blob: 8cdd746be0bdc2cbbe6225c50ff99434bea99dc8 [file] [log] [blame]
import unittest
from xosgenx.generator import XOSGenerator
from helpers import FakeArgs, XProtoTestHelpers
"""The function below is for eliminating warnings arising due to the missing policy_output_enforcer,
which is generated and loaded dynamically.
"""
def policy_output_enforcer(x, y):
raise Exception("Security enforcer not generated. Test failed.")
return False
"""
The tests below use the Python code target to generate
Python security policies, set up an appropriate environment and execute the Python.
"""
class XProtoXOSSecurityTest(unittest.TestCase):
def setUp(self):
self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_test('output',proto.policies.test_policy, None, '0') }}")
"""
This is the security policy for controllers
"""
def test_controller_policy(self):
xproto = \
"""
policy test_policy < ctx.user.is_admin | exists Privilege: Privilege.user_id = ctx.user.id & Privilege.object_type = "Deployment" >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output) # This loads the generated function, which should look like this:
"""
def policy_output_enforcer(obj, ctx):
i2 = ctx.user.is_admin
i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0]
i1 = (i2 or i3)
return i1
"""
# FIXME: Test this policy by executing it
self.assertTrue(policy_output_enforcer is not None)
"""
This is the security policy for controllers
"""
def _test_controller_network_policy(self):
xproto = \
"""
policy test_policy < ctx.user.is_admin | exists Slice: forall ctx.networks: ctx.networks.owner.id = Slice.id >
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output) # This loads the generated function, which should look like this:
"""
def policy_output_enforcer(obj, ctx):
i2 = ctx.user.is_admin
i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0]
i1 = (i2 or i3)
return i1
"""
# FIXME: Test this policy by executing it
self.assertTrue(policy_output_enforcer is not None)
if __name__ == '__main__':
unittest.main()