blob: cf37cfdf0ac5786374da6f1070b9762887abd7c4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
import json
import pickle
def get_data(data):
return pickle.loads(data)
def get_json(data):
return json.loads(data.decode("utf-8"))
def test_authz_true(context):
import moon_authz.server
from python_moonutilities.context import Context
from python_moonutilities.cache import Cache
server = moon_authz.server.create_server()
client = server.app.test_client()
CACHE = Cache()
CACHE.update()
print(CACHE.pdp)
_context = Context(context, CACHE)
req = client.post("/authz", data=pickle.dumps(_context))
assert req.status_code == 200
data = get_data(req.data)
assert data
assert isinstance(data, Context)
policy_id = data.headers[0]
assert policy_id
assert "effect" in data.pdp_set[policy_id]
assert data.pdp_set[policy_id]['effect'] == "grant"
def test_user_not_allowed(context):
import moon_authz.server
from python_moonutilities.context import Context
from python_moonutilities.cache import Cache
server = moon_authz.server.create_server()
client = server.app.test_client()
CACHE = Cache()
CACHE.update()
context['subject_name'] = "user_not_allowed"
_context = Context(context, CACHE)
req = client.post("/authz", data=pickle.dumps(_context))
assert req.status_code == 400
data = get_json(req.data)
assert data
assert isinstance(data, dict)
assert "message" in data
assert data["message"] == "Cannot find subject user_not_allowed"
def test_object_not_allowed(context):
import moon_authz.server
from python_moonutilities.context import Context
from python_moonutilities.cache import Cache
server = moon_authz.server.create_server()
client = server.app.test_client()
CACHE = Cache()
CACHE.update()
context['subject_name'] = "testuser"
context['object_name'] = "invalid"
_context = Context(context, CACHE)
req = client.post("/authz", data=pickle.dumps(_context))
assert req.status_code == 400
data = get_json(req.data)
assert data
assert isinstance(data, dict)
assert "message" in data
assert data["message"] == "Cannot find object invalid"
def test_action_not_allowed(context):
import moon_authz.server
from python_moonutilities.context import Context
from python_moonutilities.cache import Cache
server = moon_authz.server.create_server()
client = server.app.test_client()
CACHE = Cache()
CACHE.update()
context['subject_name'] = "testuser"
context['object_name'] = "vm1"
context['action_name'] = "invalid"
_context = Context(context, CACHE)
req = client.post("/authz", data=pickle.dumps(_context))
assert req.status_code == 400
data = get_json(req.data)
assert data
assert isinstance(data, dict)
assert "message" in data
assert data["message"] == "Cannot find action invalid"
|
