))) assert config_schema_count > 1 resp = self.app.get('/v1/config_schemas') self.assertEqual(resp.status_int, 200) self.assertEqual(len(resp.json), config_schema_count, '/v1/config_schemas did not return all schemas.')
def test_register_all_triggers(self): trigger_type_dbs = TriggerType.get_all() self.assertEqual(len(trigger_type_dbs), 0) packs_base_path = get_fixtures_base_path() count = triggers_registrar.register_triggers(packs_base_paths=[packs_base_path]) self.assertEqual(count, 3) trigger_type_dbs = TriggerType.get_all() self.assertEqual(len(trigger_type_dbs), 3)
def test_load_group_to_role_mappings_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_one.yaml') role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path) self.assertEqual(role_mapping_api.group, 'some ldap group') self.assertEqual(role_mapping_api.roles, ['pack_admin']) self.assertEqual(role_mapping_api.description, None) self.assertTrue(role_mapping_api.enabled) self.assertTrue(role_mapping_api.file_path.endswith('mappings/mapping_one.yaml')) file_path = os.path.join(get_fixtures_base_path(), 'rbac/mappings/mapping_two.yaml') role_mapping_api = loader.load_group_to_role_map_assignment_from_file(file_path=file_path) self.assertEqual(role_mapping_api.group, 'CN=stormers,OU=groups,DC=stackstorm,DC=net') self.assertEqual(role_mapping_api.roles, ['role_one', 'role_two', 'role_three']) self.assertEqual(role_mapping_api.description, 'Grant 3 roles to stormers group members') self.assertFalse(role_mapping_api.enabled) self.assertEqual(role_mapping_api.file_path, 'mappings/mapping_two.yaml')
def test_load_sample_user_role_assignment_definition(self): """ Validate that the sample user role assignment definition which we ship with default installation works. """ loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac/assignments/user_sample.yaml') assignment_api = loader.load_user_role_assignments_from_file(file_path=file_path) self.assertEqual(assignment_api.username, 'stackstorm_user') self.assertFalse(assignment_api.enabled)
def test_load_role_definition_validation_error(self): loader = RBACDefinitionsLoader() # Invalid permission which doesn't apply to the resource in question file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_one.yaml') expected_msg = 'Invalid permission type "rule_all" for resource type "action"' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_role_definition_from_file, file_path=file_path) # Invalid permission type which doesn't exist file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_two.yaml') expected_msg = '.*Failed validating \'enum\'.*' self.assertRaisesRegexp(jsonschema.ValidationError, expected_msg, loader.load_role_definition_from_file, file_path=file_path)
def test_load_group_to_role_mappings_empty_file(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/mappings/empty.yaml') file_paths = [file_path] loader._get_group_to_role_maps_file_paths = mock.Mock() loader._get_group_to_role_maps_file_paths.return_value = file_paths expected_msg = 'Group to role map assignment file .+? is empty and invalid' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_group_to_role_maps)
def test_load_role_definitions_empty_definition_file(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_empty.yaml') file_paths = [file_path] loader._get_role_definitions_file_paths = mock.Mock() loader._get_role_definitions_file_paths.return_value = file_paths expected_msg = 'Role definition file .+? is empty and invalid' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_role_definitions)
def test_register_all_actions(self): try: packs_base_path = fixtures_loader.get_fixtures_base_path() all_actions_in_db = Action.get_all() actions_registrar.register_actions(packs_base_paths=[packs_base_path]) except Exception as e: print(str(e)) self.fail('All actions must be registered without exceptions.') else: all_actions_in_db = Action.get_all() self.assertTrue(len(all_actions_in_db) > 0)
def test_register_policy_invalid_policy_type_references(self): # Policy references an invalid (inexistent) policy type registrar = PolicyRegistrar() policy_path = os.path.join(get_fixtures_base_path(), 'dummy_pack_1/policies/policy_2.yaml') expected_msg = 'Referenced policy_type "action.mock_policy_error" doesnt exist' self.assertRaisesRegexp(ValueError, expected_msg, registrar._register_policy, pack='dummy_pack_1', policy=policy_path)
def test_load_role_definition_validation_error(self): loader = RBACDefinitionsLoader() # Invalid permission which doesn't apply to the resource in question file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_one.yaml') expected_msg = 'Invalid permission type "rule_all" for resource type "action"' self.assertRaisesRegexp(ValueError, expected_msg, loader.load_role_definition_from_file, file_path=file_path) # Invalid permission type which doesn't exist file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_two.yaml') expected_msg = '.*Failed validating \'enum\'.*' self.assertRaisesRegexp(jsonschema.ValidationError, expected_msg, loader.load_role_definition_from_file, file_path=file_path) # Only list permissions can be used without a resource_uid file_path = os.path.join(get_fixtures_base_path(), 'rbac_invalid/roles/role_four.yaml') expected_msg = ('Invalid permission type "action_create". Valid global ' 'permission types which can be used without a resource id are:') self.assertRaisesRegexp(ValueError, expected_msg, loader.load_role_definition_from_file, file_path=file_path)
def test_load_user_role_assignments_disabled_assignment(self): loader = RBACDefinitionsLoader() # Disabled role assignment which means this method shouldn't include it in the result file_path = os.path.join(get_fixtures_base_path(), 'rbac/assignments/user_disabled.yaml') file_paths = [file_path] loader._get_role_assiginments_file_paths = mock.Mock() loader._get_role_assiginments_file_paths.return_value = file_paths result = loader.load_user_role_assignments() self.assertItemsEqual(result, [])
def test_register_all_triggers(self): trigger_type_dbs = TriggerType.get_all() self.assertEqual(len(trigger_type_dbs), 0) packs_base_path = get_fixtures_base_path() count = triggers_registrar.register_triggers(packs_base_paths=[packs_base_path]) self.assertEqual(count, 3) # Verify TriggerTypeDB and corresponding TriggerDB objects have been created trigger_type_dbs = TriggerType.get_all() trigger_dbs = Trigger.get_all() self.assertEqual(len(trigger_type_dbs), 3) self.assertEqual(len(trigger_dbs), 3)
def test_register_policies(self): # Note: Only one policy should be registered since second one fails validation pack_dir = os.path.join(fixturesloader.get_fixtures_base_path(), "dummy_pack_1") self.assertEqual(register_policies(pack_dir=pack_dir), 1) p1 = Policy.get_by_ref("dummy_pack_1.test_policy_1") self.assertEqual(p1.name, "test_policy_1") self.assertEqual(p1.pack, "dummy_pack_1") self.assertEqual(p1.resource_ref, "dummy_pack_1.local") self.assertEqual(p1.policy_type, "action.concurrency") p2 = Policy.get_by_ref("dummy_pack_1.test_policy_2") self.assertEqual(p2, None)
def test_load_role_definition_success(self): loader = RBACDefinitionsLoader() file_path = os.path.join(get_fixtures_base_path(), "rbac/roles/role_three.yaml") role_definition_api = loader.load_role_definition_from_file(file_path=file_path) self.assertEqual(role_definition_api.name, "role_three") self.assertTrue("all the pack permissions on pack dummy_pack_1" in role_definition_api.description) self.assertEqual(len(role_definition_api.permission_grants), 3) self.assertEqual(role_definition_api.permission_grants[0]["resource_uid"], "pack:dummy_pack_1") self.assertEqual(role_definition_api.permission_grants[1]["resource_uid"], "pack:dummy_pack_2") self.assertTrue("rule_view" in role_definition_api.permission_grants[1]["permission_types"]) self.assertEqual(role_definition_api.permission_grants[2]["permission_types"], ["action_execute"])
def test_register_policies(self): # Note: Only one policy should be registered since second one fails validation pack_dir = os.path.join(fixturesloader.get_fixtures_base_path(), 'dummy_pack_1') self.assertEqual(register_policies(pack_dir=pack_dir), 1) p1 = Policy.get_by_ref('dummy_pack_1.test_policy_1') self.assertEqual(p1.name, 'test_policy_1') self.assertEqual(p1.pack, 'dummy_pack_1') self.assertEqual(p1.resource_ref, 'dummy_pack_1.local') self.assertEqual(p1.policy_type, 'action.concurrency') p2 = Policy.get_by_ref('dummy_pack_1.test_policy_2') self.assertEqual(p2, None)
def test_register_all_triggers(self): trigger_type_dbs = TriggerType.get_all() self.assertEqual(len(trigger_type_dbs), 0) packs_base_path = get_fixtures_base_path() count = triggers_registrar.register_triggers( packs_base_paths=[packs_base_path]) self.assertEqual(count, 3) # Verify TriggerTypeDB and corresponding TriggerDB objects have been created trigger_type_dbs = TriggerType.get_all() trigger_dbs = Trigger.get_all() self.assertEqual(len(trigger_type_dbs), 3) self.assertEqual(len(trigger_dbs), 3)
def test_register_all_actions(self): try: packs_base_path = fixtures_loader.get_fixtures_base_path() all_actions_in_db = Action.get_all() actions_registrar.register_actions(packs_base_paths=[packs_base_path]) except Exception as e: print(six.text_type(e)) self.fail("All actions must be registered without exceptions.") else: all_actions_in_db = Action.get_all() self.assertTrue(len(all_actions_in_db) > 0) # Assert metadata_file field is populated expected_path = "actions/action-with-no-parameters.yaml" self.assertEqual(all_actions_in_db[0].metadata_file, expected_path)
def _run_action(self, pack, action, params, runner_params={}): action_db = mock.Mock() action_db.pack = pack runner = python_runner.get_runner() runner.runner_parameters = {} runner.action = action_db runner._use_parent_args = False for key, value in runner_params.items(): setattr(runner, key, value) runner.entry_point = os.path.join( get_fixtures_base_path(), "packs/%s/actions/%s" % (pack, action)) runner.pre_run() return runner.run(params)
def test_register_setup_virtualenvs(self): # Single pack pack_dir = os.path.join(get_fixtures_base_path(), 'dummy_pack_1') cmd = BASE_CMD_ARGS + ['--register-pack=%s' % (pack_dir), '--register-setup-virtualenvs'] exit_code, stdout, stderr = run_command(cmd=cmd) self.assertTrue('Setting up virtualenv for pack "dummy_pack_1"' in stderr) self.assertTrue('Setup virtualenv for 1 pack(s)' in stderr) self.assertEqual(exit_code, 0) # All packs cmd = BASE_CMD_ARGS + ['--register-setup-virtualenvs'] exit_code, stdout, stderr = run_command(cmd=cmd) self.assertTrue('Setup virtualenv for 4 pack(s)' in stderr) self.assertEqual(exit_code, 0)
def test_register_policies(self): pack_dir = os.path.join(fixturesloader.get_fixtures_base_path(), 'dummy_pack_1') self.assertEqual(register_policies(pack_dir=pack_dir), 2) p1 = Policy.get_by_ref('dummy_pack_1.test_policy_1') self.assertEqual(p1.name, 'test_policy_1') self.assertEqual(p1.pack, 'dummy_pack_1') self.assertEqual(p1.resource_ref, 'dummy_pack_1.local') self.assertEqual(p1.policy_type, 'action.concurrency') p2 = Policy.get_by_ref('dummy_pack_1.test_policy_2') self.assertEqual(p2.name, 'test_policy_2') self.assertEqual(p2.pack, 'dummy_pack_1') self.assertEqual(p2.resource_ref, 'dummy_pack_1.local') self.assertEqual(p2.policy_type, 'action.mock_policy_error') self.assertEqual(p2.resource_ref, 'dummy_pack_1.local')
def test_action_stdout_and_stderr_is_stored_in_the_db( self, mock_spawn, mock_popen): # Feature is enabled cfg.CONF.set_override(name='stream_output', group='actionrunner', override=True) # Note: We need to mock spawn function so we can test everything in single event loop # iteration mock_spawn.side_effect = blocking_eventlet_spawn # No output to stdout and no result (implicit None) mock_stdout = [ 'stdout line 1\n', 'stdout line 2\n', 'stdout line 3\n', 'stdout line 4\n' ] mock_stderr = ['stderr line 1\n', 'stderr line 2\n', 'stderr line 3\n'] mock_process = mock.Mock() mock_process.returncode = 0 mock_popen.return_value = mock_process mock_process.stdout.closed = False mock_process.stderr.closed = False mock_process.stdout.readline = make_mock_stream_readline( mock_process.stdout, mock_stdout, stop_counter=4) mock_process.stderr.readline = make_mock_stream_readline( mock_process.stderr, mock_stderr, stop_counter=3) models = self.fixtures_loader.load_models( fixtures_pack='generic', fixtures_dict={'actions': ['local_script_with_params.yaml']}) action_db = models['actions']['local_script_with_params.yaml'] entry_point = os.path.join( get_fixtures_base_path(), 'generic/actions/local_script_with_params.sh') action_parameters = { 'param_string': 'test string', 'param_integer': 1, 'param_float': 2.55, 'param_boolean': True, 'param_list': ['a', 'b', 'c'], 'param_object': { 'foo': 'bar' } } runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual( result['stdout'], 'stdout line 1\nstdout line 2\nstdout line 3\nstdout line 4') self.assertEqual(result['stderr'], 'stderr line 1\nstderr line 2\nstderr line 3') self.assertEqual(result['return_code'], 0) # Verify stdout and stderr lines have been correctly stored in the db output_dbs = ActionExecutionOutput.query(output_type='stdout') self.assertEqual(len(output_dbs), 4) self.assertEqual(output_dbs[0].data, mock_stdout[0]) self.assertEqual(output_dbs[1].data, mock_stdout[1]) self.assertEqual(output_dbs[2].data, mock_stdout[2]) self.assertEqual(output_dbs[3].data, mock_stdout[3]) output_dbs = ActionExecutionOutput.query(output_type='stderr') self.assertEqual(len(output_dbs), 3) self.assertEqual(output_dbs[0].data, mock_stderr[0]) self.assertEqual(output_dbs[1].data, mock_stderr[1]) self.assertEqual(output_dbs[2].data, mock_stderr[2])
def test_script_with_paramters_parameter_serialization(self): models = self.fixtures_loader.load_models( fixtures_pack='generic', fixtures_dict={'actions': ['local_script_with_params.yaml']}) action_db = models['actions']['local_script_with_params.yaml'] entry_point = os.path.join( get_fixtures_base_path(), 'generic/actions/local_script_with_params.sh') action_parameters = { 'param_string': 'test string', 'param_integer': 1, 'param_float': 2.55, 'param_boolean': True, 'param_list': ['a', 'b', 'c'], 'param_object': { 'foo': 'bar' } } runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual(status, action_constants.LIVEACTION_STATUS_SUCCEEDED) self.assertTrue('PARAM_STRING=test string' in result['stdout']) self.assertTrue('PARAM_INTEGER=1' in result['stdout']) self.assertTrue('PARAM_FLOAT=2.55' in result['stdout']) self.assertTrue('PARAM_BOOLEAN=1' in result['stdout']) self.assertTrue('PARAM_LIST=a,b,c' in result['stdout']) self.assertTrue('PARAM_OBJECT={"foo": "bar"}' in result['stdout']) action_parameters = { 'param_string': 'test string', 'param_integer': 1, 'param_float': 2.55, 'param_boolean': False, 'param_list': ['a', 'b', 'c'], 'param_object': { 'foo': 'bar' } } runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual(status, action_constants.LIVEACTION_STATUS_SUCCEEDED) self.assertTrue('PARAM_BOOLEAN=0' in result['stdout']) action_parameters = { 'param_string': '', 'param_integer': None, 'param_float': None, } runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual(status, action_constants.LIVEACTION_STATUS_SUCCEEDED) self.assertTrue('PARAM_STRING=\n' in result['stdout']) self.assertTrue('PARAM_INTEGER=\n' in result['stdout']) self.assertTrue('PARAM_FLOAT=\n' in result['stdout']) # End result should be the same when streaming is enabled cfg.CONF.set_override(name='stream_output', group='actionrunner', override=True) # Verify initial state output_dbs = ActionExecutionOutput.get_all() self.assertEqual(len(output_dbs), 0) action_parameters = { 'param_string': 'test string', 'param_integer': 1, 'param_float': 2.55, 'param_boolean': True, 'param_list': ['a', 'b', 'c'], 'param_object': { 'foo': 'bar' } } runner = self._get_runner(action_db=action_db, entry_point=entry_point) runner.pre_run() status, result, _ = runner.run(action_parameters=action_parameters) runner.post_run(status, result) self.assertEqual(status, action_constants.LIVEACTION_STATUS_SUCCEEDED) self.assertTrue('PARAM_STRING=test string' in result['stdout']) self.assertTrue('PARAM_INTEGER=1' in result['stdout']) self.assertTrue('PARAM_FLOAT=2.55' in result['stdout']) self.assertTrue('PARAM_BOOLEAN=1' in result['stdout']) self.assertTrue('PARAM_LIST=a,b,c' in result['stdout']) self.assertTrue('PARAM_OBJECT={"foo": "bar"}' in result['stdout']) output_dbs = ActionExecutionOutput.query(output_type='stdout') self.assertEqual(len(output_dbs), 6) self.assertEqual(output_dbs[0].data, 'PARAM_STRING=test string\n') self.assertEqual(output_dbs[5].data, 'PARAM_OBJECT={"foo": "bar"}\n') output_dbs = ActionExecutionOutput.query(output_type='stderr') self.assertEqual(len(output_dbs), 0)