From f9403fe7fbb396f9699b84085658413e6c9a36d1 Mon Sep 17 00:00:00 2001 From: ReemMahmoud Date: Mon, 15 Jan 2018 13:45:29 +0200 Subject: Add exceptions and test cases Change-Id: Ifc4611833e22a4be6404f0c5e61dae8737d44cec Signed-off-by: ReemMahmoud --- python_moondb/python_moondb/api/policy.py | 36 +++++++++- .../tests/unit_python/policies/test_assignments.py | 29 ++++---- .../tests/unit_python/policies/test_data.py | 84 ++++++++++++++-------- .../tests/unit_python/policies/test_policies.py | 7 +- 4 files changed, 107 insertions(+), 49 deletions(-) (limited to 'python_moondb') diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index 97866bfd..ca313f9a 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -22,12 +22,16 @@ class PolicyManager(Managers): policies = self.PolicyManager.get_policies("admin") models = self.ModelManager.get_models("admin") for pdp_key, pdp_value in self.PDPManager.get_pdp(user_id).items(): + if 'security_pipeline' not in pdp_value: + raise exceptions.PdpContentError for policy_id in pdp_value["security_pipeline"]: - if not policies: + if not policies or policy_id not in policies: raise exceptions.PolicyUnknown model_id = policies[policy_id]["model_id"] if not models: raise exceptions.ModelUnknown + if model_id not in models: + raise exceptions.ModelUnknown if meta_rule_id in models[model_id]["meta_rules"]: return policy_id @@ -78,6 +82,8 @@ class PolicyManager(Managers): value.get('name')) perimeter_id = uuid4().hex value.update(k_user['users'][0]) + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") @@ -90,6 +96,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def add_object(self, user_id, policy_id, perimeter_id=None, value=None): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not perimeter_id: perimeter_id = uuid4().hex return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @@ -104,6 +112,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "perimeter") def add_action(self, user_id, policy_id, perimeter_id=None, value=None): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not perimeter_id: perimeter_id = uuid4().hex return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @@ -127,6 +137,10 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id: + raise Exception('Invalid category id') + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not data_id: data_id = uuid4().hex return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) @@ -151,6 +165,10 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id: + raise Exception('Invalid category id') + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not data_id: data_id = uuid4().hex return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) @@ -167,14 +185,18 @@ class PolicyManager(Managers): if not category_id: for cat in available_metadata["action"]: results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, - category_id=cat)) + category_id=cat)) if category_id and category_id in available_metadata["action"]: results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, - category_id=category_id)) + category_id=category_id)) return results @enforce(("read", "write"), "data") def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id: + raise Exception('Invalid category id') + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown if not data_id: data_id = uuid4().hex return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value) @@ -190,6 +212,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "assignments") def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id, category_id=category_id, data_id=data_id) @@ -204,6 +228,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "assignments") def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id, category_id=category_id, data_id=data_id) @@ -218,6 +244,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "assignments") def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id, category_id=category_id, data_id=data_id) @@ -232,6 +260,8 @@ class PolicyManager(Managers): @enforce(("read", "write"), "rules") def add_rule(self, user_id, policy_id, meta_rule_id, value): + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "rules") diff --git a/python_moondb/tests/unit_python/policies/test_assignments.py b/python_moondb/tests/unit_python/policies/test_assignments.py index ccac205a..707632b0 100755 --- a/python_moondb/tests/unit_python/policies/test_assignments.py +++ b/python_moondb/tests/unit_python/policies/test_assignments.py @@ -1,3 +1,6 @@ +import policies.mock_data as mock_data + + def get_action_assignments(policy_id, action_id=None, category_id=None): from python_moondb.core import PolicyManager return PolicyManager.get_action_assignments("", policy_id, action_id, category_id) @@ -44,7 +47,7 @@ def delete_subject_assignment(policy_id, subject_id, category_id, data_id): def test_get_action_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() action_id = "action_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -59,7 +62,7 @@ def test_get_action_assignments(db): def test_get_action_assignments_by_policy_id(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() action_id = "action_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -77,7 +80,7 @@ def test_get_action_assignments_by_policy_id(db): def test_add_action_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() action_id = "action_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -92,9 +95,9 @@ def test_add_action_assignments(db): def test_delete_action_assignment(db): - policy_id = "admin_1" + policy_id = mock_data.get_policy_id() add_action_assignment(policy_id, "", "", "") - policy_id = "admin_2" + policy_id = mock_data.get_policy_id() action_id = "action_id_2" category_id = "category_id_2" data_id = "data_id_2" @@ -112,7 +115,7 @@ def test_delete_action_assignment_with_invalid_policy_id(db): def test_get_object_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() object_id = "object_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -127,7 +130,7 @@ def test_get_object_assignments(db): def test_get_object_assignments_by_policy_id(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() object_id_1 = "object_id_1" category_id_1 = "category_id_1" data_id = "data_id_1" @@ -145,7 +148,7 @@ def test_get_object_assignments_by_policy_id(db): def test_add_object_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() object_id = "object_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -160,7 +163,7 @@ def test_add_object_assignments(db): def test_delete_object_assignment(db): - policy_id = "admin_1" + policy_id = mock_data.get_policy_id() add_object_assignment(policy_id, "", "", "") object_id = "action_id_2" category_id = "category_id_2" @@ -179,7 +182,7 @@ def test_delete_object_assignment_with_invalid_policy_id(db): def test_get_subject_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() subject_id = "object_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -194,7 +197,7 @@ def test_get_subject_assignments(db): def test_get_subject_assignments_by_policy_id(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() subject_id_1 = "subject_id_1" category_id_1 = "category_id_1" data_id = "data_id_1" @@ -212,7 +215,7 @@ def test_get_subject_assignments_by_policy_id(db): def test_add_subject_assignments(db): - policy_id = "admin" + policy_id = mock_data.get_policy_id() subject_id = "subject_id_1" category_id = "category_id_1" data_id = "data_id_1" @@ -227,7 +230,7 @@ def test_add_subject_assignments(db): def test_delete_subject_assignment(db): - policy_id = "admin_1" + policy_id = mock_data.get_policy_id() add_subject_assignment(policy_id, "", "", "") subject_id = "subject_id_2" category_id = "category_id_2" diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py index 875121eb..67fa44fb 100755 --- a/python_moondb/tests/unit_python/policies/test_data.py +++ b/python_moondb/tests/unit_python/policies/test_data.py @@ -117,8 +117,6 @@ def test_get_action_data(db): def test_get_action_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "action_category_id1" value = { @@ -132,7 +130,7 @@ def test_get_action_data_with_invalid_category_id(db): def test_add_action_data(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() data_id = "data_id_1" category_id = "category_id_1" value = { @@ -145,6 +143,18 @@ def test_add_action_data(db): assert action_data[action_data_id].get('policy_id') == policy_id +def test_add_action_data_with_invalid_category_id(db): + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + with pytest.raises(Exception) as exception_info: + add_action_data(policy_id=policy_id, data_id=data_id, value=value).get('data') + assert str(exception_info.value) == 'Invalid category id' + + def test_delete_action_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -164,8 +174,6 @@ def test_delete_action_data(db): def test_get_object_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "object_category_id1" value = { @@ -181,8 +189,6 @@ def test_get_object_data(db): def test_get_object_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "object_category_id1" value = { @@ -196,7 +202,7 @@ def test_get_object_data_with_invalid_category_id(db): def test_add_object_data(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() data_id = "data_id_1" category_id = "object_category_id1" value = { @@ -209,6 +215,18 @@ def test_add_object_data(db): assert object_data[object_data_id].get('policy_id') == policy_id +def test_add_object_data_with_invalid_category_id(db): + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + with pytest.raises(Exception) as exception_info: + add_object_data(policy_id=policy_id, data_id=data_id, value=value).get('data') + assert str(exception_info.value) == 'Invalid category id' + + def test_delete_object_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -228,8 +246,6 @@ def test_delete_object_data(db): def test_get_subject_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "subject_category_id1" value = { @@ -245,8 +261,6 @@ def test_get_subject_data(db): def test_get_subject_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) - - policy_id = policy_id data_id = "data_id_1" category_id = "subject_category_id1" value = { @@ -260,19 +274,31 @@ def test_get_subject_data_with_invalid_category_id(db): def test_add_subject_data(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() data_id = "data_id_1" category_id = "subject_category_id1" value = { "name": "subject-security-level", "description": {"low": "", "medium": "", "high": ""}, } - subject_data = add_object_data(policy_id, data_id, category_id, value).get('data') + subject_data = add_subject_data(policy_id, data_id, category_id, value).get('data') assert subject_data subject_data_id = list(subject_data.keys())[0] assert subject_data[subject_data_id].get('policy_id') == policy_id +def test_add_subject_data_with_no_category_id(db): + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + with pytest.raises(Exception) as exception_info: + add_subject_data(policy_id=policy_id, data_id=data_id, value=value).get('data') + assert str(exception_info.value) == 'Invalid category id' + + def test_delete_subject_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -290,7 +316,7 @@ def test_delete_subject_data(db): def test_get_actions(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -304,7 +330,7 @@ def test_get_actions(db): def test_add_action(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -316,7 +342,7 @@ def test_add_action(db): def test_add_action_multiple_times(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -330,14 +356,14 @@ def test_add_action_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - action = add_action('policy_id_7', perimeter_id, value) + action = add_action(mock_data.get_policy_id(), perimeter_id, value) assert action action_id = list(action.keys())[0] assert len(action[action_id].get('policy_list')) == 2 def test_delete_action(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_action", "description": "test", @@ -358,7 +384,7 @@ def test_delete_action_with_invalid_perimeter_id(db): def test_get_objects(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -372,7 +398,7 @@ def test_get_objects(db): def test_add_object(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -384,7 +410,7 @@ def test_add_object(db): def test_add_objects_multiple_times(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -398,14 +424,14 @@ def test_add_objects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - added_object = add_object('policy_id_7', perimeter_id, value) + added_object = add_object(mock_data.get_policy_id(), perimeter_id, value) assert added_object object_id = list(added_object.keys())[0] assert len(added_object[object_id].get('policy_list')) == 2 def test_delete_object(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "test_object", "description": "test", @@ -426,7 +452,7 @@ def test_delete_object_with_invalid_perimeter_id(db): def test_get_subjects(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", @@ -440,7 +466,7 @@ def test_get_subjects(db): def test_add_subject(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", @@ -452,7 +478,7 @@ def test_add_subject(db): def test_add_subjects_multiple_times(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", @@ -466,14 +492,14 @@ def test_add_subjects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - subject = add_subject('policy_id_7', perimeter_id, value) + subject = add_subject(mock_data.get_policy_id(), perimeter_id, value) assert subject subject_id = list(subject.keys())[0] assert len(subject[subject_id].get('policy_list')) == 2 def test_delete_subject(db): - policy_id = "policy_id_1" + policy_id = mock_data.get_policy_id() value = { "name": "testuser", "description": "test", diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py index 487cb6a1..148034ef 100755 --- a/python_moondb/tests/unit_python/policies/test_policies.py +++ b/python_moondb/tests/unit_python/policies/test_policies.py @@ -231,7 +231,7 @@ def test_get_rules(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "1" + policy_id = mock_data.get_policy_id() meta_rule_id = "1" add_rule(policy_id, meta_rule_id, value) value = { @@ -239,7 +239,6 @@ def test_get_rules(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "1" meta_rule_id = "1" add_rule(policy_id, meta_rule_id, value) rules = get_rules(policy_id, meta_rule_id) @@ -261,7 +260,7 @@ def test_add_rule(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "1" + policy_id = mock_data.get_policy_id() meta_rule_id = "1" rules = add_rule(policy_id, meta_rule_id, value) assert rules @@ -279,7 +278,7 @@ def test_delete_rule(db): "instructions": ({"decision": "grant"}), "enabled": "", } - policy_id = "2" + policy_id = mock_data.get_policy_id() meta_rule_id = "2" rules = add_rule(policy_id, meta_rule_id, value) rule_id = list(rules.keys())[0] -- cgit 1.2.3-korg