commit 3e3c1cd4eec0a42774a2161ed508f128f6362bf5
author Sapan Bhatia <gwsapan@gmail.com> Sat Jul 15 01:35:44 2017 -0400
committer Sapan Bhatia <sapan@onlab.us> Mon Jul 17 13:18:30 2017 -0700
tree 19fcc4d8e8c820be1ad4f5c4ad544c201dc5145a
parent 5be3a851c1e350259484505091201742407dd30d

CORD-1392: Autogenerate security policies

Change-Id: Ia183f2a84b27923802e62435c82b20b50fb3fcee

lib/xos-genx/tests/xos_security_test.py

diff --git a/lib/xos-genx/tests/xos_security_test.py b/lib/xos-genx/tests/xos_security_test.py
new file mode 100644
index 0000000..30a7193
--- /dev/null
+++ b/lib/xos-genx/tests/xos_security_test.py
@@ -0,0 +1,77 @@
+import unittest
+from xosgenx.generator import XOSGenerator
+from helpers import FakeArgs, XProtoTestHelpers
+import pdb
+
+"""The function below is for eliminating warnings arising due to the missing policy_output_0,
+which is generated and loaded dynamically.
+"""
+def policy_output_0(x, y):
+    raise Exception("Security enforcer not generated. Test failed.")
+    return False
+
+"""
+The tests below use the Python code target to generate 
+Python security policies, set up an appropriate environment and execute the Python.
+"""
+class XProtoXOSSecurityTest(unittest.TestCase):
+    def setUp(self):
+        self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_test(proto.policies.test_policy, None, '0') }}")
+
+    """
+    This is the security policy for controllers
+    """
+    def test_controller_policy(self):
+        xproto = \
+"""
+    policy test_policy < ctx.user.is_admin | exists Privilege: Privilege.user_id = ctx.user.id & Privilege.object_type = "Deployment" >
+"""
+        args = FakeArgs()
+        args.inputs = xproto
+        args.target = self.target
+
+        output = XOSGenerator.generate(args)
+
+        exec(output) # This loads the generated function, which should look like this:
+
+        """
+        def policy_output_0(obj, ctx):
+            i2 = ctx.user.is_admin
+            i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0]
+            i1 = (i2 or i3)
+            return i1
+        """
+
+        # FIXME: Test this policy by executing it
+        self.assertTrue(policy_output_0 is not None)
+
+    """
+    This is the security policy for controllers
+    """
+    def _test_controller_network_policy(self):
+        xproto = \
+"""
+    policy test_policy < ctx.user.is_admin | exists Slice: forall ctx.networks: ctx.networks.owner.id = Slice.id >
+"""
+        args = FakeArgs()
+        args.inputs = xproto
+        args.target = self.target
+
+        output = XOSGenerator.generate(args)
+
+        exec(output) # This loads the generated function, which should look like this:
+
+        """
+        def policy_output_0(obj, ctx):
+            i2 = ctx.user.is_admin
+            i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0]
+            i1 = (i2 or i3)
+            return i1
+        """
+
+        # FIXME: Test this policy by executing it
+        self.assertTrue(policy_output_0 is not None)
+
+
+if __name__ == '__main__':
+    unittest.main()