aboutsummaryrefslogtreecommitdiffstats
path: root/moon_authz/tests/unit_python
diff options
context:
space:
mode:
authorThomas Duval <thomas.duval@orange.com>2020-06-03 10:06:52 +0200
committerThomas Duval <thomas.duval@orange.com>2020-06-03 10:06:52 +0200
commit7bb53c64da2dcf88894bfd31503accdd81498f3d (patch)
tree4310e12366818af27947b5e2c80cb162da93a4b5 /moon_authz/tests/unit_python
parentcbea4e360e9bfaa9698cf7c61c83c96a1ba89b8c (diff)
Update to new version 5.4HEADstable/jermamaster
Signed-off-by: Thomas Duval <thomas.duval@orange.com> Change-Id: Idcd868133d75928a1ffd74d749ce98503e0555ea
Diffstat (limited to 'moon_authz/tests/unit_python')
-rw-r--r--moon_authz/tests/unit_python/conftest.py29
-rw-r--r--moon_authz/tests/unit_python/mock_pods.py545
-rw-r--r--moon_authz/tests/unit_python/requirements.txt5
-rw-r--r--moon_authz/tests/unit_python/test_authz.py116
-rw-r--r--moon_authz/tests/unit_python/utilities.py182
5 files changed, 0 insertions, 877 deletions
diff --git a/moon_authz/tests/unit_python/conftest.py b/moon_authz/tests/unit_python/conftest.py
deleted file mode 100644
index a6e62078..00000000
--- a/moon_authz/tests/unit_python/conftest.py
+++ /dev/null
@@ -1,29 +0,0 @@
-import pytest
-import requests_mock
-import mock_pods
-import os
-from utilities import CONTEXT
-
-
-@pytest.fixture
-def context():
- return CONTEXT
-
-
-def set_env_variables():
- os.environ['UUID'] = "1111111111"
- os.environ['TYPE'] = "authz"
- os.environ['PORT'] = "8081"
- os.environ['PDP_ID'] = "b3d3e18abf3340e8b635fd49e6634ccd"
- os.environ['META_RULE_ID'] = "f8f49a779ceb47b3ac810f01ef71b4e0"
- os.environ['KEYSTONE_PROJECT_ID'] = CONTEXT['project_id']
-
-
-@pytest.fixture(autouse=True)
-def no_requests(monkeypatch):
- """ Modify the response from Requests module
- """
- set_env_variables()
- with requests_mock.Mocker(real_http=True) as m:
- mock_pods.register_pods(m)
- yield m
diff --git a/moon_authz/tests/unit_python/mock_pods.py b/moon_authz/tests/unit_python/mock_pods.py
deleted file mode 100644
index 39223a57..00000000
--- a/moon_authz/tests/unit_python/mock_pods.py
+++ /dev/null
@@ -1,545 +0,0 @@
-from utilities import CONF, get_b64_conf, COMPONENTS
-
-pdp_mock = {
- "b3d3e18abf3340e8b635fd49e6634ccd": {
- "description": "test",
- "security_pipeline": [
- "f8f49a779ceb47b3ac810f01ef71b4e0"
- ],
- "name": "pdp_rbac",
- "keystone_project_id": "a64beb1cc224474fb4badd43173e7101"
- },
- "pdp_id1": {
- "name": "pdp_id1",
- "security_pipeline": ["policy_id_1", "policy_id_2"],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- },
- "pdp_id12": {
- "name": "pdp_id2",
- "security_pipeline": ["policy_id_1", "policy_id_2"],
- "keystone_project_id": "keystone_project_id2",
- "description": "...",
- }
-}
-
-meta_rules_mock = {
- "f8f49a779ceb47b3ac810f01ef71b4e0": {
- "subject_categories": [
- "14e6ae0ba34d458b876c791b73aa17bd"
- ],
- "action_categories": [
- "241a2a791554421a91c9f1bc564aa94d"
- ],
- "description": "",
- "name": "rbac",
- "object_categories": [
- "6d48500f639d4c2cab2b1f33ef93a1e8"
- ]
- },
- "meta_rule_id1": {
- "name": "meta_rule1",
- "algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- },
- "meta_rule_id2": {
- "name": "name of the meta rules2",
- "algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- }
-}
-
-policies_mock = {
- "f8f49a779ceb47b3ac810f01ef71b4e0": {
- "name": "RBAC policy example",
- "model_id": "cd923d8633ff4978ab0e99938f5153d6",
- "description": "test",
- "genre": "authz"
- },
- "policy_id_1": {
- "name": "test_policy1",
- "model_id": "model_id_1",
- "genre": "authz",
- "description": "test",
- },
- "policy_id_2": {
- "name": "test_policy2",
- "model_id": "model_id_2",
- "genre": "authz",
- "description": "test",
- }
-}
-
-subject_mock = {
- "f8f49a779ceb47b3ac810f01ef71b4e0": {
- "89ba91c18dd54abfbfde7a66936c51a6": {
- "description": "test",
- "policy_list": [
- "f8f49a779ceb47b3ac810f01ef71b4e0",
- "636cd473324f4c0bbd9102cb5b62a16d"
- ],
- "name": "testuser",
- "email": "mail",
- "id": "89ba91c18dd54abfbfde7a66936c51a6",
- "extra": {}
- }
- },
- "policy_id_1": {
- "subject_id": {
- "name": "subject_name",
- "keystone_id": "keystone_project_id1",
- "description": "a description"
- }
- },
- "policy_id_2": {
- "subject_id": {
- "name": "subject_name",
- "keystone_id": "keystone_project_id2",
- "description": "a description"
- }
- }
-}
-
-subject_assignment_mock = {
- "826c1156d0284fc9b4b2ddb279f63c52": {
- "category_id": "14e6ae0ba34d458b876c791b73aa17bd",
- "assignments": [
- "24ea95256c5f4c888c1bb30a187788df",
- "6b227b77184c48b6a5e2f3ed1de0c02a",
- "31928b17ec90438ba5a2e50ae7650e63",
- "4e60f554dd3147af87595fb6b37dcb13",
- "7a5541b63a024fa88170a6b59f99ccd7",
- "dd2af27812f742029d289df9687d6126"
- ],
- "id": "826c1156d0284fc9b4b2ddb279f63c52",
- "subject_id": "89ba91c18dd54abfbfde7a66936c51a6",
- "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
- },
- "7407ffc1232944279b0cbcb0847c86f7": {
- "category_id": "315072d40d774c43a89ff33937ed24eb",
- "assignments": [
- "6b227b77184c48b6a5e2f3ed1de0c02a",
- "31928b17ec90438ba5a2e50ae7650e63",
- "7a5541b63a024fa88170a6b59f99ccd7",
- "dd2af27812f742029d289df9687d6126"
- ],
- "id": "7407ffc1232944279b0cbcb0847c86f7",
- "subject_id": "89ba91c18dd54abfbfde7a66936c51a6",
- "policy_id": "3e65256389b448cb9897917ea235f0bb"
- }
-}
-
-object_mock = {
- "f8f49a779ceb47b3ac810f01ef71b4e0": {
- "9089b3d2ce5b4e929ffc7e35b55eba1a": {
- "name": "vm1",
- "description": "test",
- "id": "9089b3d2ce5b4e929ffc7e35b55eba1a",
- "extra": {},
- "policy_list": [
- "f8f49a779ceb47b3ac810f01ef71b4e0",
- "636cd473324f4c0bbd9102cb5b62a16d"
- ]
- },
- },
- "policy_id_1": {
- "object_id": {
- "name": "object_name",
- "description": "a description"
- }
- },
- "policy_id_2": {
- "object_id": {
- "name": "object_name",
- "description": "a description"
- }
- }
-}
-
-object_assignment_mock = {
- "201ad05fd3f940948b769ab9214fe295": {
- "object_id": "9089b3d2ce5b4e929ffc7e35b55eba1a",
- "assignments": [
- "030fbb34002e4236a7b74eeb5fd71e35",
- "06bcb8655b9d46a9b90e67ef7c825b50",
- "34eb45d7f46d4fb6bc4965349b8e4b83",
- "4b7793dbae434c31a77da9d92de9fa8c"
- ],
- "id": "201ad05fd3f940948b769ab9214fe295",
- "category_id": "6d48500f639d4c2cab2b1f33ef93a1e8",
- "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
- },
- "90c5e86f8be34c0298fbd1973e4fb043": {
- "object_id": "67b8008a3f8d4f8e847eb628f0f7ca0e",
- "assignments": [
- "a098918e915b4b12bccb89f9a3f3b4e4",
- "06bcb8655b9d46a9b90e67ef7c825b50",
- "7dc76c6142af47c88b60cc2b0df650ba",
- "4b7793dbae434c31a77da9d92de9fa8c"
- ],
- "id": "90c5e86f8be34c0298fbd1973e4fb043",
- "category_id": "33aece52d45b4474a20dc48a76800daf",
- "policy_id": "3e65256389b448cb9897917ea235f0bb"
- }
-}
-
-action_mock = {
- "f8f49a779ceb47b3ac810f01ef71b4e0": {
- "cdb3df220dc05a6ea3334b994827b068": {
- "name": "boot",
- "description": "test",
- "id": "cdb3df220dc04a6ea3334b994827b068",
- "extra": {},
- "policy_list": [
- "f8f49a779ceb47b3ac810f01ef71b4e0",
- "636cd473324f4c0bbd9102cb5b62a16d"
- ]
- },
- "cdb3df220dc04a6ea3334b994827b068": {
- "name": "stop",
- "description": "test",
- "id": "cdb3df220dc04a6ea3334b994827b068",
- "extra": {},
- "policy_list": [
- "f8f49a779ceb47b3ac810f01ef71b4e0",
- "636cd473324f4c0bbd9102cb5b62a16d"
- ]
- },
- "9f5112afe9b34a6c894eb87246ccb7aa": {
- "name": "start",
- "description": "test",
- "id": "9f5112afe9b34a6c894eb87246ccb7aa",
- "extra": {},
- "policy_list": [
- "f8f49a779ceb47b3ac810f01ef71b4e0",
- "636cd473324f4c0bbd9102cb5b62a16d"
- ]
- }
- },
- "policy_id_1": {
- "action_id": {
- "name": "action_name",
- "description": "a description"
- }
- },
- "policy_id_2": {
- "action_id": {
- "name": "action_name",
- "description": "a description"
- }
- }
-}
-
-action_assignment_mock = {
- "2128e3ffbd1c4ef5be515d625745c2d4": {
- "category_id": "241a2a791554421a91c9f1bc564aa94d",
- "action_id": "cdb3df220dc05a6ea3334b994827b068",
- "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
- "id": "2128e3ffbd1c4ef5be515d625745c2d4",
- "assignments": [
- "570c036781e540dc9395b83098c40ba7",
- "7fe17d7a2e3542719f8349c3f2273182",
- "015ca6f40338422ba3f692260377d638",
- "23d44c17bf88480f83e8d57d2aa1ea79"
- ]
- },
- "cffb98852f3a4110af7a0ddfc4e19201": {
- "category_id": "4a2c5abaeaf644fcaf3ca8df64000d53",
- "action_id": "cdb3df220dc04a6ea3334b994827b068",
- "policy_id": "3e65256389b448cb9897917ea235f0bb",
- "id": "cffb98852f3a4110af7a0ddfc4e19201",
- "assignments": [
- "570c036781e540dc9395b83098c40ba7",
- "7fe17d7a2e3542719f8349c3f2273182",
- "015ca6f40338422ba3f692260377d638",
- "23d44c17bf88480f83e8d57d2aa1ea79"
- ]
- }
-}
-
-models_mock = {
- "cd923d8633ff4978ab0e99938f5153d6": {
- "name": "RBAC",
- "meta_rules": [
- "f8f49a779ceb47b3ac810f01ef71b4e0"
- ],
- "description": "test"
- },
- "model_id_1": {
- "name": "test_model",
- "description": "test",
- "meta_rules": ["meta_rule_id1"]
- },
- "model_id_2": {
- "name": "test_model",
- "description": "test",
- "meta_rules": ["meta_rule_id2"]
- },
-}
-
-rules_mock = {
- "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
- "rules": [
- {
- "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
- "rule": [
- "24ea95256c5f4c888c1bb30a187788df",
- "030fbb34002e4236a7b74eeb5fd71e35",
- "570c036781e540dc9395b83098c40ba7"
- ],
- "enabled": True,
- "id": "0201a2bcf56943c1904dbac016289b71",
- "instructions": [
- {
- "decision": "grant"
- }
- ],
- "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
- },
- {
- "policy_id": "ecc2451c494e47b5bca7250cd324a360",
- "rule": [
- "54f574cd2043468da5d65e4f6ed6e3c9",
- "6559686961a3490a978f246ac9f85fbf",
- "ac0d1f600bf447e8bd2f37b7cc47f2dc"
- ],
- "enabled": True,
- "id": "a83fed666af8436192dfd8b3c83a6fde",
- "instructions": [
- {
- "decision": "grant"
- }
- ],
- "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
- }
- ]
-}
-
-
-def register_pods(m):
- """ Modify the response from Requests module
- """
- register_consul(m)
- register_pdp(m)
- register_meta_rules(m)
- register_policies(m)
- register_models(m)
- register_orchestrator(m)
- register_policy_subject(m, "f8f49a779ceb47b3ac810f01ef71b4e0")
- # register_policy_subject(m, "policy_id_2")
- register_policy_object(m, "f8f49a779ceb47b3ac810f01ef71b4e0")
- # register_policy_object(m, "policy_id_2")
- register_policy_action(m, "f8f49a779ceb47b3ac810f01ef71b4e0")
- # register_policy_action(m, "policy_id_2")
- register_policy_subject_assignment(m, "f8f49a779ceb47b3ac810f01ef71b4e0", "89ba91c18dd54abfbfde7a66936c51a6")
- register_policy_subject_assignment_list(m, "f8f49a779ceb47b3ac810f01ef71b4e0")
- register_policy_subject_assignment(m, "policy_id_2", "subject_id")
- # register_policy_subject_assignment_list(m1, "policy_id_2")
- register_policy_object_assignment(m, "f8f49a779ceb47b3ac810f01ef71b4e0", "9089b3d2ce5b4e929ffc7e35b55eba1a")
- register_policy_object_assignment_list(m, "f8f49a779ceb47b3ac810f01ef71b4e0")
- register_policy_object_assignment(m, "policy_id_2", "object_id")
- # register_policy_object_assignment_list(m1, "policy_id_2")
- register_policy_action_assignment(m, "f8f49a779ceb47b3ac810f01ef71b4e0", "cdb3df220dc05a6ea3334b994827b068")
- register_policy_action_assignment_list(m, "f8f49a779ceb47b3ac810f01ef71b4e0")
- register_policy_action_assignment(m, "policy_id_2", "action_id")
- # register_policy_action_assignment_list(m1, "policy_id_2")
- register_rules(m, "f8f49a779ceb47b3ac810f01ef71b4e0")
- register_rules(m, "policy_id_1")
- register_rules(m, "policy_id_2")
-
-
-def register_consul(m):
- for component in COMPONENTS:
- m.register_uri(
- 'GET', 'http://consul:8500/v1/kv/{}'.format(component),
- json=[{'Key': component, 'Value': get_b64_conf(component)}]
- )
- m.register_uri(
- 'GET', 'http://consul:8500/v1/kv/components_port_start',
- json=[
- {
- "LockIndex": 0,
- "Key": "components_port_start",
- "Flags": 0,
- "Value": "MzEwMDE=",
- "CreateIndex": 9,
- "ModifyIndex": 9
- }
- ],
- )
- m.register_uri(
- 'PUT', 'http://consul:8500/v1/kv/components_port_start',
- json=[],
- )
- m.register_uri(
- 'GET', 'http://consul:8500/v1/kv/plugins?recurse=true',
- json=[
- {
- "LockIndex": 0,
- "Key": "plugins/authz",
- "Flags": 0,
- "Value": "eyJjb250YWluZXIiOiAid3Vrb25nc3VuL21vb25fYXV0aHo6djQuMyIsICJwb3J0IjogODA4MX0=",
- "CreateIndex": 14,
- "ModifyIndex": 656
- }
- ],
- )
- m.register_uri(
- 'GET', 'http://consul:8500/v1/kv/components?recurse=true',
- json=[
- {"Key": key, "Value": get_b64_conf(key)} for key in COMPONENTS
- ],
- )
- m.register_uri(
- 'GET', 'http://consul:8500/v1/kv/plugins/authz',
- json=[
- {
- "LockIndex": 0,
- "Key": "plugins/authz",
- "Flags": 0,
- "Value": "eyJjb250YWluZXIiOiAid3Vrb25nc3VuL21vb25fYXV0aHo6djQuMyIsICJwb3J0IjogODA4MX0=",
- "CreateIndex": 14,
- "ModifyIndex": 656
- }
- ],
- )
-
-
-def register_orchestrator(m):
- m.register_uri(
- 'GET', 'http://orchestrator:8083/pods',
- json={
- "pods": {
- "1234567890": [
- {"name": "wrapper-quiet", "port": 8080,
- "container": "wukongsun/moon_wrapper:v4.3.1",
- "namespace": "moon"}]}}
- )
-
-
-def register_pdp(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'pdp'),
- json={'pdps': pdp_mock}
- )
-
-
-def register_meta_rules(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'meta_rules'),
- json={'meta_rules': meta_rules_mock}
- )
-
-
-def register_policies(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies'),
- json={'policies': policies_mock}
- )
-
-
-def register_models(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'models'),
- json={'models': models_mock}
- )
-
-
-def register_policy_subject(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/subjects'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies', policy_id),
- json={'subjects': subject_mock[policy_id]}
- )
-
-
-def register_policy_object(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/objects'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies', policy_id),
- json={'objects': object_mock[policy_id]}
- )
-
-
-def register_policy_action(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/actions'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies', policy_id),
- json={'actions': action_mock[policy_id]}
- )
-
-
-def register_policy_subject_assignment(m, policy_id, subj_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id,
- subj_id),
- json={'subject_assignments': subject_assignment_mock}
- )
-
-
-def register_policy_subject_assignment_list(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/subject_assignments'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id),
- json={'subject_assignments': subject_assignment_mock}
- )
-
-
-def register_policy_object_assignment(m, policy_id, obj_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id,
- obj_id),
- json={'object_assignments': object_assignment_mock}
- )
-
-
-def register_policy_object_assignment_list(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/object_assignments'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id),
- json={'object_assignments': object_assignment_mock}
- )
-
-
-def register_policy_action_assignment(m, policy_id, action_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id,
- action_id),
- json={'action_assignments': action_assignment_mock}
- )
-
-
-def register_policy_action_assignment_list(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/action_assignments'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id),
- json={'action_assignments': action_assignment_mock}
- )
-
-
-def register_rules(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id, 'rules'),
- json={'rules': rules_mock}
- ) \ No newline at end of file
diff --git a/moon_authz/tests/unit_python/requirements.txt b/moon_authz/tests/unit_python/requirements.txt
deleted file mode 100644
index 21975ce3..00000000
--- a/moon_authz/tests/unit_python/requirements.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-flask
-flask_cors
-flask_restful
-python_moondb
-python_moonutilities \ No newline at end of file
diff --git a/moon_authz/tests/unit_python/test_authz.py b/moon_authz/tests/unit_python/test_authz.py
deleted file mode 100644
index 2352fe06..00000000
--- a/moon_authz/tests/unit_python/test_authz.py
+++ /dev/null
@@ -1,116 +0,0 @@
-import json
-import pickle
-import pytest
-
-
-def get_data(data):
- return pickle.loads(data)
-
-
-def get_json(data):
- return json.loads(data.decode("utf-8"))
-
-
-def run(component_data, cache, context):
- from moon_authz.api.authorization import Authz
- authz = Authz(component_data=component_data, cache=cache)
- authz.context = context
- authz.run()
-
-
-def test_authz_true(context):
- import moon_authz.server
- from python_moonutilities.context import Context
- from python_moonutilities.cache import Cache
- server = moon_authz.server.create_server()
- client = server.app.test_client()
- CACHE = Cache()
- CACHE.update()
- print(CACHE.pdp)
- _context = Context(context, CACHE)
- req = client.post("/authz", data=pickle.dumps(_context))
- assert req.status_code == 200
- data = get_data(req.data)
- assert data
- assert isinstance(data, Context)
- policy_id = data.headers[0]
- assert policy_id
- assert "effect" in data.pdp_set[policy_id]
- assert data.pdp_set[policy_id]['effect'] == "grant"
-
-
-def test_user_not_allowed(context):
- import moon_authz.server
- from python_moonutilities.context import Context
- from python_moonutilities.cache import Cache
- server = moon_authz.server.create_server()
- client = server.app.test_client()
- CACHE = Cache()
- CACHE.update()
- context['subject_name'] = "user_not_allowed"
- _context = Context(context, CACHE)
- req = client.post("/authz", data=pickle.dumps(_context))
- assert req.status_code == 400
- data = get_json(req.data)
- assert data
- assert isinstance(data, dict)
- assert "message" in data
- assert data["message"] == "Cannot find subject user_not_allowed"
-
-
-def test_object_not_allowed(context):
- import moon_authz.server
- from python_moonutilities.context import Context
- from python_moonutilities.cache import Cache
- server = moon_authz.server.create_server()
- client = server.app.test_client()
- CACHE = Cache()
- CACHE.update()
- context['subject_name'] = "testuser"
- context['object_name'] = "invalid"
- _context = Context(context, CACHE)
- req = client.post("/authz", data=pickle.dumps(_context))
- assert req.status_code == 400
- data = get_json(req.data)
- assert data
- assert isinstance(data, dict)
- assert "message" in data
- assert data["message"] == "Cannot find object invalid"
-
-
-def test_action_not_allowed(context):
- import moon_authz.server
- from python_moonutilities.context import Context
- from python_moonutilities.cache import Cache
- server = moon_authz.server.create_server()
- client = server.app.test_client()
- CACHE = Cache()
- CACHE.update()
- context['subject_name'] = "testuser"
- context['object_name'] = "vm1"
- context['action_name'] = "invalid"
- _context = Context(context, CACHE)
- req = client.post("/authz", data=pickle.dumps(_context))
- assert req.status_code == 400
- data = get_json(req.data)
- assert data
- assert isinstance(data, dict)
- assert "message" in data
- assert data["message"] == "Cannot find action invalid"
-
-
-def test_authz_with_empty_pdp_set(context):
- from python_moonutilities.context import Context
- from python_moonutilities.cache import Cache
- CACHE = Cache()
- CACHE.update()
- _context = Context(context, CACHE)
- component_data = {
- 'component_id': 'component_id1',
- 'pdp_id': 'pdp_id1',
- 'meta_rule_id': 'meta_rule_id1',
- 'keystone_project_id': 'keystone_project_id1',
- }
- with pytest.raises(Exception) as exception_info:
- run(component_data, CACHE, _context)
- assert str(exception_info.value) == '400: Pdp Unknown'
diff --git a/moon_authz/tests/unit_python/utilities.py b/moon_authz/tests/unit_python/utilities.py
deleted file mode 100644
index e3a111bd..00000000
--- a/moon_authz/tests/unit_python/utilities.py
+++ /dev/null
@@ -1,182 +0,0 @@
-import base64
-import json
-import pytest
-from uuid import uuid4
-
-
-CONF = {
- "openstack": {
- "keystone": {
- "url": "http://keystone:5000/v3",
- "user": "admin",
- "check_token": False,
- "password": "p4ssw0rd",
- "domain": "default",
- "certificate": False,
- "project": "admin"
- }
- },
- "components": {
- "wrapper": {
- "bind": "0.0.0.0",
- "port": 8080,
- "container": "wukongsun/moon_wrapper:v4.3",
- "timeout": 5,
- "hostname": "wrapper"
- },
- "manager": {
- "bind": "0.0.0.0",
- "port": 8082,
- "container": "wukongsun/moon_manager:v4.3",
- "hostname": "manager"
- },
- "port_start": 31001,
- "orchestrator": {
- "bind": "0.0.0.0",
- "port": 8083,
- "container": "wukongsun/moon_orchestrator:v4.3",
- "hostname": "orchestrator"
- },
- "pipeline": {
- "interface": {
- "bind": "0.0.0.0",
- "port": 8080,
- "container": "wukongsun/moon_interface:v4.3",
- "hostname": "interface"
- },
- "authz": {
- "bind": "0.0.0.0",
- "port": 8081,
- "container": "wukongsun/moon_authz:v4.3",
- "hostname": "authz"
- }
- }
- },
- "plugins": {
- "session": {
- "port": 8082,
- "container": "asteroide/session:latest"
- },
- "authz": {
- "port": 8081,
- "container": "wukongsun/moon_authz:v4.3"
- }
- },
- "logging": {
- "handlers": {
- "file": {
- "filename": "/tmp/moon.log",
- "class": "logging.handlers.RotatingFileHandler",
- "level": "DEBUG",
- "formatter": "custom",
- "backupCount": 3,
- "maxBytes": 1048576
- },
- "console": {
- "class": "logging.StreamHandler",
- "formatter": "brief",
- "level": "INFO",
- "stream": "ext://sys.stdout"
- }
- },
- "formatters": {
- "brief": {
- "format": "%(levelname)s %(name)s %(message)-30s"
- },
- "custom": {
- "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s"
- }
- },
- "root": {
- "handlers": [
- "console"
- ],
- "level": "ERROR"
- },
- "version": 1,
- "loggers": {
- "moon": {
- "handlers": [
- "console",
- "file"
- ],
- "propagate": False,
- "level": "DEBUG"
- }
- }
- },
- "slave": {
- "name": None,
- "master": {
- "url": None,
- "login": None,
- "password": None
- }
- },
- "docker": {
- "url": "tcp://172.88.88.1:2376",
- "network": "moon"
- },
- "database": {
- "url": "sqlite:///database.db",
- # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon",
- "driver": "sql"
- },
- "messenger": {
- "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon"
- }
-}
-
-
-CONTEXT = {
- "project_id": "a64beb1cc224474fb4badd43173e7101",
- "subject_name": "testuser",
- "object_name": "vm1",
- "action_name": "boot",
- "request_id": uuid4().hex,
- "interface_name": "interface",
- "manager_url": "http://{}:{}".format(
- CONF["components"]["manager"]["hostname"],
- CONF["components"]["manager"]["port"]
- ),
- "cookie": uuid4().hex,
- "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd",
- "security_pipeline": ["f8f49a779ceb47b3ac810f01ef71b4e0"]
- }
-
-
-COMPONENTS = (
- "logging",
- "openstack/keystone",
- "database",
- "slave",
- "components/manager",
- "components/orchestrator",
- "components/pipeline",
-
- "components/wrapper",
-)
-
-
-def get_b64_conf(component=None):
- if component == "components":
- return base64.b64encode(
- json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8')
- elif component in CONF:
- return base64.b64encode(
- json.dumps(
- CONF[component]).encode('utf-8')+b"\n").decode('utf-8')
- elif not component:
- return base64.b64encode(
- json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8')
- elif "/" in component:
- key1, _, key2 = component.partition("/")
- return base64.b64encode(
- json.dumps(
- CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8')
-
-
-def get_json(data):
- return json.loads(data.decode("utf-8"))
-
-