aboutsummaryrefslogtreecommitdiffstats
path: root/moon_authz/tests/unit_python/test_authz.py
blob: cf37cfdf0ac5786374da6f1070b9762887abd7c4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import json
import pickle


def get_data(data):
    return pickle.loads(data)


def get_json(data):
    return json.loads(data.decode("utf-8"))


def test_authz_true(context):
    import moon_authz.server
    from python_moonutilities.context import Context
    from python_moonutilities.cache import Cache
    server = moon_authz.server.create_server()
    client = server.app.test_client()
    CACHE = Cache()
    CACHE.update()
    print(CACHE.pdp)
    _context = Context(context, CACHE)
    req = client.post("/authz", data=pickle.dumps(_context))
    assert req.status_code == 200
    data = get_data(req.data)
    assert data
    assert isinstance(data, Context)
    policy_id = data.headers[0]
    assert policy_id
    assert "effect" in data.pdp_set[policy_id]
    assert data.pdp_set[policy_id]['effect'] == "grant"


def test_user_not_allowed(context):
    import moon_authz.server
    from python_moonutilities.context import Context
    from python_moonutilities.cache import Cache
    server = moon_authz.server.create_server()
    client = server.app.test_client()
    CACHE = Cache()
    CACHE.update()
    context['subject_name'] = "user_not_allowed"
    _context = Context(context, CACHE)
    req = client.post("/authz", data=pickle.dumps(_context))
    assert req.status_code == 400
    data = get_json(req.data)
    assert data
    assert isinstance(data, dict)
    assert "message" in data
    assert data["message"] == "Cannot find subject user_not_allowed"


def test_object_not_allowed(context):
    import moon_authz.server
    from python_moonutilities.context import Context
    from python_moonutilities.cache import Cache
    server = moon_authz.server.create_server()
    client = server.app.test_client()
    CACHE = Cache()
    CACHE.update()
    context['subject_name'] = "testuser"
    context['object_name'] = "invalid"
    _context = Context(context, CACHE)
    req = client.post("/authz", data=pickle.dumps(_context))
    assert req.status_code == 400
    data = get_json(req.data)
    assert data
    assert isinstance(data, dict)
    assert "message" in data
    assert data["message"] == "Cannot find object invalid"


def test_action_not_allowed(context):
    import moon_authz.server
    from python_moonutilities.context import Context
    from python_moonutilities.cache import Cache
    server = moon_authz.server.create_server()
    client = server.app.test_client()
    CACHE = Cache()
    CACHE.update()
    context['subject_name'] = "testuser"
    context['object_name'] = "vm1"
    context['action_name'] = "invalid"
    _context = Context(context, CACHE)
    req = client.post("/authz", data=pickle.dumps(_context))
    assert req.status_code == 400
    data = get_json(req.data)
    assert data
    assert isinstance(data, dict)
    assert "message" in data
    assert data["message"] == "Cannot find action invalid"