diff options
| author |   Thomas Duval <thomas.duval@orange.com> | 2018-10-05 16:54:37 +0200 |
|---|---|---|
| committer | Thomas Duval <thomas.duval@orange.com> | 2018-10-05 16:58:48 +0200 |
| commit | 2e35a7e46f0929438c1c206e3116caa829f07dc6 (patch) | |
| tree | 759a83b3dfefe70faeada1c3af7377f4cd89b8eb /python_moondb | |
| parent | 2dbe655587ca98b67c1a3e3798c63fd47229adc0 (diff) | |
Update code to 4.6 official version
Change-Id: Ibd0da0e476e24b2685f54693efc11f7a58d40a62
Diffstat (limited to 'python_moondb')
23 files changed, 2276 insertions, 419 deletions
diff --git a/python_moondb/.gitignore b/python_moondb/.gitignore new file mode 100644 index 00000000..9c29724f --- /dev/null +++ b/python_moondb/.gitignore @@ -0,0 +1,106 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +/tests/unit_python/database.db diff --git a/python_moondb/Changelog b/python_moondb/Changelog index f4feef62..9236c260 100644 --- a/python_moondb/Changelog +++ b/python_moondb/Changelog @@ -106,3 +106,23 @@ CHANGES 1.2.16 ------ - Fix the "key length error" in meta_rule table + +1.2.17 +------ +- adding extra validation for addition and deletion dependencies + +1.2.18 +------ +- adding changelog + +1.2.19 +------ +- adding extra validation for update requests + +1.2.20 +------ +- adding extra validation of rule content +- update validation for category with meta-rule dependencies +- update validation on updating meta-rule +- applying PyLint +- fixing Jira issues related to update policy
\ No newline at end of file diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py index e2e16287..37c9a725 100644 --- a/python_moondb/python_moondb/__init__.py +++ b/python_moondb/python_moondb/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.2.16" +__version__ = "1.2.20" diff --git a/python_moondb/python_moondb/api/keystone.py b/python_moondb/python_moondb/api/keystone.py index 582ae710..57521c36 100644 --- a/python_moondb/python_moondb/api/keystone.py +++ b/python_moondb/python_moondb/api/keystone.py @@ -103,4 +103,3 @@ class KeystoneManager(Managers): _exception=exceptions.KeystoneUserError) except exceptions.KeystoneUserConflict: return True - diff --git a/python_moondb/python_moondb/api/managers.py b/python_moondb/python_moondb/api/managers.py index f500d02e..414725f6 100644 --- a/python_moondb/python_moondb/api/managers.py +++ b/python_moondb/python_moondb/api/managers.py @@ -4,6 +4,7 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. import logging + logger = logging.getLogger("moon.db.api.managers") diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py index c1603b83..4f6c34cb 100644 --- a/python_moondb/python_moondb/api/model.py +++ b/python_moondb/python_moondb/api/model.py @@ -8,6 +8,7 @@ import logging from python_moonutilities import exceptions from python_moonutilities.security_functions import filter_input, enforce from python_moondb.api.managers import Managers +import copy logger = logging.getLogger("moon.db.api.model") @@ -22,10 +23,31 @@ class ModelManager(Managers): def update_model(self, user_id, model_id, value): if model_id not in self.driver.get_models(model_id=model_id): raise exceptions.ModelUnknown + + if not value['name'].strip(): + raise exceptions.ModelContentError('Model name invalid') + + if 'meta_rules' not in value: + raise exceptions.MetaRuleUnknown + + if not value['name']: + raise exceptions.ModelContentError + + model = self.get_models(user_id=user_id, model_id=model_id) + model = model[next(iter(model))] + if ((model['meta_rules'] and value['meta_rules'] and model['meta_rules'] != value[ + 'meta_rules']) \ + or (model['meta_rules'] and not value['meta_rules'])): + policies = Managers.PolicyManager.get_policies(user_id=user_id) + for policy_id in policies: + if policies[policy_id]["model_id"] == model_id: + raise exceptions.DeleteModelWithPolicy + if value and 'meta_rules' in value: for meta_rule_id in value['meta_rules']: if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleUnknown + return self.driver.update_model(model_id=model_id, value=value) @enforce(("read", "write"), "models") @@ -41,14 +63,44 @@ class ModelManager(Managers): @enforce(("read", "write"), "models") def add_model(self, user_id, model_id=None, value=None): - if model_id in self.driver.get_models(model_id=model_id): + + if not value['name']: + raise exceptions.ModelContentError + + if not value['name'].strip(): + raise exceptions.ModelContentError('Model name invalid') + + models = self.driver.get_models() + if model_id in models: raise exceptions.ModelExisting + + for model in models: + if models[model]['name'] == value['name']: + raise exceptions.ModelExisting("Model Name Existed") + same_meta_rule_counter = 0 + for meta_rule_id in models[model]['meta_rules']: + if meta_rule_id in value['meta_rules']: + same_meta_rule_counter += 1 + if same_meta_rule_counter == len(value['meta_rules']) and \ + len(models[model]['meta_rules']) == len(value['meta_rules']): + raise exceptions.ModelExisting("Meta Rules List Existed in another Model") + if not model_id: model_id = uuid4().hex if value and 'meta_rules' in value: for meta_rule_id in value['meta_rules']: - if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + if not meta_rule_id: raise exceptions.MetaRuleUnknown + meta_rule = self.driver.get_meta_rules(meta_rule_id=meta_rule_id) + if not meta_rule: + raise exceptions.MetaRuleUnknown + + meta_rule_content = meta_rule[next(iter(meta_rule))] + if (not meta_rule_content['subject_categories']) or ( + not meta_rule_content['object_categories']) or ( + not meta_rule_content['action_categories']): + raise exceptions.MetaRuleContentError + return self.driver.add_model(model_id=model_id, value=value) @enforce("read", "models") @@ -56,32 +108,64 @@ class ModelManager(Managers): return self.driver.get_models(model_id=model_id) @enforce(("read", "write"), "meta_rules") - def set_meta_rule(self, user_id, meta_rule_id, value): - if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + def update_meta_rule(self, user_id, meta_rule_id, value): + meta_rules=self.driver.get_meta_rules() + if not meta_rule_id or meta_rule_id not in meta_rules: raise exceptions.MetaRuleUnknown + self.__check_meta_rule_dependencies(user_id=user_id, meta_rule_id=meta_rule_id) if value: if 'subject_categories' in value: for subject_category_id in value['subject_categories']: - if not self.driver.get_subject_categories(category_id=subject_category_id): + if not subject_category_id or not self.driver.get_subject_categories( + category_id=subject_category_id): raise exceptions.SubjectCategoryUnknown if 'object_categories' in value: for object_category_id in value['object_categories']: - if not self.driver.get_object_categories(category_id=object_category_id): + if not object_category_id or not self.driver.get_object_categories( + category_id=object_category_id): raise exceptions.ObjectCategoryUnknown if 'action_categories' in value: for action_category_id in value['action_categories']: - if not self.driver.get_action_categories(category_id=action_category_id): + if not action_category_id or not self.driver.get_action_categories( + category_id=action_category_id): raise exceptions.ActionCategoryUnknown + + for meta_rule_obj_id in meta_rules: + counter_matched_list = 0 + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'], + value['subject_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'], + value['object_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'], + value['action_categories']) + if counter_matched_list == 3 and meta_rule_obj_id!=meta_rule_id: + raise exceptions.MetaRuleExisting("Same categories combination existed") + return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) + def __check_meta_rule_dependencies(self, user_id, meta_rule_id): + policies = Managers.PolicyManager.get_policies(user_id=user_id) + for policy_id in policies: + rules = Managers.PolicyManager.get_rules(user_id=user_id, policy_id=policy_id, + meta_rule_id=meta_rule_id) + if len(rules['rules']): + raise exceptions.MetaRuleUpdateError + @enforce("read", "meta_rules") def get_meta_rules(self, user_id, meta_rule_id=None): return self.driver.get_meta_rules(meta_rule_id=meta_rule_id) @enforce(("read", "write"), "meta_rules") def add_meta_rule(self, user_id, meta_rule_id=None, value=None): - if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + + if not value['name']: + raise exceptions.MetaRuleContentError + + meta_rules = self.driver.get_meta_rules() + + if meta_rule_id in meta_rules: raise exceptions.MetaRuleExisting + if value: if 'subject_categories' in value: for subject_category_id in value['subject_categories']: @@ -95,17 +179,43 @@ class ModelManager(Managers): for action_category_id in value['action_categories']: if not self.driver.get_action_categories(category_id=action_category_id): raise exceptions.ActionCategoryUnknown + + for meta_rule_obj_id in meta_rules: + counter_matched_list = 0 + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'], + value['subject_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'], + value['object_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'], + value['action_categories']) + if counter_matched_list == 3: + raise exceptions.MetaRuleExisting("Same categories combination existed") + return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "meta_rules") + def check_combination(self, list_one, list_two): + counter_removed_items = 0 + temp_list_two = copy.deepcopy(list_two) + for item in list_one: + if item in temp_list_two: + temp_list_two.remove(item) + counter_removed_items += 1 + + if counter_removed_items == len(list_two) and len(list_two) == len(list_one) and len(list_two): + return 1 + return 0 + + @enforce(("read", "write"), "meta_rules") def delete_meta_rule(self, user_id, meta_rule_id=None): if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleUnknown # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule models = self.get_models(user_id=user_id) for model_id in models: - if models[model_id]['meta_rules'] == meta_rule_id: - raise exceptions.DeleteMetaRuleWithModel + for id in models[model_id]['meta_rules']: + if id == meta_rule_id: + raise exceptions.DeleteMetaRuleWithModel return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id) @enforce("read", "meta_data") @@ -114,9 +224,16 @@ class ModelManager(Managers): @enforce(("read", "write"), "meta_data") def add_subject_category(self, user_id, category_id=None, value=None): - if category_id in self.driver.get_subject_categories(category_id=category_id): + subject_categories = self.driver.get_subject_categories(category_id=category_id) + + if not value['name']: + raise exceptions.CategoryNameInvalid + + if category_id in subject_categories: raise exceptions.SubjectCategoryExisting - return self.driver.add_subject_category(name=value["name"], description=value["description"], uuid=category_id) + + return self.driver.add_subject_category(name=value["name"], + description=value["description"], uuid=category_id) @enforce(("read", "write"), "meta_data") def delete_subject_category(self, user_id, category_id): @@ -127,13 +244,20 @@ class ModelManager(Managers): meta_rules = self.get_meta_rules(user_id=user_id) for meta_rule_id in meta_rules: for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: - logger.info("delete_subject_category {} {}".format(subject_category_id, meta_rule_id)) + logger.info( + "delete_subject_category {} {}".format(subject_category_id, meta_rule_id)) logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id])) if subject_category_id == category_id: - self.delete_meta_rule(user_id, meta_rule_id) - # raise exceptions.DeleteCategoryWithMetaRule + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteSubjectCategoryWithMetaRule + + if self.driver.is_subject_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + if self.driver.is_subject_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData + return self.driver.delete_subject_category(category_id=category_id) @enforce("read", "meta_data") @@ -142,9 +266,15 @@ class ModelManager(Managers): @enforce(("read", "write"), "meta_data") def add_object_category(self, user_id, category_id=None, value=None): - if category_id in self.driver.get_object_categories(category_id=category_id): + if not value['name']: + raise exceptions.CategoryNameInvalid + + object_categories = self.driver.get_object_categories(category_id=category_id) + if category_id in object_categories: raise exceptions.ObjectCategoryExisting - return self.driver.add_object_category(name=value["name"], description=value["description"], uuid=category_id) + + return self.driver.add_object_category(name=value["name"], description=value["description"], + uuid=category_id) @enforce(("read", "write"), "meta_data") def delete_object_category(self, user_id, category_id): @@ -156,9 +286,16 @@ class ModelManager(Managers): for meta_rule_id in meta_rules: for object_category_id in meta_rules[meta_rule_id]['object_categories']: if object_category_id == category_id: - self.delete_meta_rule(user_id, meta_rule_id) + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteObjectCategoryWithMetaRule + + if self.driver.is_object_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + if self.driver.is_object_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData + return self.driver.delete_object_category(category_id=category_id) @enforce("read", "meta_data") @@ -167,9 +304,16 @@ class ModelManager(Managers): @enforce(("read", "write"), "meta_data") def add_action_category(self, user_id, category_id=None, value=None): - if category_id in self.driver.get_action_categories(category_id=category_id): + + if not value['name']: + raise exceptions.CategoryNameInvalid + + action_categories = self.driver.get_action_categories(category_id=category_id) + if category_id in action_categories: raise exceptions.ActionCategoryExisting - return self.driver.add_action_category(name=value["name"], description=value["description"], uuid=category_id) + + return self.driver.add_action_category(name=value["name"], description=value["description"], + uuid=category_id) @enforce(("read", "write"), "meta_data") def delete_action_category(self, user_id, category_id): @@ -181,7 +325,14 @@ class ModelManager(Managers): for meta_rule_id in meta_rules: for action_category_id in meta_rules[meta_rule_id]['action_categories']: if action_category_id == category_id: - self.delete_meta_rule(user_id, meta_rule_id) + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteActionCategoryWithMetaRule + + if self.driver.is_action_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + if self.driver.is_action_data_exist(category_id=category_id): raise exceptions.DeleteCategoryWithData + return self.driver.delete_action_category(category_id=category_id) diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index 05c2b7d5..03a93ff5 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -8,6 +8,7 @@ import logging from python_moonutilities.security_functions import enforce from python_moondb.api.managers import Managers from python_moonutilities import exceptions + # from python_moondb.core import PDPManager logger = logging.getLogger("moon.db.api.policy") @@ -38,11 +39,49 @@ class PolicyManager(Managers): @enforce(("read", "write"), "policies") def update_policy(self, user_id, policy_id, value): - if policy_id not in self.driver.get_policies(policy_id=policy_id): + + if not value or not value['name']: + raise exceptions.PolicyContentError + + policyList = self.driver.get_policies(policy_id=policy_id) + if not policy_id or policy_id not in policyList: raise exceptions.PolicyUnknown - if value and 'model_id' in value and value['model_id'] != "": + + policies = self.driver.get_policies(policy_name=value['name']) + if len(policies) and not (policy_id in policies): + raise exceptions.PolicyExisting("Policy name Existed") + + if 'model_id' in value and value['model_id']: if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): raise exceptions.ModelUnknown + + policy_obj = policyList[policy_id] + if (policy_obj["model_id"] and value["model_id"] != policy_obj["model_id"]): + + subjects = self.driver.get_subjects(policy_id=policy_id) + if subjects: + raise exceptions.PolicyUpdateError("Policy is used in subject") + objects = self.driver.get_objects(policy_id=policy_id) + if objects: + raise exceptions.PolicyUpdateError("Policy is used in object") + actions = self.driver.get_actions(policy_id=policy_id) + if actions: + raise exceptions.PolicyUpdateError("Policy is used in action") + + rules = self.driver.get_rules(policy_id=policy_id)["rules"] + if rules: + raise exceptions.PolicyUpdateError("Policy is used in rule") + + subject_data = self.get_subject_data(user_id, policy_id=policy_id) + if subject_data and subject_data[0]["data"]: + raise exceptions.PolicyUpdateError("Policy is used in subject_data") + object_data = self.get_object_data(user_id, policy_id=policy_id) + if object_data and object_data[0]["data"]: + raise exceptions.PolicyUpdateError("Policy is used in object_data") + action_data = self.get_action_data(user_id, policy_id=policy_id) + if action_data and action_data[0]["data"]: + raise exceptions.PolicyUpdateError("Policy is used in action_data") + return self.driver.update_policy(policy_id=policy_id, value=value) @enforce(("read", "write"), "policies") @@ -55,15 +94,46 @@ class PolicyManager(Managers): for policy_id in pdps[pdp]['security_pipeline']: if policy_id == policy_id: raise exceptions.DeletePolicyWithPdp + subjects = self.driver.get_subjects(policy_id=policy_id) + if subjects: + raise exceptions.DeletePolicyWithPerimeter + objects = self.driver.get_objects(policy_id=policy_id) + if objects: + raise exceptions.DeletePolicyWithPerimeter + actions = self.driver.get_actions(policy_id=policy_id) + if actions: + raise exceptions.DeletePolicyWithPerimeter + + rules = self.driver.get_rules(policy_id=policy_id)["rules"] + if rules: + raise exceptions.DeletePolicyWithRules + + subject_data = self.get_subject_data(user_id, policy_id=policy_id) + if subject_data and subject_data[0]["data"]: + raise exceptions.DeletePolicyWithData + object_data = self.get_object_data(user_id, policy_id=policy_id) + if object_data and object_data[0]["data"]: + raise exceptions.DeletePolicyWithData + action_data = self.get_action_data(user_id, policy_id=policy_id) + if action_data and action_data[0]["data"]: + raise exceptions.DeletePolicyWithData + return self.driver.delete_policy(policy_id=policy_id) @enforce(("read", "write"), "policies") def add_policy(self, user_id, policy_id=None, value=None): + + if not value or not value['name']: + raise exceptions.PolicyContentError if policy_id in self.driver.get_policies(policy_id=policy_id): raise exceptions.PolicyExisting + + if len(self.driver.get_policies(policy_name=value['name'])): + raise exceptions.PolicyExisting("Policy name Existed") + if not policy_id: policy_id = uuid4().hex - if value and 'model_id' in value and value['model_id'] != "": + if 'model_id' in value and value['model_id'] != "": if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): raise exceptions.ModelUnknown return self.driver.add_policy(policy_id=policy_id, value=value) @@ -74,19 +144,31 @@ class PolicyManager(Managers): @enforce("read", "perimeter") def get_subjects(self, user_id, policy_id, perimeter_id=None): - if not policy_id: - pass - elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + # if not policy_id: + # raise exceptions.PolicyUnknown + if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): raise exceptions.PolicyUnknown return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") def add_subject(self, user_id, policy_id, perimeter_id=None, value=None): + if not value or "name" not in value or not value["name"].strip(): - raise exceptions.PerimeterNameInvalid - if value["name"] in map(lambda x: x['name'], - self.get_subjects(user_id, policy_id, perimeter_id).values()): - raise exceptions.SubjectExisting + raise exceptions.PerimeterContentError('invalid name') + + if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown + + if perimeter_id: + subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id) + if subjects and subjects[perimeter_id]['name'] != value['name']: + raise exceptions.PerimeterContentError + + if not perimeter_id: + subject_per = self.driver.get_subject_by_name(value['name']) + if len(subject_per): + perimeter_id = next(iter(subject_per)) + k_user = Managers.KeystoneManager.get_user_by_name(value.get('name')) if not k_user['users']: k_user = Managers.KeystoneManager.create_user(value) @@ -102,59 +184,192 @@ class PolicyManager(Managers): k_user = Managers.KeystoneManager.get_user_by_name( value.get('name')) perimeter_id = uuid4().hex + value.update(k_user['users'][0]) - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown + return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") + def update_subject(self, user_id, perimeter_id, value): + logger.debug("update_subject perimeter_id = {}".format(perimeter_id)) + + if not perimeter_id: + raise exceptions.SubjectUnknown + + subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id) + if not subjects or not (perimeter_id in subjects): + raise exceptions.PerimeterContentError + + if 'policy_list' in value or ('name' in value and not value['name']): + raise exceptions.PerimeterContentError + + return self.driver.update_subject(perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") def delete_subject(self, user_id, policy_id, perimeter_id): - if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + + if not perimeter_id: + raise exceptions.SubjectUnknown + + if not policy_id: + raise exceptions.PolicyUnknown + + if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): + raise exceptions.SubjectUnknown + + if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + + subj_assig = self.driver.get_subject_assignments(policy_id=policy_id, + subject_id=perimeter_id) + if subj_assig: + raise exceptions.DeletePerimeterWithAssignment + return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "perimeter") def get_objects(self, user_id, policy_id, perimeter_id=None): - if not policy_id: - pass - elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + # if not policy_id: + # pass + if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): raise exceptions.PolicyUnknown return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") def add_object(self, user_id, policy_id, perimeter_id=None, value=None): - if not self.get_policies(user_id=user_id, policy_id=policy_id): + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterContentError('invalid name') + + if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): raise exceptions.PolicyUnknown + + if perimeter_id: + object_perimeter = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id) + if not object_perimeter: + raise exceptions.PerimeterContentError + + if not perimeter_id: + object_perimeter = self.driver.get_object_by_name(value['name']) + if len(object_perimeter): + perimeter_id = next(iter(object_perimeter)) + + if perimeter_id and object_perimeter[perimeter_id]['name'] != value['name']: + raise exceptions.PerimeterContentError + if not perimeter_id: perimeter_id = uuid4().hex return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") + def update_object(self, user_id, perimeter_id, value): + logger.debug("update_object perimeter_id = {}".format(perimeter_id)) + + if not perimeter_id: + raise exceptions.ObjectUnknown + + objects = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id) + if not objects or not (perimeter_id in objects): + raise exceptions.PerimeterContentError + + if 'policy_list' in value or ('name' in value and not value['name']): + raise exceptions.PerimeterContentError + + return self.driver.update_object(perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") def delete_object(self, user_id, policy_id, perimeter_id): - if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + + if not perimeter_id: + raise exceptions.ObjectUnknown + + if not policy_id: raise exceptions.PolicyUnknown + + if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): + raise exceptions.ObjectUnknown + + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown + + obj_assig = self.driver.get_object_assignments(policy_id=policy_id, object_id=perimeter_id) + if obj_assig: + raise exceptions.DeletePerimeterWithAssignment + return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "perimeter") def get_actions(self, user_id, policy_id, perimeter_id=None): - if not policy_id: - pass - elif not (policy_id and self.get_policies(user_id=user_id, policy_id=policy_id)): + # if not policy_id: + # pass + if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): raise exceptions.PolicyUnknown return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id) @enforce(("read", "write"), "perimeter") def add_action(self, user_id, policy_id, perimeter_id=None, value=None): logger.debug("add_action {}".format(policy_id)) - if not self.get_policies(user_id=user_id, policy_id=policy_id): + + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterContentError('invalid name') + + if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): raise exceptions.PolicyUnknown + + if perimeter_id: + action_perimeter = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id) + if not action_perimeter: + raise exceptions.PerimeterContentError + + if not perimeter_id: + action_perimeter = self.driver.get_action_by_name(value['name']) + if len(action_perimeter): + perimeter_id = next(iter(action_perimeter)) + + if perimeter_id and action_perimeter[perimeter_id]['name'] != value['name']: + raise exceptions.PerimeterContentError + + if not perimeter_id: + perimeter_id = uuid4().hex + return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") + def update_action(self, user_id, perimeter_id, value): + logger.debug("update_action perimeter_id = {}".format(perimeter_id)) + + if not perimeter_id: + raise exceptions.ActionUnknown + + actions = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id) + if not actions or not (perimeter_id in actions): + raise exceptions.PerimeterContentError + + if 'policy_list' in value or ('name' in value and not value['name']): + raise exceptions.PerimeterContentError + + return self.driver.update_action(perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") def delete_action(self, user_id, policy_id, perimeter_id): - logger.debug("delete_action {}Â {}Â {}".format(policy_id, perimeter_id, self.get_policies(user_id=user_id, policy_id=policy_id))) - if policy_id and not self.get_policies(user_id=user_id, policy_id=policy_id): + + if not perimeter_id: + raise exceptions.ActionUnknown + + if not policy_id: + raise exceptions.PolicyUnknown + + if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): + raise exceptions.ActionUnknown + + logger.debug("delete_action {}Â {}Â {}".format(policy_id, perimeter_id, + self.get_policies(user_id=user_id, + policy_id=policy_id))) + if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown + + act_assig = self.driver.get_action_assignments(policy_id=policy_id, action_id=perimeter_id) + if act_assig: + raise exceptions.DeletePerimeterWithAssignment return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id) @enforce("read", "data") @@ -172,23 +387,27 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): - if not category_id: - raise Exception('Invalid category id') - if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id): - raise exceptions.MetaDataUnknown - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown + if not category_id or ( + not Managers.ModelManager.get_subject_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.SubjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories') + if not data_id: data_id = uuid4().hex - return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) + return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, + category_id=category_id, value=value) @enforce(("read", "write"), "data") - def delete_subject_data(self, user_id, policy_id, data_id): + def delete_subject_data(self, user_id, policy_id, data_id, category_id=None): # TODO (asteroide): check and/or delete assignments linked to that data - subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id, subject_id=data_id) + subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id, + category_id=category_id) if subject_assignments: raise exceptions.DeleteData - return self.driver.delete_subject_data(policy_id=policy_id, data_id=data_id) + return self.driver.delete_subject_data(policy_id=policy_id, category_id=category_id, + data_id=data_id) @enforce("read", "data") def get_object_data(self, user_id, policy_id, data_id=None, category_id=None): @@ -205,23 +424,28 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): - if not category_id: - raise Exception('Invalid category id') - if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id): - raise exceptions.MetaDataUnknown - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown + + if not category_id or ( + not Managers.ModelManager.get_object_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ObjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories') + if not data_id: data_id = uuid4().hex - return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) + return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, + category_id=category_id, value=value) @enforce(("read", "write"), "data") - def delete_object_data(self, user_id, policy_id, data_id): + def delete_object_data(self, user_id, policy_id, data_id, category_id=None): # TODO (asteroide): check and/or delete assignments linked to that data - object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id, object_id=data_id) + object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id, + category_id=category_id) if object_assignments: raise exceptions.DeleteData - return self.driver.delete_object_data(policy_id=policy_id, data_id=data_id) + return self.driver.delete_object_data(policy_id=policy_id, category_id=category_id, + data_id=data_id) @enforce("read", "data") def get_action_data(self, user_id, policy_id, data_id=None, category_id=None): @@ -238,38 +462,53 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): - if not category_id: - raise Exception('Invalid category id') - if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id): - raise exceptions.MetaDataUnknown - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown + if not category_id or ( + not Managers.ModelManager.get_action_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ActionCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories') + if not data_id: data_id = uuid4().hex - return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) + return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, + category_id=category_id, value=value) @enforce(("read", "write"), "data") - def delete_action_data(self, user_id, policy_id, data_id): + def delete_action_data(self, user_id, policy_id, data_id, category_id=None): # TODO (asteroide): check and/or delete assignments linked to that data - action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id, action_id=data_id) + action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id, + category_id=category_id) if action_assignments: raise exceptions.DeleteData - return self.driver.delete_action_data(policy_id=policy_id, data_id=data_id) + return self.driver.delete_action_data(policy_id=policy_id, category_id=category_id, + data_id=data_id) @enforce("read", "assignments") def get_subject_assignments(self, user_id, policy_id, subject_id=None, category_id=None): - return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id, category_id=category_id) + return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) @enforce(("read", "write"), "assignments") def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=subject_id): + + if not category_id or ( + not Managers.ModelManager.get_subject_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.SubjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories') + + if not subject_id or ( + not self.get_subjects(user_id=user_id, policy_id=policy_id, + perimeter_id=subject_id)): raise exceptions.SubjectUnknown - if not Managers.ModelManager.get_subject_categories(user_id=user_id, category_id=category_id): - raise exceptions.MetaDataUnknown - if not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + + if not data_id or ( + not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id, + category_id=category_id)): raise exceptions.DataUnknown + return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id, category_id=category_id, data_id=data_id) @@ -280,18 +519,28 @@ class PolicyManager(Managers): @enforce("read", "assignments") def get_object_assignments(self, user_id, policy_id, object_id=None, category_id=None): - return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id, category_id=category_id) + return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id, + category_id=category_id) @enforce(("read", "write"), "assignments") def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id): + + if not category_id or ( + not Managers.ModelManager.get_object_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ObjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories') + + if not object_id or ( + not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id)): raise exceptions.ObjectUnknown - if not Managers.ModelManager.get_object_categories(user_id=user_id, category_id=category_id): - raise exceptions.MetaDataUnknown - if not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + + if not data_id or ( + not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id, + category_id=category_id)): raise exceptions.DataUnknown + return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id, category_id=category_id, data_id=data_id) @@ -302,18 +551,28 @@ class PolicyManager(Managers): @enforce("read", "assignments") def get_action_assignments(self, user_id, policy_id, action_id=None, category_id=None): - return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id, category_id=category_id) + return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id, + category_id=category_id) @enforce(("read", "write"), "assignments") def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id): + + if not category_id or ( + not Managers.ModelManager.get_action_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ActionCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories') + + if not action_id or ( + not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id)): raise exceptions.ActionUnknown - if not Managers.ModelManager.get_action_categories(user_id=user_id, category_id=category_id): - raise exceptions.MetaDataUnknown - if not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id): + + if not data_id or ( + not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id, + category_id=category_id)): raise exceptions.DataUnknown + return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id, category_id=category_id, data_id=data_id) @@ -324,17 +583,100 @@ class PolicyManager(Managers): @enforce("read", "rules") def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None): - return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, rule_id=rule_id) - logger.info("delete_subject_data: {} {}".format(policy_id, data_id)) + return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, + rule_id=rule_id) @enforce(("read", "write"), "rules") def add_rule(self, user_id, policy_id, meta_rule_id, value): - if not self.get_policies(user_id=user_id, policy_id=policy_id): - raise exceptions.PolicyUnknown - if not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id): + if not meta_rule_id or ( + not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)): raise exceptions.MetaRuleUnknown + + self.__check_existing_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, user_id=user_id, + rule_value=value) + self.__dependencies_validation(user_id, policy_id, meta_rule_id) + return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + def __check_existing_rule(self, user_id, policy_id, meta_rule_id, rule_value): + + if not meta_rule_id: + raise exceptions.MetaRuleUnknown + + meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) + if not meta_rule: + raise exceptions.MetaRuleUnknown + + if len(meta_rule[meta_rule_id]['subject_categories']) + len( + meta_rule[meta_rule_id]['object_categories']) \ + + len(meta_rule[meta_rule_id]['action_categories']) > len(rule_value['rule']): + raise exceptions.RuleContentError(message="Missing Data") + + if len(meta_rule[meta_rule_id]['subject_categories']) + len( + meta_rule[meta_rule_id]['object_categories']) \ + + len(meta_rule[meta_rule_id]['action_categories']) < len(rule_value['rule']): + raise exceptions.MetaRuleContentError(message="Missing Data") + + temp_rule_data = list( + rule_value['rule'][0:len(meta_rule[meta_rule_id]['subject_categories'])]) + found_data_counter = 0 + start_sub = len(meta_rule[meta_rule_id]['subject_categories']) + + for sub_cat_id in meta_rule[meta_rule_id]['subject_categories']: + subjects_data = self.get_subject_data(user_id=user_id, + category_id=sub_cat_id, policy_id=policy_id) + found_data_counter = self.__validate_data_id(sub_cat_id, subjects_data[0]['data'], + temp_rule_data, + "Missing Subject_category " + , found_data_counter) + + if found_data_counter != len(meta_rule[meta_rule_id]['subject_categories']): + raise exceptions.RuleContentError(message="Missing Data") + + temp_rule_data = list( + rule_value['rule'][ + start_sub:start_sub + len(meta_rule[meta_rule_id]['object_categories'])]) + found_data_counter = 0 + start_sub = start_sub + len(meta_rule[meta_rule_id]['object_categories']) + + for ob_cat_id in meta_rule[meta_rule_id]['object_categories']: + object_data = self.get_object_data(user_id=user_id, + category_id=ob_cat_id, policy_id=policy_id) + + found_data_counter = self.__validate_data_id(ob_cat_id, object_data[0]['data'], + temp_rule_data, + "Missing Object_category ", + found_data_counter) + + if found_data_counter != len(meta_rule[meta_rule_id]['object_categories']): + raise exceptions.RuleContentError(message="Missing Data") + + temp_rule_data = list( + rule_value['rule'][ + start_sub:start_sub + len(meta_rule[meta_rule_id]['action_categories'])]) + found_data_counter = 0 + + for act_cat_id in meta_rule[meta_rule_id]['action_categories']: + action_data = self.get_action_data(user_id=user_id, category_id=act_cat_id, + policy_id=policy_id) + found_data_counter = self.__validate_data_id(act_cat_id, action_data[0]['data'], + temp_rule_data, + "Missing Action_category ", + found_data_counter) + + if found_data_counter != len(meta_rule[meta_rule_id]['action_categories']): + raise exceptions.RuleContentError(message="Missing Data") + + def __validate_data_id(self, cat_id, data_ids, temp_rule_data, error_msg, found_data_counter): + for ID in data_ids: + if ID in temp_rule_data: + temp_rule_data.remove(ID) + found_data_counter += 1 + # if no data id found in the rule, so rule not valid + if found_data_counter < 1: + raise exceptions.RuleContentError(message=error_msg + cat_id) + return found_data_counter + @enforce(("read", "write"), "rules") def delete_rule(self, user_id, policy_id, rule_id): return self.driver.delete_rule(policy_id=policy_id, rule_id=rule_id) @@ -354,9 +696,56 @@ class PolicyManager(Managers): try: meta_rule_list = model[model_id]["meta_rules"] for meta_rule_id in meta_rule_list: - meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) + meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id, + meta_rule_id=meta_rule_id) categories["subject"].extend(meta_rule[meta_rule_id]["subject_categories"]) categories["object"].extend(meta_rule[meta_rule_id]["object_categories"]) categories["action"].extend(meta_rule[meta_rule_id]["action_categories"]) finally: return categories + + def __dependencies_validation(self, user_id, policy_id, meta_rule_id=None): + + policies = self.get_policies(user_id=user_id, policy_id=policy_id) + if not policy_id or (not policies): + raise exceptions.PolicyUnknown + + policy_content = policies[next(iter(policies))] + model_id = policy_content['model_id'] + models = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id) + if not model_id or not models: + raise exceptions.ModelUnknown + + model_content = models[next(iter(models))] + if meta_rule_id: + meta_rule_exists = False + + for model_meta_rule_id in model_content['meta_rules']: + if model_meta_rule_id == meta_rule_id: + meta_rule_exists = True + break + + if not meta_rule_exists: + raise exceptions.MetaRuleNotLinkedWithPolicyModel + + meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) + meta_rule_content = meta_rule[next(iter(meta_rule))] + if (not meta_rule_content['subject_categories']) or ( + not meta_rule_content['object_categories']) or ( + not meta_rule_content['action_categories']): + raise exceptions.MetaRuleContentError + return model_content + + def __category_dependency_validation(self, user_id, policy_id, category_id, category_key): + model = self.__dependencies_validation(user_id=user_id, policy_id=policy_id) + category_found = False + for model_meta_rule_id in model['meta_rules']: + meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, + meta_rule_id=model_meta_rule_id) + meta_rule_content = meta_rule[next(iter(meta_rule))] + if meta_rule_content[category_key] and category_id in meta_rule_content[category_key]: + category_found = True + break + + if not category_found: + raise exceptions.CategoryNotAssignedMetaRule diff --git a/python_moondb/python_moondb/backends/__init__.py b/python_moondb/python_moondb/backends/__init__.py index 237bdc3e..6f1cd3d5 100644 --- a/python_moondb/python_moondb/backends/__init__.py +++ b/python_moondb/python_moondb/backends/__init__.py @@ -1,4 +1,3 @@ - """ intra_extensions = { intra_extension_id1: { @@ -94,4 +93,4 @@ rules = { ...}, sub_meta_rule_id2: { }, ...} -"""
\ No newline at end of file +""" diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py index 7310e7f3..d25586ba 100644 --- a/python_moondb/python_moondb/backends/sql.py +++ b/python_moondb/python_moondb/backends/sql.py @@ -20,7 +20,8 @@ import sqlalchemy logger = logging.getLogger("moon.db.driver.sql") Base = declarative_base() -DEBUG = True if configuration.get_configuration("logging")['logging']['loggers']['moon']['level'] == "DEBUG" else False +DEBUG = True if configuration.get_configuration("logging")['logging']['loggers']['moon'][ + 'level'] == "DEBUG" else False class DictBase: @@ -50,7 +51,6 @@ class DictBase: class JsonBlob(sql_types.TypeDecorator): - impl = sql.Text def process_bind_param(self, value, dialect): @@ -174,6 +174,7 @@ class PerimeterDataBase(DictBase): id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(256), nullable=False) value = sql.Column(JsonBlob(), nullable=True) + @declared_attr def policy_id(cls): return sql.Column(sql.ForeignKey("policies.id"), nullable=False) @@ -254,10 +255,11 @@ class ActionAssignment(Base, PerimeterAssignmentBase): class MetaRule(Base, DictBase): __tablename__ = 'meta_rules' - attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', 'value'] + attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', + 'value'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(256), nullable=False) - subject_categories = sql.Column(JsonBlob(), nullable=True) + subject_categories = sql.Column(JsonBlob(), nullable=True) object_categories = sql.Column(JsonBlob(), nullable=True) action_categories = sql.Column(JsonBlob(), nullable=True) value = sql.Column(JsonBlob(), nullable=True) @@ -353,8 +355,10 @@ class PDPConnector(BaseConnector, PDPDriver): d.update(value_wo_name) setattr(ref, "value", d) return {ref.id: ref.to_dict()} - except sqlalchemy.exc.IntegrityError: - raise exceptions.PdpExisting + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PdpExisting + raise error def delete_pdp(self, pdp_id): with self.get_session_for_write() as session: @@ -375,8 +379,10 @@ class PDPConnector(BaseConnector, PDPDriver): }) session.add(new) return {new.id: new.to_dict()} - except sqlalchemy.exc.IntegrityError: - raise exceptions.PdpExisting + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PdpExisting + raise error def get_pdp(self, pdp_id=None): with self.get_session_for_read() as session: @@ -390,20 +396,27 @@ class PDPConnector(BaseConnector, PDPDriver): class PolicyConnector(BaseConnector, PolicyDriver): def update_policy(self, policy_id, value): - with self.get_session_for_write() as session: - query = session.query(Policy) - query = query.filter_by(id=policy_id) - ref = query.first() - if ref: - value_wo_other_info = copy.deepcopy(value) - value_wo_other_info.pop("name", None) - value_wo_other_info.pop("model_id", None) - ref.name = value["name"] - ref.model_id= value["model_id"] - d = dict(ref.value) - d.update(value_wo_other_info) - setattr(ref, "value", d) - return {ref.id: ref.to_dict()} + try: + with self.get_session_for_write() as session: + query = session.query(Policy) + query = query.filter_by(id=policy_id) + ref = query.first() + + if ref: + value_wo_other_info = copy.deepcopy(value) + value_wo_other_info.pop("name", None) + value_wo_other_info.pop("model_id", None) + ref.name = value["name"] + ref.model_id = value["model_id"] + d = dict(ref.value) + d.update(value_wo_other_info) + setattr(ref, "value", d) + return {ref.id: ref.to_dict()} + + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PolicyExisting + raise error def delete_policy(self, policy_id): with self.get_session_for_write() as session: @@ -411,40 +424,49 @@ class PolicyConnector(BaseConnector, PolicyDriver): session.delete(ref) def add_policy(self, policy_id=None, value=None): - with self.get_session_for_write() as session: - value_wo_other_info = copy.deepcopy(value) - value_wo_other_info.pop("name", None) - value_wo_other_info.pop("model_id", None) - new = Policy.from_dict({ - "id": policy_id if policy_id else uuid4().hex, - "name": value["name"], - "model_id": value.get("model_id", ""), - "value": value_wo_other_info - }) - session.add(new) - return {new.id: new.to_dict()} + try: + with self.get_session_for_write() as session: + value_wo_other_info = copy.deepcopy(value) + value_wo_other_info.pop("name", None) + value_wo_other_info.pop("model_id", None) + new = Policy.from_dict({ + "id": policy_id if policy_id else uuid4().hex, + "name": value["name"], + "model_id": value.get("model_id", ""), + "value": value_wo_other_info + }) + session.add(new) + return {new.id: new.to_dict()} - def get_policies(self, policy_id=None): + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PolicyExisting + raise error + + def get_policies(self, policy_id=None, policy_name=None): with self.get_session_for_read() as session: query = session.query(Policy) if policy_id: query = query.filter_by(id=policy_id) + elif policy_name: + query = query.filter_by(name=policy_name) + ref_list = query.all() return {_ref.id: _ref.to_dict() for _ref in ref_list} def __get_perimeters(self, ClassType, policy_id, perimeter_id=None): + # if not policy_id: + # raise exceptions.PolicyUnknown + with self.get_session_for_read() as session: query = session.query(ClassType) - ref_list = copy.deepcopy(query.all()) + if perimeter_id: - for _ref in ref_list: - _ref_value = _ref.to_return() - if perimeter_id == _ref.id: - if policy_id and policy_id in _ref_value["policy_list"]: - return {_ref.id: _ref_value} - else: - return {} - elif policy_id: + query = query.filter_by(id=perimeter_id) + + ref_list = copy.deepcopy(query.all()) + + if policy_id: results = [] for _ref in ref_list: _ref_value = _ref.to_return() @@ -453,9 +475,48 @@ class PolicyConnector(BaseConnector, PolicyDriver): return {_ref.id: _ref.to_return() for _ref in results} return {_ref.id: _ref.to_return() for _ref in ref_list} - def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, value=None): + def __get_perimeter_by_name(self, ClassType, perimeter_name): + # if not policy_id: + # raise exceptions.PolicyUnknown + with self.get_session_for_read() as session: + query = session.query(ClassType) + if not perimeter_name or not perimeter_name.strip(): + raise exceptions.PerimeterContentError('invalid name') + query = query.filter_by(name=perimeter_name) + ref_list = copy.deepcopy(query.all()) + return {_ref.id: _ref.to_return() for _ref in ref_list} + + def __update_perimeter(self, class_type, class_type_exception, perimeter_id, value): + if not perimeter_id: + return exceptions.PerimeterContentError + with self.get_session_for_write() as session: + query = session.query(class_type) + query = query.filter_by(id=perimeter_id) + _perimeter = query.first() + if not _perimeter: + raise class_type_exception + temp_perimeter = copy.deepcopy(_perimeter.to_dict()) + if 'name' in value: + temp_perimeter['value']['name'] = value['name'] + if 'description' in value: + temp_perimeter['value']['description'] = value['description'] + if 'extra' in value: + temp_perimeter['value']['extra'] = value['extra'] + name = temp_perimeter['value']['name'] + temp_perimeter['value'].pop("name", None) + new_perimeter = class_type.from_dict({ + "id": temp_perimeter["id"], + "name": name, + "value": temp_perimeter["value"] + }) + _perimeter.value = new_perimeter.value + _perimeter.name = new_perimeter.name + return {_perimeter.id: _perimeter.to_return()} + + def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, + value=None): if not value or "name" not in value or not value["name"].strip(): - raise exceptions.PerimeterNameInvalid + raise exceptions.PerimeterContentError('invalid name') with self.get_session_for_write() as session: _perimeter = None if perimeter_id: @@ -485,10 +546,16 @@ class PolicyConnector(BaseConnector, PolicyDriver): return {new.id: new.to_return()} else: _value = copy.deepcopy(_perimeter.to_dict()) - if "policy_list" not in _value["value"] or type(_value["value"]["policy_list"]) is not list: + if "policy_list" not in _value["value"] or type( + _value["value"]["policy_list"]) is not list: _value["value"]["policy_list"] = [] if policy_id and policy_id not in _value["value"]["policy_list"]: _value["value"]["policy_list"].append(policy_id) + else: + if policy_id: + raise exceptions.PolicyExisting + raise exceptions.PerimeterContentError + _value["value"].update(value) name = _value["value"]["name"] @@ -513,7 +580,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): try: old_perimeter["value"]["policy_list"].remove(policy_id) new_perimeter = ClassType.from_dict(old_perimeter) - setattr(_perimeter, "value", getattr(new_perimeter, "value")) + if not new_perimeter.value["policy_list"]: + session.delete(_perimeter) + else: + setattr(_perimeter, "value", getattr(new_perimeter, "value")) except ValueError: if not _perimeter.value["policy_list"]: session.delete(_perimeter) @@ -521,11 +591,25 @@ class PolicyConnector(BaseConnector, PolicyDriver): def get_subjects(self, policy_id, perimeter_id=None): return self.__get_perimeters(Subject, policy_id, perimeter_id) + def get_subject_by_name(self, perimeter_name): + return self.__get_perimeter_by_name(Subject, perimeter_name) + def set_subject(self, policy_id, perimeter_id=None, value=None): try: - return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value) - except sqlalchemy.exc.IntegrityError: - raise exceptions.SubjectExisting + return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id, + perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectExisting + raise error + + def update_subject(self, perimeter_id, value): + try: + return self.__update_perimeter(Subject, exceptions.SubjectExisting, perimeter_id, value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectExisting + raise error def delete_subject(self, policy_id, perimeter_id): self.__delete_perimeter(Subject, exceptions.SubjectUnknown, policy_id, perimeter_id) @@ -533,12 +617,26 @@ class PolicyConnector(BaseConnector, PolicyDriver): def get_objects(self, policy_id, perimeter_id=None): return self.__get_perimeters(Object, policy_id, perimeter_id) + def get_object_by_name(self, perimeter_name): + return self.__get_perimeter_by_name(Object, perimeter_name) + def set_object(self, policy_id, perimeter_id=None, value=None): try: - return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value) - except sqlalchemy.exc.IntegrityError as e: - logger.exception("IntegrityError {}".format(e)) - raise exceptions.ObjectExisting + return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id, + perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + logger.exception("IntegrityError {}".format(error)) + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectExisting + raise error + + def update_object(self, perimeter_id, value): + try: + return self.__update_perimeter(Object, exceptions.ObjectExisting, perimeter_id, value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectExisting + raise error def delete_object(self, policy_id, perimeter_id): self.__delete_perimeter(Object, exceptions.ObjectUnknown, policy_id, perimeter_id) @@ -546,18 +644,31 @@ class PolicyConnector(BaseConnector, PolicyDriver): def get_actions(self, policy_id, perimeter_id=None): return self.__get_perimeters(Action, policy_id, perimeter_id) + def get_action_by_name(self, perimeter_name): + return self.__get_perimeter_by_name(Action, perimeter_name) + def set_action(self, policy_id, perimeter_id=None, value=None): try: - return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id, perimeter_id=perimeter_id, value=value) - except sqlalchemy.exc.IntegrityError: - raise exceptions.ActionExisting + return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id, + perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionExisting + raise error + + def update_action(self, perimeter_id, value): + try: + return self.__update_perimeter(Action, exceptions.ActionExisting, perimeter_id, value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionExisting + raise error def delete_action(self, policy_id, perimeter_id): self.__delete_perimeter(Action, exceptions.ActionUnknown, policy_id, perimeter_id) - def __is_data_exist(self, ClassType, data_id=None, category_id=None): - if not data_id: - return False + def __is_data_exist(self, ClassType, category_id=None): + with self.get_session_for_read() as session: query = session.query(ClassType) query = query.filter_by(category_id=category_id) @@ -573,8 +684,13 @@ class PolicyConnector(BaseConnector, PolicyDriver): query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) elif policy_id and category_id: query = query.filter_by(policy_id=policy_id, category_id=category_id) - else: + elif category_id: query = query.filter_by(category_id=category_id) + elif policy_id: + query = query.filter_by(policy_id=policy_id) + else: + raise exceptions.PolicyUnknown + ref_list = query.all() return { "policy_id": policy_id, @@ -582,7 +698,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): "data": {_ref.id: _ref.to_dict() for _ref in ref_list} } - def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, value=None): + def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, + value=None): with self.get_session_for_write() as session: query = session.query(ClassTypeData) query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) @@ -612,65 +729,81 @@ class PolicyConnector(BaseConnector, PolicyDriver): "data": {ref.id: ref.to_dict()} } - def __delete_data(self, ClassType, policy_id, data_id): + def __delete_data(self, ClassType, policy_id, category_id, data_id): + + if not data_id: + raise exceptions.DataUnknown with self.get_session_for_write() as session: query = session.query(ClassType) - query = query.filter_by(policy_id=policy_id, id=data_id) + if category_id: + query = query.filter_by(policy_id=policy_id, category_id=category_id, id=data_id) + else: + query = query.filter_by(policy_id=policy_id, id=data_id) ref = query.first() if ref: session.delete(ref) - def is_subject_data_exist(self, data_id=None, category_id=None): - return self.__is_data_exist(SubjectData, data_id=data_id, category_id=category_id) + def is_subject_data_exist(self, category_id=None): + return self.__is_data_exist(SubjectData, category_id=category_id) def get_subject_data(self, policy_id, data_id=None, category_id=None): return self.__get_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None): try: - return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value) - except sqlalchemy.exc.IntegrityError: - raise exceptions.SubjectScopeExisting + return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id, + category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectScopeExisting + raise error - def delete_subject_data(self, policy_id, data_id): - return self.__delete_data(SubjectData, policy_id, data_id) + def delete_subject_data(self, policy_id, category_id, data_id): + return self.__delete_data(SubjectData, policy_id, category_id, data_id) - def is_object_data_exist(self, data_id=None, category_id=None): - return self.__is_data_exist(ObjectData, data_id=data_id, category_id=category_id) + def is_object_data_exist(self, category_id=None): + return self.__is_data_exist(ObjectData, category_id=category_id) def get_object_data(self, policy_id, data_id=None, category_id=None): return self.__get_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) def set_object_data(self, policy_id, data_id=None, category_id=None, value=None): try: - return self.__set_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value) - except sqlalchemy.exc.IntegrityError: - raise exceptions.ObjectScopeExisting + return self.__set_data(Object, ObjectData, policy_id, data_id=data_id, + category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectScopeExisting + raise error - def delete_object_data(self, policy_id, data_id): - return self.__delete_data(ObjectData, policy_id, data_id) + def delete_object_data(self, policy_id, category_id, data_id): + return self.__delete_data(ObjectData, policy_id, category_id, data_id) - def is_action_data_exist(self, data_id=None,category_id=None): - return self.__is_data_exist(ActionData, data_id=data_id, category_id=category_id) + def is_action_data_exist(self, category_id=None): + return self.__is_data_exist(ActionData, category_id=category_id) def get_action_data(self, policy_id, data_id=None, category_id=None): return self.__get_data(ActionData, policy_id, data_id=data_id, category_id=category_id) def set_action_data(self, policy_id, data_id=None, category_id=None, value=None): try: - return self.__set_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value) - except sqlalchemy.exc.IntegrityError: - raise exceptions.ActionScopeExisting + return self.__set_data(Action, ActionData, policy_id, data_id=data_id, + category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionScopeExisting + raise error - def delete_action_data(self, policy_id, data_id): - return self.__delete_data(ActionData, policy_id, data_id) + def delete_action_data(self, policy_id, category_id, data_id): + return self.__delete_data(ActionData, policy_id, category_id, data_id) def get_subject_assignments(self, policy_id, subject_id=None, category_id=None): with self.get_session_for_write() as session: query = session.query(SubjectAssignment) if subject_id and category_id: - #TODO change the subject_id to perimeter_id to allow code refactoring - query = query.filter_by(policy_id=policy_id, subject_id=subject_id, category_id=category_id) + # TODO change the subject_id to perimeter_id to allow code refactoring + query = query.filter_by(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) elif subject_id: query = query.filter_by(policy_id=policy_id, subject_id=subject_id) else: @@ -681,7 +814,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): def add_subject_assignment(self, policy_id, subject_id, category_id, data_id): with self.get_session_for_write() as session: query = session.query(SubjectAssignment) - query = query.filter_by(policy_id=policy_id, subject_id=subject_id, category_id=category_id) + query = query.filter_by(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) ref = query.first() if ref: old_ref = copy.deepcopy(ref.to_dict()) @@ -704,10 +838,27 @@ class PolicyConnector(BaseConnector, PolicyDriver): session.add(ref) return {ref.id: ref.to_dict()} + def is_subject_category_has_assignment(self, category_id): + return self.__is_category_has_assignment(SubjectAssignment, category_id) + + def is_object_category_has_assignment(self, category_id): + return self.__is_category_has_assignment(ObjectAssignment, category_id) + + def is_action_category_has_assignment(self, category_id): + return self.__is_category_has_assignment(ActionAssignment, category_id) + + def __is_category_has_assignment(self, ClassType, category_id): + with self.get_session_for_write() as session: + query = session.query(ClassType) + query = query.filter_by(category_id=category_id) + count = query.count() + return count > 0 + def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id): with self.get_session_for_write() as session: query = session.query(SubjectAssignment) - query = query.filter_by(policy_id=policy_id, subject_id=subject_id, category_id=category_id) + query = query.filter_by(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) ref = query.first() if ref: old_ref = copy.deepcopy(ref.to_dict()) @@ -724,8 +875,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): with self.get_session_for_write() as session: query = session.query(ObjectAssignment) if object_id and category_id: - #TODO change the object_id to perimeter_id to allow code refactoring - query = query.filter_by(policy_id=policy_id, object_id=object_id, category_id=category_id) + # TODO change the object_id to perimeter_id to allow code refactoring + query = query.filter_by(policy_id=policy_id, object_id=object_id, + category_id=category_id) elif object_id: query = query.filter_by(policy_id=policy_id, object_id=object_id) else: @@ -736,7 +888,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): def add_object_assignment(self, policy_id, object_id, category_id, data_id): with self.get_session_for_write() as session: query = session.query(ObjectAssignment) - query = query.filter_by(policy_id=policy_id, object_id=object_id, category_id=category_id) + query = query.filter_by(policy_id=policy_id, object_id=object_id, + category_id=category_id) ref = query.first() if ref: old_ref = copy.deepcopy(ref.to_dict()) @@ -762,7 +915,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_object_assignment(self, policy_id, object_id, category_id, data_id): with self.get_session_for_write() as session: query = session.query(ObjectAssignment) - query = query.filter_by(policy_id=policy_id, object_id=object_id, category_id=category_id) + query = query.filter_by(policy_id=policy_id, object_id=object_id, + category_id=category_id) ref = query.first() if ref: old_ref = copy.deepcopy(ref.to_dict()) @@ -777,12 +931,17 @@ class PolicyConnector(BaseConnector, PolicyDriver): def get_action_assignments(self, policy_id, action_id=None, category_id=None): with self.get_session_for_write() as session: + if not policy_id: + return exceptions.PolicyUnknown query = session.query(ActionAssignment) if action_id and category_id: # TODO change the action_id to perimeter_id to allow code refactoring - query = query.filter_by(policy_id=policy_id, action_id=action_id, category_id=category_id) + query = query.filter_by(policy_id=policy_id, action_id=action_id, + category_id=category_id) elif action_id: query = query.filter_by(policy_id=policy_id, action_id=action_id) + elif category_id: + query = query.filter_by(policy_id=policy_id, category_id=category_id) else: query = query.filter_by(policy_id=policy_id) ref_list = query.all() @@ -791,7 +950,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): def add_action_assignment(self, policy_id, action_id, category_id, data_id): with self.get_session_for_write() as session: query = session.query(ActionAssignment) - query = query.filter_by(policy_id=policy_id, action_id=action_id, category_id=category_id) + query = query.filter_by(policy_id=policy_id, action_id=action_id, + category_id=category_id) ref = query.first() if ref: old_ref = copy.deepcopy(ref.to_dict()) @@ -817,7 +977,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_action_assignment(self, policy_id, action_id, category_id, data_id): with self.get_session_for_write() as session: query = session.query(ActionAssignment) - query = query.filter_by(policy_id=policy_id, action_id=action_id, category_id=category_id) + query = query.filter_by(policy_id=policy_id, action_id=action_id, + category_id=category_id) ref = query.first() if ref: old_ref = copy.deepcopy(ref.to_dict()) @@ -837,7 +998,7 @@ class PolicyConnector(BaseConnector, PolicyDriver): query = query.filter_by(policy_id=policy_id, rule_id=rule_id) ref = query.first() return {ref.id: ref.to_dict()} - elif meta_rule_id: + elif meta_rule_id and policy_id: query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id) ref_list = query.all() return { @@ -853,6 +1014,14 @@ class PolicyConnector(BaseConnector, PolicyDriver): "rules": list(map(lambda x: x.to_dict(), ref_list)) } + def is_meta_rule_has_rules(self, meta_rule_id): + with self.get_session_for_read() as session: + query = session.query(Rule) + + query = query.filter_by(meta_rule_id=meta_rule_id) + count = query.count() + return count > 0 + def add_rule(self, policy_id, meta_rule_id, value): try: rules = self.get_rules(policy_id, meta_rule_id=meta_rule_id) @@ -870,8 +1039,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): ) session.add(ref) return {ref.id: ref.to_dict()} - except sqlalchemy.exc.IntegrityError: - raise exceptions.RuleExisting + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.RuleExisting + raise error def delete_rule(self, policy_id, rule_id): with self.get_session_for_write() as session: @@ -885,19 +1056,24 @@ class PolicyConnector(BaseConnector, PolicyDriver): class ModelConnector(BaseConnector, ModelDriver): def update_model(self, model_id, value): - with self.get_session_for_write() as session: - query = session.query(Model) - if model_id: - query = query.filter_by(id=model_id) - ref = query.first() - if ref: - value_wo_name = copy.deepcopy(value) - value_wo_name.pop("name", None) - setattr(ref, "name", value["name"]) - d = dict(ref.value) - d.update(value_wo_name) - setattr(ref, "value", d) - return {ref.id: ref.to_dict()} + try: + with self.get_session_for_write() as session: + query = session.query(Model) + if model_id: + query = query.filter_by(id=model_id) + ref = query.first() + if ref: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + setattr(ref, "name", value["name"]) + d = dict(ref.value) + d.update(value_wo_name) + setattr(ref, "value", d) + return {ref.id: ref.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ModelExisting + raise error def delete_model(self, model_id): with self.get_session_for_write() as session: @@ -916,8 +1092,9 @@ class ModelConnector(BaseConnector, ModelDriver): }) session.add(new) return {new.id: new.to_dict()} - except sqlalchemy.exc.IntegrityError as e: - raise exceptions.ModelExisting + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ModelExisting def get_models(self, model_id=None): with self.get_session_for_read() as session: @@ -931,37 +1108,44 @@ class ModelConnector(BaseConnector, ModelDriver): return r def set_meta_rule(self, meta_rule_id, value): - with self.get_session_for_write() as session: - value_wo_other_data = copy.deepcopy(value) - value_wo_other_data.pop("name", None) - value_wo_other_data.pop("subject_categories", None) - value_wo_other_data.pop("object_categories", None) - value_wo_other_data.pop("action_categories", None) - if meta_rule_id is None: - try: - ref = MetaRule.from_dict( - { - "id": uuid4().hex, - "name": value["name"], - "subject_categories": value["subject_categories"], - "object_categories": value["object_categories"], - "action_categories": value["action_categories"], - "value": value_wo_other_data - } - ) - session.add(ref) - except sqlalchemy.exc.IntegrityError as e: - raise exceptions.MetaRuleExisting - else: - query = session.query(MetaRule) - query = query.filter_by(id=meta_rule_id) - ref = query.first() - setattr(ref, "name", value["name"]) - setattr(ref, "subject_categories", value["subject_categories"]) - setattr(ref, "object_categories", value["object_categories"]) - setattr(ref, "action_categories", value["action_categories"]) - setattr(ref, "value", value_wo_other_data) - return {ref.id: ref.to_dict()} + try: + with self.get_session_for_write() as session: + value_wo_other_data = copy.deepcopy(value) + value_wo_other_data.pop("name", None) + value_wo_other_data.pop("subject_categories", None) + value_wo_other_data.pop("object_categories", None) + value_wo_other_data.pop("action_categories", None) + if meta_rule_id is None: + try: + ref = MetaRule.from_dict( + { + "id": uuid4().hex, + "name": value["name"], + "subject_categories": value["subject_categories"], + "object_categories": value["object_categories"], + "action_categories": value["action_categories"], + "value": value_wo_other_data + } + ) + session.add(ref) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.MetaRuleExisting + raise error + else: + query = session.query(MetaRule) + query = query.filter_by(id=meta_rule_id) + ref = query.first() + setattr(ref, "name", value["name"]) + setattr(ref, "subject_categories", value["subject_categories"]) + setattr(ref, "object_categories", value["object_categories"]) + setattr(ref, "action_categories", value["action_categories"]) + setattr(ref, "value", value_wo_other_data) + return {ref.id: ref.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.MetaRuleExisting + raise error def get_meta_rules(self, meta_rule_id=None): with self.get_session_for_read() as session: @@ -988,7 +1172,7 @@ class ModelConnector(BaseConnector, ModelDriver): return {_ref.id: _ref.to_dict() for _ref in ref_list} def __add_perimeter_category(self, ClassType, name, description, uuid=None): - if not name.strip(): + if not name or not name.strip(): raise exceptions.CategoryNameInvalid with self.get_session_for_write() as session: ref = ClassType.from_dict( @@ -1015,8 +1199,10 @@ class ModelConnector(BaseConnector, ModelDriver): def add_subject_category(self, name, description, uuid=None): try: return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid) - except sql.exc.IntegrityError as e: - raise exceptions.SubjectCategoryExisting() + except sql.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectCategoryExisting + raise error def delete_subject_category(self, category_id): self.__delete_perimeter_category(SubjectCategory, category_id) @@ -1027,8 +1213,10 @@ class ModelConnector(BaseConnector, ModelDriver): def add_object_category(self, name, description, uuid=None): try: return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid) - except sql.exc.IntegrityError as e: - raise exceptions.ObjectCategoryExisting() + except sql.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectCategoryExisting + raise error def delete_object_category(self, category_id): self.__delete_perimeter_category(ObjectCategory, category_id) @@ -1040,8 +1228,10 @@ class ModelConnector(BaseConnector, ModelDriver): def add_action_category(self, name, description, uuid=None): try: return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid) - except sql.exc.IntegrityError as e: - raise exceptions.ActionCategoryExisting() + except sql.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionCategoryExisting + raise error def delete_action_category(self, category_id): self.__delete_perimeter_category(ActionCategory, category_id) diff --git a/python_moondb/python_moondb/core.py b/python_moondb/python_moondb/core.py index 984b81a7..3fee146b 100644 --- a/python_moondb/python_moondb/core.py +++ b/python_moondb/python_moondb/core.py @@ -19,7 +19,7 @@ class Driver(DriverManager): namespace='moon_db.driver', name=driver_name, invoke_on_load=True, - invoke_args=(engine_name, ), + invoke_args=(engine_name,), ) diff --git a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py index 1bfb2ffa..13670b91 100644 --- a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py +++ b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py @@ -7,8 +7,8 @@ import json import sqlalchemy as sql from sqlalchemy import types as sql_types -class JsonBlob(sql_types.TypeDecorator): +class JsonBlob(sql_types.TypeDecorator): impl = sql.Text def process_bind_param(self, value, dialect): @@ -134,7 +134,8 @@ def upgrade(migrate_engine): sql.Column('value', JsonBlob(), nullable=True), sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_subject_data'), + sql.UniqueConstraint('name', 'category_id', 'policy_id', + name='unique_constraint_subject_data'), mysql_engine='InnoDB', mysql_charset='utf8') subject_data_table.create(migrate_engine, checkfirst=True) @@ -147,7 +148,8 @@ def upgrade(migrate_engine): sql.Column('value', JsonBlob(), nullable=True), sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_object_data'), + sql.UniqueConstraint('name', 'category_id', 'policy_id', + name='unique_constraint_object_data'), mysql_engine='InnoDB', mysql_charset='utf8') object_data_table.create(migrate_engine, checkfirst=True) @@ -160,7 +162,8 @@ def upgrade(migrate_engine): sql.Column('value', JsonBlob(), nullable=True), sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), - sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_action_data'), + sql.UniqueConstraint('name', 'category_id', 'policy_id', + name='unique_constraint_action_data'), mysql_engine='InnoDB', mysql_charset='utf8') action_data_table.create(migrate_engine, checkfirst=True) @@ -173,7 +176,8 @@ def upgrade(migrate_engine): sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), - sql.UniqueConstraint('policy_id', 'subject_id', 'category_id', name='unique_constraint_subject_assignment'), + sql.UniqueConstraint('policy_id', 'subject_id', 'category_id', + name='unique_constraint_subject_assignment'), mysql_engine='InnoDB', mysql_charset='utf8') subject_assignments_table.create(migrate_engine, checkfirst=True) @@ -186,7 +190,8 @@ def upgrade(migrate_engine): sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), - sql.UniqueConstraint('policy_id', 'object_id', 'category_id', name='unique_constraint_object_assignment'), + sql.UniqueConstraint('policy_id', 'object_id', 'category_id', + name='unique_constraint_object_assignment'), mysql_engine='InnoDB', mysql_charset='utf8') object_assignments_table.create(migrate_engine, checkfirst=True) @@ -199,7 +204,8 @@ def upgrade(migrate_engine): sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), - sql.UniqueConstraint('policy_id', 'action_id', 'category_id', name='unique_constraint_action_assignment'), + sql.UniqueConstraint('policy_id', 'action_id', 'category_id', + name='unique_constraint_action_assignment'), mysql_engine='InnoDB', mysql_charset='utf8') action_assignments_table.create(migrate_engine, checkfirst=True) @@ -236,28 +242,26 @@ def downgrade(migrate_engine): meta.bind = migrate_engine for _table in ( - 'rules', - 'meta_rules', - 'action_assignments', - 'object_assignments', - 'subject_assignments', - 'action_data', - 'object_data', - 'subject_data', - 'actions', - 'objects', - 'subjects', - 'action_categories', - 'object_categories', - 'subject_categories', - 'models', - 'policies', - 'pdp' + 'rules', + 'meta_rules', + 'action_assignments', + 'object_assignments', + 'subject_assignments', + 'action_data', + 'object_data', + 'subject_data', + 'actions', + 'objects', + 'subjects', + 'action_categories', + 'object_categories', + 'subject_categories', + 'models', + 'policies', + 'pdp' ): try: table = sql.Table(_table, meta, autoload=True) table.drop(migrate_engine, checkfirst=True) except Exception as e: print(e) - - diff --git a/python_moondb/tests/unit_python/helpers/data_helper.py b/python_moondb/tests/unit_python/helpers/data_helper.py index 20d9ae9a..8a8238f5 100644 --- a/python_moondb/tests/unit_python/helpers/data_helper.py +++ b/python_moondb/tests/unit_python/helpers/data_helper.py @@ -15,7 +15,7 @@ def add_action_data(policy_id, data_id=None, category_id=None, value=None): def delete_action_data(policy_id, data_id): from python_moondb.core import PolicyManager - PolicyManager.delete_action_data("", policy_id, data_id) + PolicyManager.delete_action_data("",policy_id=policy_id, data_id=data_id) def get_object_data(policy_id, data_id=None, category_id=None): @@ -30,7 +30,7 @@ def add_object_data(policy_id, data_id=None, category_id=None, value=None): def delete_object_data(policy_id, data_id): from python_moondb.core import PolicyManager - PolicyManager.delete_object_data("", policy_id, data_id) + PolicyManager.delete_object_data("", policy_id=policy_id, data_id=data_id) def get_subject_data(policy_id, data_id=None, category_id=None): @@ -45,7 +45,7 @@ def add_subject_data(policy_id, data_id=None, category_id=None, value=None): def delete_subject_data(policy_id, data_id): from python_moondb.core import PolicyManager - PolicyManager.delete_subject_data("", policy_id, data_id) + PolicyManager.delete_subject_data("", policy_id=policy_id, data_id=data_id) def get_actions(policy_id, perimeter_id=None): diff --git a/python_moondb/tests/unit_python/helpers/meta_rule_helper.py b/python_moondb/tests/unit_python/helpers/meta_rule_helper.py index 80d138c6..87af250a 100644 --- a/python_moondb/tests/unit_python/helpers/meta_rule_helper.py +++ b/python_moondb/tests/unit_python/helpers/meta_rule_helper.py @@ -6,7 +6,7 @@ from helpers import mock_data -def set_meta_rule(meta_rule_id, value=None): +def update_meta_rule(meta_rule_id, value=None): from python_moondb.core import ModelManager if not value: action_category_id = mock_data.create_action_category("action_category_id1") @@ -19,7 +19,7 @@ def set_meta_rule(meta_rule_id, value=None): "object_categories": [object_category_id], "action_categories": [action_category_id] } - return ModelManager.set_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) + return ModelManager.update_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) def add_meta_rule(meta_rule_id=None, value=None): diff --git a/python_moondb/tests/unit_python/helpers/mock_data.py b/python_moondb/tests/unit_python/helpers/mock_data.py index 82eebe88..0d65ea02 100644 --- a/python_moondb/tests/unit_python/helpers/mock_data.py +++ b/python_moondb/tests/unit_python/helpers/mock_data.py @@ -8,6 +8,7 @@ from .policy_helper import * from .data_helper import * from .model_helper import * from .meta_rule_helper import * +from uuid import uuid4 def create_subject_category(name): @@ -58,12 +59,19 @@ def create_pdp(policies_ids): return value -def create_new_policy(subject_category_name=None, object_category_name=None, action_category_name=None, - model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1"): +def create_new_policy(subject_category_name="subjectCategory", object_category_name="objectCategory", + action_category_name="actionCategory", + model_name="test_model", policy_name="policy_name", + meta_rule_name="meta_rule_"): + if policy_name == "policy_name": + policy_name = "policy_name_" + uuid4().hex + subject_category_id, object_category_id, action_category_id, meta_rule_id = create_new_meta_rule( - subject_category_name=subject_category_name, - object_category_name=object_category_name, - action_category_name=action_category_name, meta_rule_name=meta_rule_name) + subject_category_name=subject_category_name + uuid4().hex, + object_category_name=object_category_name + uuid4().hex, + action_category_name=action_category_name + uuid4().hex, + meta_rule_name=meta_rule_name + uuid4().hex + ) model = add_model(value=create_model(meta_rule_id, model_name)) model_id = list(model.keys())[0] value = create_policy(model_id, policy_name) @@ -73,8 +81,12 @@ def create_new_policy(subject_category_name=None, object_category_name=None, act return subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id -def create_new_meta_rule(subject_category_name=None, object_category_name=None, action_category_name=None, - meta_rule_name="meta_rule1"): +def create_new_meta_rule(subject_category_name="subject_category" + uuid4().hex, + object_category_name="object_category" + uuid4().hex, + action_category_name="action_category" + uuid4().hex, + meta_rule_name="meta_rule" + uuid4().hex): + from python_moondb.core import ModelManager + subject_category_id = create_subject_category(subject_category_name) object_category_id = create_object_category(object_category_name) action_category_id = create_action_category(action_category_name) @@ -84,7 +96,8 @@ def create_new_meta_rule(subject_category_name=None, object_category_name=None, "object_categories": [object_category_id], "action_categories": [action_category_id] } - meta_rule = add_meta_rule(value=value) + # meta_rule = add_meta_rule(value=value) + meta_rule = ModelManager.add_meta_rule(user_id=None, meta_rule_id=None, value=value) return subject_category_id, object_category_id, action_category_id, list(meta_rule.keys())[0] @@ -117,8 +130,8 @@ def create_action(policy_id): def create_subject_data(policy_id, category_id): value = { - "name": "subject-security-level", - "description": {"low": "", "medium": "", "high": ""}, + "name": uuid4().hex, + "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, } subject_data = add_subject_data(policy_id=policy_id, category_id=category_id, value=value).get('data') assert subject_data @@ -127,8 +140,8 @@ def create_subject_data(policy_id, category_id): def create_object_data(policy_id, category_id): value = { - "name": "object-security-level", - "description": {"low": "", "medium": "", "high": ""}, + "name": uuid4().hex, + "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, } object_data = add_object_data(policy_id=policy_id, category_id=category_id, value=value).get('data') return list(object_data.keys())[0] @@ -136,9 +149,8 @@ def create_object_data(policy_id, category_id): def create_action_data(policy_id, category_id): value = { - "name": "action-type", - "description": {"vm-action": "", "storage-action": "", }, + "name": uuid4().hex, + "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, } action_data = add_action_data(policy_id=policy_id, category_id=category_id, value=value).get('data') return list(action_data.keys())[0] - diff --git a/python_moondb/tests/unit_python/helpers/model_helper.py b/python_moondb/tests/unit_python/helpers/model_helper.py index 58946a99..98a6271d 100644 --- a/python_moondb/tests/unit_python/helpers/model_helper.py +++ b/python_moondb/tests/unit_python/helpers/model_helper.py @@ -4,7 +4,7 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. from helpers import mock_data - +from uuid import uuid4 def get_models(model_id=None): from python_moondb.core import ModelManager @@ -14,10 +14,7 @@ def get_models(model_id=None): def add_model(model_id=None, value=None): from python_moondb.core import ModelManager if not value: - subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( - subject_category_name="subject_category1", - object_category_name="object_category1", - action_category_name="action_category1") + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule() name = "MLS" if model_id is None else "MLS " + model_id value = { "name": name, diff --git a/python_moondb/tests/unit_python/helpers/policy_helper.py b/python_moondb/tests/unit_python/helpers/policy_helper.py index c932ee3a..93d81c62 100644 --- a/python_moondb/tests/unit_python/helpers/policy_helper.py +++ b/python_moondb/tests/unit_python/helpers/policy_helper.py @@ -2,6 +2,8 @@ # This software is distributed under the terms and conditions of the 'Apache-2.0' # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. +from helpers import mock_data as mock_data +from helpers import meta_rule_helper def get_policies(): from python_moondb.core import PolicyManager @@ -45,11 +47,20 @@ def get_rules(policy_id=None, meta_rule_id=None, rule_id=None): return PolicyManager.get_rules("", policy_id, meta_rule_id, rule_id) -def add_rule(policy_id=None, meta_rule_id=None, value=None): +def add_rule(policy_id, meta_rule_id, value=None): from python_moondb.core import PolicyManager if not value: + meta_rule = meta_rule_helper.get_meta_rules(meta_rule_id) + sub_cat_id = meta_rule[meta_rule_id]['subject_categories'][0] + ob_cat_id = meta_rule[meta_rule_id]['object_categories'][0] + act_cat_id = meta_rule[meta_rule_id]['action_categories'][0] + + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=sub_cat_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, category_id=ob_cat_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, category_id=act_cat_id) + value = { - "rule": ("high", "medium", "vm-action"), + "rule": (subject_data_id, object_data_id, action_data_id), "instructions": ({"decision": "grant"}), "enabled": "", } diff --git a/python_moondb/tests/unit_python/models/test_categories.py b/python_moondb/tests/unit_python/models/test_categories.py index f87d0e12..39dc4c71 100644 --- a/python_moondb/tests/unit_python/models/test_categories.py +++ b/python_moondb/tests/unit_python/models/test_categories.py @@ -10,13 +10,24 @@ from helpers import category_helper logger = logging.getLogger("moon.db.tests.models.test_categories") + def test_add_subject_category_twice(): - category = category_helper.add_subject_category(value={"name": "category name", "description": "description 1"}) + category = category_helper.add_subject_category( + value={"name": "category name", "description": "description 1"}) category_id = list(category.keys())[0] assert category is not None with pytest.raises(SubjectCategoryExisting): category_helper.add_subject_category(category_id, - value={"name": "category name", "description": "description 2"}) + value={"name": "category name", + "description": "description 2"}) + + +def test_add_subject_category_name_space(): + with pytest.raises(CategoryNameInvalid) as exp: + category = category_helper.add_subject_category(value={"name": " ", "description": + "description 1"}) + assert exp.value.code == 400 + assert exp.value.description == 'The given category name is invalid.' def test_get_subject_categories(): @@ -34,12 +45,22 @@ def test_get_subject_categories_with_invalid_id(): def test_add_object_category_twice(): - category = category_helper.add_object_category(value={"name": "category name", "description": "description 1"}) + category = category_helper.add_object_category( + value={"name": "category name", "description": "description 1"}) category_id = list(category.keys())[0] assert category is not None with pytest.raises(ObjectCategoryExisting): category_helper.add_object_category(category_id, - value={"name": "category name", "description": "description 2"}) + value={"name": "category name", + "description": "description 2"}) + + +def test_add_object_category_name_space(): + with pytest.raises(CategoryNameInvalid) as exp: + category = category_helper.add_object_category(value={"name": " ", "description": + "description 1"}) + assert exp.value.code == 400 + assert exp.value.description == 'The given category name is invalid.' def test_get_object_categories(): @@ -57,12 +78,23 @@ def test_get_object_categories_with_invalid_id(): def test_add_action_category_twice(): - category = category_helper.add_action_category(value={"name": "category name", "description": "description 1"}) + category = category_helper.add_action_category( + value={"name": "category name", "description": "description 1"}) category_id = list(category.keys())[0] assert category is not None - with pytest.raises(ActionCategoryExisting): + with pytest.raises(ActionCategoryExisting) as exp_info: category_helper.add_action_category(category_id, - value={"name": "category name", "description": "description 2"}) + value={"name": "category name", + "description": "description 2"}) + assert str(exp_info.value)=='409: Action Category Existing' + + +def test_add_action_category_name_space(): + with pytest.raises(CategoryNameInvalid) as exp: + category = category_helper.add_action_category(value={"name": " ", "description": + "description 1"}) + assert exp.value.code == 400 + assert exp.value.description == 'The given category name is invalid.' def test_get_action_categories(): diff --git a/python_moondb/tests/unit_python/models/test_meta_rules.py b/python_moondb/tests/unit_python/models/test_meta_rules.py index 102cd724..3b2b5b0e 100644 --- a/python_moondb/tests/unit_python/models/test_meta_rules.py +++ b/python_moondb/tests/unit_python/models/test_meta_rules.py @@ -5,16 +5,88 @@ import pytest from helpers import meta_rule_helper +from helpers import policy_helper import helpers.mock_data as mock_data +import helpers.model_helper as model_helper +from python_moonutilities.exceptions import * +from uuid import uuid4 -def test_set_not_exist_meta_rule_error(db): +def test_update_not_exist_meta_rule_error(db): # set not existing meta rule and expect to raise and error - with pytest.raises(Exception) as exception_info: - meta_rule_helper.set_meta_rule(meta_rule_id=None) + with pytest.raises(MetaRuleUnknown) as exception_info: + meta_rule_helper.update_meta_rule(meta_rule_id=None) assert str(exception_info.value) == '400: Meta Rule Unknown' +def test_update_meta_rule_connected_with_policy_and_rule(): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + + value = { + "rule": (subject_data_id, object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert rules + assert len(rules) == 1 + + action_category_id = mock_data.create_action_category("action_category_id2") + subject_category_id = mock_data.create_subject_category("subject_category_id2") + object_category_id = mock_data.create_object_category("object_category_id2") + + updated_value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + with pytest.raises(MetaRuleUpdateError) as exception_info: + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id, updated_value) + assert str(exception_info.value) == '400: Meta_Rule Update Error' + + +def test_update_meta_rule_connected_with_policy(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + action_category_id = mock_data.create_action_category("action_category_id2") + subject_category_id = mock_data.create_subject_category("subject_category_id2") + object_category_id = mock_data.create_object_category("object_category_id2") + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value) + assert isinstance(meta_rules, dict) + assert meta_rules + assert len(meta_rules) is 1 + meta_rule_id = list(meta_rules.keys())[0] + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in meta_rules[meta_rule_id] + assert meta_rules[meta_rule_id][key] == value[key] + + def test_add_new_meta_rule_success(db): action_category_id = mock_data.create_action_category("action_category_id1") subject_category_id = mock_data.create_subject_category("subject_category_id1") @@ -31,12 +103,29 @@ def test_add_new_meta_rule_success(db): assert meta_rules assert len(meta_rules) is 1 meta_rule_id = list(meta_rules.keys())[0] - for key in ("name", "description", "subject_categories", "object_categories", "action_categories"): + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): assert key in meta_rules[meta_rule_id] assert meta_rules[meta_rule_id][key] == value[key] -def test_set_meta_rule_success(db): +def test_meta_rule_with_blank_name(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + value = { + "name": "", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + with pytest.raises(MetaRuleContentError) as exception_info: + meta_rule_helper.add_meta_rule(value=value) + assert str(exception_info.value) == '400: Meta Rule Error' + + +def test_update_meta_rule_success(db): # arrange meta_rules = meta_rule_helper.add_meta_rule() meta_rule_id = list(meta_rules.keys())[0] @@ -51,11 +140,79 @@ def test_set_meta_rule_success(db): "action_categories": [action_category_id] } # action - updated_meta_rule = meta_rule_helper.set_meta_rule(meta_rule_id, updated_value) + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id, updated_value) # assert updated_meta_rule_id = list(updated_meta_rule.keys())[0] assert updated_meta_rule_id == meta_rule_id - assert updated_meta_rule[updated_meta_rule_id]["subject_categories"] == updated_value["subject_categories"] + assert updated_meta_rule[updated_meta_rule_id]["subject_categories"] == updated_value[ + "subject_categories"] + + +def test_update_meta_rule_with_existed_categories_combination(db): + action_category_id1 = mock_data.create_action_category(uuid4().hex) + subject_category_id1 = mock_data.create_subject_category(uuid4().hex) + object_category_id1 = mock_data.create_object_category(uuid4().hex) + meta_rule_name1=uuid4().hex + value1 = { + "name": meta_rule_name1, + "description": "test", + "subject_categories": [subject_category_id1], + "object_categories": [object_category_id1], + "action_categories": [action_category_id1] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value1) + + action_category_id2 = mock_data.create_action_category(uuid4().hex) + subject_category_id2 = mock_data.create_subject_category(uuid4().hex) + object_category_id2 = mock_data.create_object_category(uuid4().hex) + meta_rule_name2 = uuid4().hex + value2 = { + "name": meta_rule_name2, + "description": "test", + "subject_categories": [subject_category_id2], + "object_categories": [object_category_id2], + "action_categories": [action_category_id2] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value2) + meta_rule_id2 = list(meta_rules.keys())[0] + value1['name']=value2['name'] + with pytest.raises(MetaRuleExisting) as exception_info: + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id2, value1) + assert str(exception_info.value) == '409: Meta Rule Existing' + assert exception_info.value.description=="Same categories combination existed" + + +def test_update_meta_rule_with_different_categories_combination_but_same_data(db): + action_category_id1 = mock_data.create_action_category(uuid4().hex) + subject_category_id1 = mock_data.create_subject_category(uuid4().hex) + object_category_id1 = mock_data.create_object_category(uuid4().hex) + meta_rule_name1=uuid4().hex + value1 = { + "name": meta_rule_name1, + "description": "test", + "subject_categories": [subject_category_id1], + "object_categories": [object_category_id1], + "action_categories": [action_category_id1] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value1) + + action_category_id2 = mock_data.create_action_category(uuid4().hex) + subject_category_id2 = mock_data.create_subject_category(uuid4().hex) + object_category_id2 = mock_data.create_object_category(uuid4().hex) + meta_rule_name2 = uuid4().hex + value2 = { + "name": meta_rule_name2, + "description": "test", + "subject_categories": [subject_category_id2], + "object_categories": [object_category_id2], + "action_categories": [action_category_id2] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value2) + meta_rule_id2 = list(meta_rules.keys())[0] + value1['name']=value2['name'] + value1['object_categories']+=[object_category_id1] + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id2, value1) + assert meta_rule_id2 in updated_meta_rule def test_add_existing_meta_rule_error(db): @@ -71,9 +228,85 @@ def test_add_existing_meta_rule_error(db): } meta_rules = meta_rule_helper.add_meta_rule(value=value) meta_rule_id = list(meta_rules.keys())[0] - with pytest.raises(Exception) as exception_info: + with pytest.raises(MetaRuleExisting) as exception_info: meta_rule_helper.add_meta_rule(meta_rule_id=meta_rule_id) - assert str(exception_info.value) == '400: Sub Meta Rule Existing' + assert str(exception_info.value) == '409: Meta Rule Existing' + + +def test_add_meta_rule_with_existing_name_error(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + name = uuid4().hex + value = { + "name": name, + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rule_helper.add_meta_rule(value=value) + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + value = { + "name": name, + "description": 'test', + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + with pytest.raises(MetaRuleExisting) as exception_info: + meta_rule_helper.add_meta_rule(value=value) + assert str(exception_info.value) == '409: Meta Rule Existing' + assert exception_info.value.description == 'The meta rule already exists.' + + +def test_add_meta_rule_with_existing_categories_combination(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + name = uuid4().hex + value = { + "name": name, + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rule_helper.add_meta_rule(value=value) + value['name'] = uuid4().hex + with pytest.raises(MetaRuleExisting) as exception_info: + meta_rule_helper.add_meta_rule(value=value) + assert str(exception_info.value) == '409: Meta Rule Existing' + assert exception_info.value.description == "Same categories combination existed" + + +def test_add_meta_rule_with_different_categories_combination_but_same_data(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id1 = mock_data.create_object_category(uuid4().hex) + object_category_id2 = mock_data.create_object_category(uuid4().hex) + + name1 = uuid4().hex + value = { + "name": name1, + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id1], + "action_categories": [action_category_id] + } + meta_rule_helper.add_meta_rule(value=value) + name2 = uuid4().hex + value['name'] = name2 + value['object_categories'] += [object_category_id2] + meta_rules = meta_rule_helper.add_meta_rule(value=value) + bool_found_meta_rule = 0 + for meta_rule_id in meta_rules: + if meta_rules[meta_rule_id]['name'] == name2: + bool_found_meta_rule = 1 + break + assert bool_found_meta_rule def test_get_meta_rule_success(db): @@ -113,7 +346,8 @@ def test_get_meta_rule_success(db): assert meta_rules assert len(meta_rules) is 2 for meta_rule_id in meta_rules: - for key in ("name", "description", "subject_categories", "object_categories", "action_categories"): + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): assert key in meta_rules[meta_rule_id] assert meta_rules[meta_rule_id][key] == values[meta_rule_id][key] @@ -127,7 +361,8 @@ def test_get_specific_meta_rule_success(db): meta_rule_id = list(meta_rules.keys())[0] # assert assert meta_rule_id == added_meta_rule_id - for key in ("name", "description", "subject_categories", "object_categories", "action_categories"): + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): assert key in meta_rules[meta_rule_id] assert meta_rules[meta_rule_id][key] == added_meta_rules[added_meta_rule_id][key] @@ -154,7 +389,15 @@ def test_delete_meta_rules_success(db): assert meta_rule_id1 not in meta_rules +def test_delete_meta_rules_with_model(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + with pytest.raises(DeleteMetaRuleWithModel) as exception_info: + meta_rule_helper.delete_meta_rules(meta_rule_id) + assert str(exception_info.value) == '400: Meta rule With Model Error' + + def test_delete_invalid_meta_rules_error(db): - with pytest.raises(Exception) as exception_info: + with pytest.raises(MetaRuleUnknown) as exception_info: meta_rule_helper.delete_meta_rules("INVALID_META_RULE_ID") assert str(exception_info.value) == '400: Meta Rule Unknown' diff --git a/python_moondb/tests/unit_python/models/test_models.py b/python_moondb/tests/unit_python/models/test_models.py index 0026345c..1b171069 100644 --- a/python_moondb/tests/unit_python/models/test_models.py +++ b/python_moondb/tests/unit_python/models/test_models.py @@ -10,6 +10,8 @@ import helpers.mock_data as mock_data import helpers.model_helper as model_helper import helpers.category_helper as category_helper import helpers.policy_helper as policy_helper +import helpers.assignment_helper as assignment_helper +from uuid import uuid4 logger = logging.getLogger("moon.db.tests.test_model") @@ -83,7 +85,7 @@ def test_add_same_model_twice(db): with pytest.raises(ModelExisting) as exception_info: model_helper.add_model(model_id="model_1", value=value) model_helper.delete_all_models() - # assert str(exception_info.value) == '409: Model Error' + assert str(exception_info.value) == '409: Model Error' def test_add_model_generate_new_uuid(db): @@ -148,9 +150,34 @@ def test_add_models_with_same_name_twice(db): models = model_helper.add_model(value=model_value1) assert isinstance(models, dict) assert models - with pytest.raises(Exception) as exc_info: + with pytest.raises(Exception) as exception_info: model_helper.add_model(value=model_value1) model_helper.delete_all_models() + assert str(exception_info.value) == '409: Model Error' + +def test_add_model_with_existed_meta_rules_list(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( + subject_category_name=uuid4().hex, + object_category_name=uuid4().hex, + action_category_name=uuid4().hex) + model_value1 = { + "name": uuid4().hex, + "description": "test", + "meta_rules": [meta_rule_id] + } + models = model_helper.add_model(value=model_value1) + assert isinstance(models, dict) + assert models + model_value1 = { + "name": uuid4().hex, + "description": "test", + "meta_rules": [meta_rule_id] + } + with pytest.raises(Exception) as exception_info: + model_helper.add_model(value=model_value1) + model_helper.delete_all_models() + assert str(exception_info.value) == '409: Model Error' + assert str(exception_info.value.description)=='Meta Rules List Existed in another Model' def test_delete_models(db): @@ -240,6 +267,7 @@ def test_delete_model_assigned_to_policy(db): policy_helper.add_policies(value=value) with pytest.raises(DeleteModelWithPolicy) as exception_info: model_helper.delete_models(uuid=model_id) + assert str(exception_info.value) == '400: Model With Policy Error' def test_add_subject_category(db): @@ -253,13 +281,32 @@ def test_add_subject_category(db): assert len(subject_category) == 1 +def test_add_subject_categories_with_existed_name(db): + name = uuid4().hex + value = { + "name": name, + "description": "description subject_category" + } + subject_category = category_helper.add_subject_category(value=value) + assert subject_category + assert len(subject_category) == 1 + + value = { + "name": name, + "description": "description subject_category" + } + with pytest.raises(SubjectCategoryExisting) as exception_info: + category_helper.add_subject_category(value=value) + assert str(exception_info.value) == '409: Subject Category Existing' + + def test_add_subject_category_with_empty_name(db): category_id = "category_id1" value = { "name": "", "description": "description subject_category" } - with pytest.raises(Exception) as exception_info: + with pytest.raises(CategoryNameInvalid) as exception_info: category_helper.add_subject_category(category_id, value) assert str(exception_info.value) == '400: Category Name Invalid' @@ -271,7 +318,7 @@ def test_add_subject_category_with_same_category_id(db): "description": "description subject_category" } category_helper.add_subject_category(category_id, value) - with pytest.raises(Exception) as exception_info: + with pytest.raises(SubjectCategoryExisting) as exception_info: category_helper.add_subject_category(category_id, value) assert str(exception_info.value) == '409: Subject Category Existing' @@ -299,10 +346,41 @@ def test_delete_subject_category(db): assert not subject_category +def test_delete_subject_category_with_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + mock_data.create_subject_data(policy_id, subject_category_id) + + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + +def test_delete_subject_category_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id, subject_category_id) + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + +def test_delete_subject_category_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + def test_delete_subject_category_with_unkown_category_id(db): category_id = "invalid_category_id" - with pytest.raises(Exception) as exception_info: + with pytest.raises(SubjectCategoryUnknown) as exception_info: category_helper.delete_subject_category(category_id) assert str(exception_info.value) == '400: Subject Category Unknown' @@ -318,6 +396,20 @@ def test_add_object_category(db): assert len(object_category) == 1 +def test_add_object_categories_with_existed_name(db): + name = uuid4().hex + value = { + "name": name, + "description": "description object_category" + } + object_category = category_helper.add_object_category(value=value) + assert object_category + assert len(object_category) == 1 + with pytest.raises(ObjectCategoryExisting) as exception_info: + category_helper.add_object_category(value=value) + assert str(exception_info.value) == '409: Object Category Existing' + + def test_add_object_category_with_same_category_id(db): category_id = "category_id1" value = { @@ -325,7 +417,7 @@ def test_add_object_category_with_same_category_id(db): "description": "description object_category" } category_helper.add_object_category(category_id, value) - with pytest.raises(Exception) as exception_info: + with pytest.raises(ObjectCategoryExisting) as exception_info: category_helper.add_object_category(category_id, value) assert str(exception_info.value) == '409: Object Category Existing' @@ -336,7 +428,7 @@ def test_add_object_category_with_empty_name(db): "name": "", "description": "description object_category" } - with pytest.raises(Exception) as exception_info: + with pytest.raises(CategoryNameInvalid) as exception_info: category_helper.add_object_category(category_id, value) assert str(exception_info.value) == '400: Category Name Invalid' @@ -364,10 +456,42 @@ def test_delete_object_category(db): assert not object_category +def test_delete_object_category_with_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + mock_data.create_subject_data(policy_id, subject_category_id) + + mock_data.create_object_data(policy_id, object_category_id) + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + +def test_delete_object_category_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id, object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + +def test_delete_object_category_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + def test_delete_object_category_with_unkown_category_id(db): category_id = "invalid_category_id" - with pytest.raises(Exception) as exception_info: + with pytest.raises(ObjectCategoryUnknown) as exception_info: category_helper.delete_object_category(category_id) assert str(exception_info.value) == '400: Object Category Unknown' @@ -383,6 +507,20 @@ def test_add_action_category(db): assert len(action_category) == 1 +def test_add_action_categories_with_existed_name(db): + name = uuid4().hex + value = { + "name": name, + "description": "description action_category" + } + action_category = category_helper.add_action_category(value=value) + assert action_category + assert len(action_category) == 1 + with pytest.raises(ActionCategoryExisting) as exception_info: + category_helper.add_action_category(value=value) + assert str(exception_info.value) == '409: Action Category Existing' + + def test_add_action_category_with_same_category_id(db): category_id = "category_id1" value = { @@ -390,7 +528,7 @@ def test_add_action_category_with_same_category_id(db): "description": "description action_category" } category_helper.add_action_category(category_id, value) - with pytest.raises(Exception) as exception_info: + with pytest.raises(ActionCategoryExisting) as exception_info: category_helper.add_action_category(category_id, value) assert str(exception_info.value) == '409: Action Category Existing' @@ -401,7 +539,7 @@ def test_add_action_category_with_empty_name(db): "name": "", "description": "description action_category" } - with pytest.raises(Exception) as exception_info: + with pytest.raises(CategoryNameInvalid) as exception_info: category_helper.add_action_category(category_id, value) assert str(exception_info.value) == '400: Category Name Invalid' @@ -429,9 +567,56 @@ def test_delete_action_category(db): assert not action_category +def test_delete_action_category_with_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + mock_data.create_subject_data(policy_id, subject_category_id) + + mock_data.create_action_data(policy_id, action_category_id) + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' + + +def test_delete_action_category_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id, action_category_id) + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' + + +def test_delete_action_category_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' + + def test_delete_action_category_with_unkown_category_id(db): category_id = "invalid_category_id" - with pytest.raises(Exception) as exception_info: + with pytest.raises(ActionCategoryUnknown) as exception_info: category_helper.delete_action_category(category_id) assert str(exception_info.value) == '400: Action Category Unknown' + + +def test_delete_data_categories_connected_to_meta_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' diff --git a/python_moondb/tests/unit_python/policies/test_assignments.py b/python_moondb/tests/unit_python/policies/test_assignments.py index 675c2ff9..24a3a7b0 100755 --- a/python_moondb/tests/unit_python/policies/test_assignments.py +++ b/python_moondb/tests/unit_python/policies/test_assignments.py @@ -19,7 +19,8 @@ def test_get_action_assignments(db): data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) - act_assignments = assignment_helper.get_action_assignments(policy_id, action_id, action_category_id) + act_assignments = assignment_helper.get_action_assignments(policy_id, action_id, + action_category_id) action_id_1 = list(act_assignments.keys())[0] assert act_assignments[action_id_1]["policy_id"] == policy_id assert act_assignments[action_id_1]["action_id"] == action_id @@ -36,7 +37,8 @@ def test_add_action_assignments(db): meta_rule_name="meta_rule_1") action_id = mock_data.create_action(policy_id) data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) - action_assignments = assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + action_assignments = assignment_helper.add_action_assignment(policy_id, action_id, + action_category_id, data_id) assert action_assignments action_id_1 = list(action_assignments.keys())[0] assert action_assignments[action_id_1]["policy_id"] == policy_id @@ -47,6 +49,8 @@ def test_add_action_assignments(db): with pytest.raises(ActionAssignmentExisting) as exception_info: assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + assert str(exception_info.value) == '409: Action Assignment Existing' + assert str(exception_info.value.description) == 'The given action assignment value is existing.' def test_delete_action_assignment(db): @@ -79,7 +83,8 @@ def test_get_object_assignments(db): object_id = mock_data.create_object(policy_id) data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - obj_assignments = assignment_helper.get_object_assignments(policy_id, object_id, object_category_id) + obj_assignments = assignment_helper.get_object_assignments(policy_id, object_id, + object_category_id) object_id_1 = list(obj_assignments.keys())[0] assert obj_assignments[object_id_1]["policy_id"] == policy_id assert obj_assignments[object_id_1]["object_id"] == object_id @@ -109,7 +114,8 @@ def test_add_object_assignments(db): meta_rule_name="meta_rule_1") object_id = mock_data.create_object(policy_id) data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) - object_assignments = assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + object_assignments = assignment_helper.add_object_assignment(policy_id, object_id, + object_category_id, data_id) assert object_assignments object_id_1 = list(object_assignments.keys())[0] assert object_assignments[object_id_1]["policy_id"] == policy_id @@ -118,8 +124,10 @@ def test_add_object_assignments(db): assert len(object_assignments[object_id_1].get("assignments")) == 1 assert data_id in object_assignments[object_id_1].get("assignments") - with pytest.raises(ObjectAssignmentExisting): + with pytest.raises(ObjectAssignmentExisting) as exception_info: assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + assert str(exception_info.value) == '409: Object Assignment Existing' + assert str(exception_info.value.description) == 'The given object assignment value is existing.' def test_delete_object_assignment(db): @@ -132,7 +140,8 @@ def test_delete_object_assignment(db): data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) - assignment_helper.delete_object_assignment(policy_id, object_id, object_category_id, data_id=data_id) + assignment_helper.delete_object_assignment(policy_id, object_id, object_category_id, + data_id=data_id) assignments = assignment_helper.get_object_assignments(policy_id) assert len(assignments) == 0 @@ -154,7 +163,8 @@ def test_get_subject_assignments(db): data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) - subj_assignments = assignment_helper.get_subject_assignments(policy_id, subject_id, subject_category_id) + subj_assignments = assignment_helper.get_subject_assignments(policy_id, subject_id, + subject_category_id) subject_id_1 = list(subj_assignments.keys())[0] assert subj_assignments[subject_id_1]["policy_id"] == policy_id assert subj_assignments[subject_id_1]["subject_id"] == subject_id @@ -186,7 +196,8 @@ def test_add_subject_assignments(db): subject_id = mock_data.create_subject(policy_id) data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) - subject_assignments = assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + subject_assignments = assignment_helper.add_subject_assignment(policy_id, subject_id, + subject_category_id, data_id) assert subject_assignments subject_id_1 = list(subject_assignments.keys())[0] assert subject_assignments[subject_id_1]["policy_id"] == policy_id @@ -195,8 +206,12 @@ def test_add_subject_assignments(db): assert len(subject_assignments[subject_id_1].get("assignments")) == 1 assert data_id in subject_assignments[subject_id_1].get("assignments") - with pytest.raises(SubjectAssignmentExisting): - assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + with pytest.raises(SubjectAssignmentExisting) as exception_info: + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, + data_id) + assert str(exception_info.value) == '409: Subject Assignment Existing' + assert str( + exception_info.value.description) == 'The given subject assignment value is existing.' def test_delete_subject_assignment(db): diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py index fa3f8c06..8ce1ac00 100755 --- a/python_moondb/tests/unit_python/policies/test_data.py +++ b/python_moondb/tests/unit_python/policies/test_data.py @@ -6,7 +6,9 @@ import helpers.mock_data as mock_data import policies.mock_data import helpers.data_helper as data_helper +import helpers.assignment_helper as assignment_helper import pytest +from uuid import uuid4 import logging from python_moonutilities.exceptions import * @@ -56,6 +58,21 @@ def test_add_action_data(db): assert len(action_data['data']) == 1 +def test_add_action_data_duplicate(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) + with pytest.raises(ActionScopeExisting) as exception_info: + action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) + assert str(exception_info.value) == '409: Action Scope Existing' + def test_add_action_data_with_invalid_category_id(db): subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( subject_category_name="subject_category1", @@ -66,9 +83,9 @@ def test_add_action_data_with_invalid_category_id(db): "name": "action-type", "description": {"vm-action": "", "storage-action": "", }, } - with pytest.raises(Exception) as exception_info: + with pytest.raises(ActionCategoryUnknown) as exception_info: data_helper.add_action_data(policy_id=policy_id, value=value).get('data') - assert str(exception_info.value) == 'Invalid category id' + assert str(exception_info.value) == '400: Action Category Unknown' def test_delete_action_data(db): @@ -84,7 +101,7 @@ def test_delete_action_data(db): } action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) data_id = list(action_data["data"])[0] - data_helper.delete_action_data(policy_id, data_id) + data_helper.delete_action_data(policy_id=policy_id, data_id=data_id) new_action_data = data_helper.get_action_data(policy_id) assert len(new_action_data[0]['data']) == 0 @@ -144,9 +161,27 @@ def test_add_object_data_with_invalid_category_id(db): "name": "object-security-level", "description": {"low": "", "medium": "", "high": ""}, } - with pytest.raises(MetaDataUnknown) as exception_info: + with pytest.raises(ObjectCategoryUnknown) as exception_info: data_helper.add_object_data(policy_id=policy_id, category_id="invalid", value=value).get('data') - assert str(exception_info.value) == '400: Meta data Unknown' + assert str(exception_info.value) == '400: Object Category Unknown' + + +def test_add_object_data_duplicate(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( + 'data') + with pytest.raises(ObjectScopeExisting) as exception_info: + data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( + 'data') + assert str(exception_info.value) == '409: Object Scope Existing' def test_delete_object_data(db): @@ -229,9 +264,28 @@ def test_add_subject_data_with_no_category_id(db): "name": "subject-security-level", "description": {"low": "", "medium": "", "high": ""}, } - with pytest.raises(Exception) as exception_info: + with pytest.raises(SubjectCategoryUnknown) as exception_info: data_helper.add_subject_data(policy_id=policy_id, data_id=subject_category_id, value=value).get('data') - assert str(exception_info.value) == 'Invalid category id' + assert str(exception_info.value) == '400: Subject Category Unknown' + + +def test_add_subject_data_duplicate(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( + 'data') + + with pytest.raises(SubjectScopeExisting) as exception_info: + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, + value=value).get('data') + assert str(exception_info.value) == '409: Subject Scope Existing' def test_delete_subject_data(db): @@ -247,7 +301,7 @@ def test_delete_subject_data(db): subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( 'data') subject_data_id = list(subject_data.keys())[0] - data_helper.delete_subject_data(subject_data[subject_data_id].get('policy_id'), subject_data_id) + data_helper.delete_subject_data(policy_id=subject_data[subject_data_id].get('policy_id'), data_id=subject_data_id) new_subject_data = data_helper.get_subject_data(policy_id) assert len(new_subject_data[0]['data']) == 0 @@ -297,8 +351,9 @@ def test_add_action_twice(db): "description": "test", } data_helper.add_action(policy_id=policy_id, value=value) - with pytest.raises(ActionExisting): + with pytest.raises(PolicyExisting) as exception_info: data_helper.add_action(policy_id=policy_id, value=value) + assert str(exception_info.value) == '409: Policy Already Exists' def test_add_action_blank_name(db): @@ -307,9 +362,9 @@ def test_add_action_blank_name(db): "name": "", "description": "test", } - with pytest.raises(Exception) as exception_info: + with pytest.raises(PerimeterContentError) as exception_info: data_helper.add_action(policy_id=policy_id, value=value) - assert str(exception_info.value) == '400: Perimeter Name is Invalid' + assert str(exception_info.value) == '400: Perimeter content is invalid.' def test_add_action_with_name_space(db): @@ -318,9 +373,9 @@ def test_add_action_with_name_space(db): "name": " ", "description": "test", } - with pytest.raises(Exception) as exception_info: + with pytest.raises(PerimeterContentError) as exception_info: data_helper.add_action(policy_id=policy_id, value=value) - assert str(exception_info.value) == '400: Perimeter Name is Invalid' + assert str(exception_info.value) == '400: Perimeter content is invalid.' def test_add_action_multiple_times(db): @@ -377,7 +432,7 @@ def test_delete_action(db): def test_delete_action_with_invalid_perimeter_id(db): policy_id = "invalid" perimeter_id = "invalid" - with pytest.raises(Exception) as exception_info: + with pytest.raises(PolicyUnknown) as exception_info: data_helper.delete_action(policy_id, perimeter_id) assert str(exception_info.value) == '400: Policy Unknown' @@ -400,7 +455,7 @@ def test_get_objects(db): assert objects[object_id].get('policy_list')[0] == policy_id -def test_add_object(db): +def test_add_object_with_same_policy_twice(db): subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( subject_category_name="subject_category1", object_category_name="object_category1", @@ -415,8 +470,9 @@ def test_add_object(db): object_id = list(added_object.keys())[0] assert len(added_object[object_id].get('policy_list')) == 1 - with pytest.raises(ObjectExisting): + with pytest.raises(PolicyExisting) as exception_info: data_helper.add_object(policy_id=policy_id, value=value) + assert str(exception_info.value) == '409: Policy Already Exists' def test_add_objects_multiple_times(db): @@ -470,7 +526,7 @@ def test_delete_object(db): def test_delete_object_with_invalid_perimeter_id(db): policy_id = "invalid" perimeter_id = "invalid" - with pytest.raises(Exception) as exception_info: + with pytest.raises(PolicyUnknown) as exception_info: data_helper.delete_object(policy_id, perimeter_id) assert str(exception_info.value) == '400: Policy Unknown' @@ -504,11 +560,12 @@ def test_get_subjects_with_invalid_policy_id(db): "description": "test", } data_helper.add_subject(policy_id=policy_id, value=value) - with pytest.raises(PolicyUnknown): + with pytest.raises(PolicyUnknown) as exception_info: data_helper.get_subjects(policy_id="invalid") + assert str(exception_info.value) == '400: Policy Unknown' -def test_add_subject(db): +def test_add_subject_with_same_policy_twice(db): subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( subject_category_name="subject_category1", object_category_name="object_category1", @@ -522,9 +579,9 @@ def test_add_subject(db): assert subject subject_id = list(subject.keys())[0] assert len(subject[subject_id].get('policy_list')) == 1 - with pytest.raises(SubjectExisting) as exception_info: + with pytest.raises(PolicyExisting) as exception_info: data_helper.add_subject(policy_id=policy_id, value=value) - assert str(exception_info.value) == '409: Subject Existing' + assert str(exception_info.value) == '409: Policy Already Exists' def test_add_subjects_multiple_times(db): @@ -578,11 +635,59 @@ def test_delete_subject(db): def test_delete_subject_with_invalid_perimeter_id(db): policy_id = "invalid" perimeter_id = "invalid" - with pytest.raises(Exception) as exception_info: + with pytest.raises(PolicyUnknown) as exception_info: data_helper.delete_subject(policy_id, perimeter_id) assert str(exception_info.value) == '400: Policy Unknown' +def test_delete_subject_with_assignment(db): + + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category"+uuid4().hex, + object_category_name="object_category"+uuid4().hex, + action_category_name="action_category"+uuid4().hex, + meta_rule_name="meta_rule_"+uuid4().hex) + + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + + with pytest.raises(DeletePerimeterWithAssignment) as exception_info: + data_helper.delete_subject(policy_id, subject_id) + assert '400: Perimeter With Assignment Error' == str(exception_info.value) + + +def test_delete_object_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category" + uuid4().hex, + object_category_name="object_category" + uuid4().hex, + action_category_name="action_category" + uuid4().hex, + meta_rule_name="meta_rule_" + uuid4().hex) + + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + + with pytest.raises(DeletePerimeterWithAssignment) as exception_info: + data_helper.delete_object(policy_id, object_id) + assert '400: Perimeter With Assignment Error' == str(exception_info.value) + +def test_delete_action_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category" + uuid4().hex, + object_category_name="object_category" + uuid4().hex, + action_category_name="action_category" + uuid4().hex, + meta_rule_name="meta_rule_" + uuid4().hex) + + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + + with pytest.raises(DeletePerimeterWithAssignment) as exception_info: + data_helper.delete_action(policy_id, action_id) + assert '400: Perimeter With Assignment Error' == str(exception_info.value) + + def test_get_available_metadata(db): subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( subject_category_name="subject_category1", @@ -597,6 +702,6 @@ def test_get_available_metadata(db): def test_get_available_metadata_with_invalid_policy_id(db): - with pytest.raises(Exception) as exception_info: + with pytest.raises(PolicyUnknown) as exception_info: data_helper.get_available_metadata(policy_id='invalid') assert '400: Policy Unknown' == str(exception_info.value) diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py index 07ee87fd..b2394203 100755 --- a/python_moondb/tests/unit_python/policies/test_policies.py +++ b/python_moondb/tests/unit_python/policies/test_policies.py @@ -6,8 +6,13 @@ import pytest import helpers.mock_data as mock_data import helpers.policy_helper as policy_helper +import helpers.model_helper as model_helper +import helpers.model_helper as model_helper from python_moonutilities.exceptions import * import helpers.pdp_helper as pdp_helper +import helpers.data_helper as data_helper +import helpers.assignment_helper as assignment_helper +from uuid import uuid4 def test_get_policies(db): @@ -17,9 +22,11 @@ def test_get_policies(db): def test_add_policies(db): + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) value = { "name": "test_policy", - "model_id": "", + "model_id": model_id, "genre": "authz", "description": "test", } @@ -35,43 +42,53 @@ def test_add_policies(db): def test_add_policies_twice_with_same_id(db): policy_id = 'policy_id_1' + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) value = { "name": "test_policy", - "model_id": "", + "model_id": model_id, "genre": "authz", "description": "test", } policy_helper.add_policies(policy_id, value) with pytest.raises(PolicyExisting) as exception_info: policy_helper.add_policies(policy_id, value) - # assert str(exception_info.value) == '409: Policy Error' + assert str(exception_info.value) == '409: Policy Already Exists' def test_add_policies_twice_with_same_name(db): + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) + policy_name=uuid4().hex value = { - "name": "test_policy", - "model_id": "", + "name": policy_name, + "model_id": model_id, "genre": "authz", "description": "test", } policy_helper.add_policies(value=value) with pytest.raises(Exception) as exception_info: policy_helper.add_policies(value=value) - # assert str(exception_info.value) == '409: Policy Error' + assert str(exception_info.value) == '409: Policy Already Exists' + assert str(exception_info.value.description)== 'Policy name Existed' def test_delete_policies(db): + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) + policy_name1 = uuid4().hex value = { - "name": "test_policy1", - "model_id": "", + "name": policy_name1, + "model_id": model_id, "genre": "authz", "description": "test", } policies = policy_helper.add_policies(value=value) policy_id1 = list(policies.keys())[0] + policy_name2 = uuid4().hex value = { - "name": "test_policy2", - "model_id": "", + "name": policy_name2, + "model_id": model_id, "genre": "authz", "description": "test", } @@ -95,7 +112,7 @@ def test_update_policy(db): policy_id = list(policies.keys())[0] value = { "name": "test_policy4", - "model_id": "", + "model_id": policies[policy_id]['model_id'], "genre": "authz", "description": "test-3", } @@ -106,6 +123,24 @@ def test_update_policy(db): assert updated_policy[policy_id][key] == value[key] +def test_update_policy_name_with_existed_one(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + policy_name = uuid4().hex + value = { + "name": policy_name, + "model_id": policies[policy_id1]['model_id'], + "genre": "authz", + "description": "test-3", + } + policy_helper.add_policies(value=value) + with pytest.raises(PolicyExisting) as exception_info: + policy_helper.update_policy(policy_id=policy_id1,value=value) + + assert str(exception_info.value) == '409: Policy Already Exists' + assert str(exception_info.value.description)== 'Policy name Existed' + + def test_update_policy_with_invalid_id(db): policy_id = 'invalid-id' value = { @@ -116,7 +151,7 @@ def test_update_policy_with_invalid_id(db): } with pytest.raises(PolicyUnknown) as exception_info: policy_helper.update_policy(policy_id, value) - # assert str(exception_info.value) == '400: Policy Unknown' + assert str(exception_info.value) == '400: Policy Unknown' def test_get_policy_from_meta_rules(db): @@ -154,18 +189,10 @@ def test_get_rules(db): action_category_name="action_category12", meta_rule_name="meta_rule_12", model_name="model12") - value = { - "rule": ("low", "medium", "vm-action"), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) - value = { - "rule": ("low", "low", "vm-action"), - "instructions": ({"decision": "grant"}), - "enabled": "", - } - policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) rules = policy_helper.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id) assert isinstance(rules, dict) assert rules @@ -179,15 +206,22 @@ def test_get_rules_with_invalid_policy_id_failure(db): assert len(rules.get('rules')) == 0 -def test_add_rule(db): +def test_add_rule_existing(db): subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( subject_category_name="subject_category1", object_category_name="object_category1", action_category_name="action_category1", meta_rule_name="meta_rule_1", model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { - "rule": ("high", "medium", "vm-action"), + "rule": (subject_data_id, object_data_id, action_data_id), "instructions": ({"decision": "grant"}), "enabled": "", } @@ -201,23 +235,263 @@ def test_add_rule(db): assert key in rules[rule_id] assert rules[rule_id][key] == value[key] - with pytest.raises(RuleExisting): + with pytest.raises(RuleExisting) as exception_info: policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '409: Rule Existing' -def test_delete_rule(db): +def test_check_existing_rule_valid_request(db): subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( - subject_category_name="subject_category14", - object_category_name="object_category14", - action_category_name="action_category14", - meta_rule_name="meta_rule_14", - model_name="model14") + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) value = { - "rule": ("low", "low", "vm-action"), + "rule": (subject_data_id, object_data_id, action_data_id), "instructions": ({"decision": "grant"}), "enabled": "", } - rules = policy_helper.add_rule(policy_id, meta_rule_id, value) + + rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert rules + assert len(rules) == 1 + assert isinstance(rules, dict) + rule_id = list(rules.keys())[0] + for key in ("rule", "instructions", "enabled"): + assert key in rules[rule_id] + assert rules[rule_id][key] == value[key] + + with pytest.raises(RuleExisting) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '409: Rule Existing' + + +def test_check_existing_rule_valid_multiple__data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id1 = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + subject_data_id2 = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id1 = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + object_data_id2 = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id1 = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + action_data_id2 = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": ( + subject_data_id1, object_data_id2, action_data_id1), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert rules + assert len(rules) == 1 + assert isinstance(rules, dict) + rule_id = list(rules.keys())[0] + for key in ("rule", "instructions", "enabled"): + assert key in rules[rule_id] + assert rules[rule_id][key] == value[key] + + with pytest.raises(RuleExisting) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '409: Rule Existing' + + +def test_check_existing_rule_missing_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert exception_info.value.description== "Missing Data" + + +def test_check_existing_rule_meta_rule_missing_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, object_data_id, action_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(MetaRuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Meta Rule Error' + assert exception_info.value.description == "Missing Data" + + +def test_check_existing_rule_invalid_data_id_order(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (object_data_id, action_data_id, subject_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Subject_category" in exception_info.value.description + + +def test_check_existing_rule_invalid_data_id_order_scenrio_2(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, action_data_id, object_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Object_category" in exception_info.value.description + + +def test_check_existing_rule_wrong_subject_data_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (uuid4().hex, object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Subject_category" in exception_info.value.description + + +def test_check_existing_rule_wrong_object_data_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, uuid4().hex, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Object_category" in exception_info.value.description + + +def test_check_existing_rule_wrong_action_data_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, object_data_id, uuid4().hex), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Action_category" in exception_info.value.description + + +def test_delete_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + rules = policy_helper.add_rule(policy_id, meta_rule_id) rule_id = list(rules.keys())[0] policy_helper.delete_rule(policy_id, rule_id) rules = policy_helper.get_rules(policy_id, meta_rule_id) @@ -225,13 +499,7 @@ def test_delete_rule(db): def test_delete_policies_with_pdp(db): - value = { - "name": "test_policy1", - "model_id": "", - "genre": "authz", - "description": "test", - } - policies = policy_helper.add_policies(value=value) + policies = policy_helper.add_policies() policy_id1 = list(policies.keys())[0] pdp_id = "pdp_id1" value = { @@ -243,3 +511,133 @@ def test_delete_policies_with_pdp(db): pdp_helper.add_pdp(pdp_id=pdp_id, value=value) with pytest.raises(DeletePolicyWithPdp) as exception_info: policy_helper.delete_policies(policy_id1) + assert str(exception_info.value) == '400: Policy With PDP Error' + assert 'Cannot delete policy with pdp' == exception_info.value.description + + +def test_delete_policies_with_subject_perimeter(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + + value = { + "name": "testuser", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + data_helper.add_subject(policy_id=policy_id1, value=value) + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id1) + assert str(exception_info.value) == '400: Policy With Perimeter Error' + assert 'Cannot delete policy with perimeter'== exception_info.value.description + + +def test_delete_policies_with_object_perimeter(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + + value = { + "name": "test_obj", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + data_helper.add_object(policy_id=policy_id1, value=value) + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id1) + assert str(exception_info.value) == '400: Policy With Perimeter Error' + assert 'Cannot delete policy with perimeter'== exception_info.value.description + + +def test_delete_policies_with_action_perimeter(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + + value = { + "name": "test_act", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + data_helper.add_action(policy_id=policy_id1, value=value) + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id1) + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_subject_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id) + + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_object_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_action_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_subject_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + + with pytest.raises(DeletePolicyWithData) as exception_info: + policy_helper.delete_policies(policy_id) + + assert '400: Policy With Data Error' == str(exception_info.value) + + +def test_delete_policies_with_object_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + + with pytest.raises(DeletePolicyWithData) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Data Error' == str(exception_info.value) + + +def test_delete_policies_with_action_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + + with pytest.raises(DeletePolicyWithData) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Data Error' == str(exception_info.value) + + +def test_delete_policies_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + rules = policy_helper.add_rule(policy_id, meta_rule_id) + + with pytest.raises(DeletePolicyWithRules) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Rule Error' == str(exception_info.value) diff --git a/python_moondb/tests/unit_python/requirements.txt b/python_moondb/tests/unit_python/requirements.txt index ff727723..aea8e3d5 100644 --- a/python_moondb/tests/unit_python/requirements.txt +++ b/python_moondb/tests/unit_python/requirements.txt @@ -1,4 +1,4 @@ sqlalchemy pymysql requests_mock -python_moonutilities
\ No newline at end of file +python_moonutilities==1.4.20
\ No newline at end of file |