| Matteo Scandolo | d2044a4 | 2017-08-07 16:08:28 -0700 | [diff] [blame] | 1 | # Copyright 2017-present Open Networking Foundation |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| Zack Williams | 9a42f87 | 2019-02-15 17:56:04 -0700 | [diff] [blame] | 15 | from __future__ import absolute_import |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 16 | import unittest |
| Scott Baker | 1f7791d | 2018-10-04 13:21:20 -0700 | [diff] [blame] | 17 | from xosgenx.generator import XOSProcessor, XOSProcessorArgs |
| 18 | from helpers import XProtoTestHelpers |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 19 | |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 20 | |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 21 | def policy_output_enforcer(x, y): |
| Zack Williams | 9a42f87 | 2019-02-15 17:56:04 -0700 | [diff] [blame] | 22 | """ |
| 23 | eliminating warnings arising due to the missing policy_output_enforcer, |
| 24 | which is generated and loaded dynamically. |
| 25 | """ |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 26 | raise Exception("Security enforcer not generated. Test failed.") |
| 27 | return False |
| 28 | |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 29 | |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 30 | |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 31 | class XProtoXOSSecurityTest(unittest.TestCase): |
| Zack Williams | 9a42f87 | 2019-02-15 17:56:04 -0700 | [diff] [blame] | 32 | """ |
| 33 | Use the Python code target to generate Python security policies, set up an |
| 34 | appropriate environment and execute the Python. The security policies here |
| 35 | deliberately made complex in order to stress the processor. |
| 36 | """ |
| 37 | |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 38 | def setUp(self): |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 39 | self.target = XProtoTestHelpers.write_tmp_target( |
| 40 | "{{ xproto_fol_to_python_test('output',proto.policies.test_policy, None, '0') }}" |
| 41 | ) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 42 | |
| 43 | """ |
| 44 | This is the security policy for controllers |
| 45 | """ |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 46 | |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 47 | def test_controller_policy(self): |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 48 | xproto = """ |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 49 | policy test_policy < ctx.user.is_admin | exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.object_type = "Deployment" & Privilege.permission = "role:admin" & Privilege.object_id = obj.id > |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 50 | """ |
| Scott Baker | 1f7791d | 2018-10-04 13:21:20 -0700 | [diff] [blame] | 51 | args = XOSProcessorArgs() |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 52 | args.inputs = xproto |
| 53 | args.target = self.target |
| 54 | |
| Sapan Bhatia | bfb233a | 2018-02-09 14:53:09 -0800 | [diff] [blame] | 55 | output = XOSProcessor.process(args) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 56 | |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 57 | exec(output) # This loads the generated function, which should look like this: |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 58 | |
| 59 | """ |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 60 | def policy_output_enforcer(obj, ctx): |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 61 | i2 = ctx.user.is_admin |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 62 | i3 = Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(object_type='Deployment'), Q(permission='role:admin'), Q(object_id=obj.id))[0] |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 63 | i1 = (i2 or i3) |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 64 | return i1 |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 65 | """ |
| 66 | |
| 67 | # FIXME: Test this policy by executing it |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 68 | self.assertTrue(policy_output_enforcer is not None) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 69 | |
| 70 | """ |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 71 | This is the security policy for ControllerNetworks |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 72 | """ |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 73 | |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 74 | def test_controller_network_policy(self): |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 75 | xproto = """ |
| 76 | policy test_policy < |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 77 | ctx.user.is_admin |
| 78 | | (exists Privilege: |
| 79 | Privilege.accessor_id = ctx.user.id |
| 80 | & Privilege.accessor_type = "User" |
| 81 | & Privilege.object_type = "Slice" |
| 82 | & Privilege.object_id = obj.owner.id) |
| 83 | | (exists Privilege: |
| 84 | Privilege.accessor_id = ctx.user.id |
| 85 | & Privilege.accessor_type = "User" |
| 86 | & Privilege.object_type = "Site" |
| 87 | & Privilege.object_id = obj.owner.site.id |
| 88 | & Privilege.permission = "role:admin") > |
| 89 | """ |
| Scott Baker | 1f7791d | 2018-10-04 13:21:20 -0700 | [diff] [blame] | 90 | args = XOSProcessorArgs() |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 91 | args.inputs = xproto |
| 92 | args.target = self.target |
| 93 | |
| Sapan Bhatia | bfb233a | 2018-02-09 14:53:09 -0800 | [diff] [blame] | 94 | output = XOSProcessor.process(args) |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 95 | exec(output) # This loads the generated function, which should look like this: |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 96 | |
| 97 | """ |
| 98 | def policy_output_enforcer(obj, ctx): |
| 99 | i2 = ctx.user.is_admin |
| 100 | i4 = Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Slice'), Q(object_id=obj.owner.id))[0] |
| 101 | i5 = Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Site'), Q(object_id=obj.owner.site.id), Q(permission='role:admin'))[0] |
| 102 | i3 = (i4 or i5) |
| 103 | i1 = (i2 or i3) |
| 104 | return i1 |
| 105 | """ |
| 106 | |
| 107 | # FIXME: Test this policy by executing it |
| 108 | self.assertTrue(policy_output_enforcer is not None) |
| 109 | |
| 110 | """ |
| 111 | This is the security policy for Slices |
| 112 | """ |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 113 | |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 114 | def test_slice_policy(self): |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 115 | xproto = """ |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 116 | policy site_policy < |
| 117 | ctx.user.is_admin |
| 118 | | (ctx.write_access -> exists Privilege: Privilege.object_type = "Site" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission_id = "role:admin") > |
| 119 | |
| 120 | policy test_policy < |
| 121 | ctx.user.is_admin |
| 122 | | (*site_policy(site) |
| 123 | & ((exists Privilege: |
| 124 | Privilege.accessor_id = ctx.user.id |
| 125 | & Privilege.accessor_type = "User" |
| 126 | & Privilege.object_type = "Slice" |
| 127 | & Privilege.object_id = obj.id |
| 128 | & (ctx.write_access->Privilege.permission="role:admin")) |
| 129 | | (exists Privilege: |
| 130 | Privilege.accessor_id = ctx.user.id |
| 131 | & Privilege.accessor_type = "User" |
| 132 | & Privilege.object_type = "Site" |
| 133 | & Privilege.object_id = obj.site.id |
| 134 | & Privilege.permission = "role:admin")) |
| 135 | )> |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 136 | |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 137 | """ |
| Scott Baker | 1f7791d | 2018-10-04 13:21:20 -0700 | [diff] [blame] | 138 | args = XOSProcessorArgs() |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 139 | args.inputs = xproto |
| 140 | args.target = self.target |
| 141 | |
| Sapan Bhatia | bfb233a | 2018-02-09 14:53:09 -0800 | [diff] [blame] | 142 | output = XOSProcessor.process(args) |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 143 | |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 144 | exec(output) # This loads the generated function, which should look like this: |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 145 | |
| 146 | """ |
| 147 | def policy_output_enforcer(obj, ctx): |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 148 | i2 = ctx.user.is_admin |
| 149 | i4 = policy_site_policy_enforcer(obj.site, ctx) |
| 150 | i10 = ctx.write_access |
| 151 | i11 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Slice'), Q(object_id=obj.id), Q(permission='role:admin')))) |
| 152 | i8 = (i10 and i11) |
| 153 | i14 = ctx.write_access |
| 154 | i12 = (not i14) |
| 155 | i13 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Slice'), Q(object_id=obj.id)))) |
| 156 | i9 = (i12 and i13) |
| 157 | i6 = (i8 or i9) |
| 158 | i7 = (not (not Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(object_type='Site'), Q(object_id=obj.site.id), Q(permission='role:admin')))) |
| 159 | i5 = (i6 or i7) |
| 160 | i3 = (i4 and i5) |
| 161 | i1 = (i2 or i3) |
| 162 | return i1 |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 163 | """ |
| 164 | |
| 165 | # FIXME: Test this policy by executing it |
| 166 | self.assertTrue(policy_output_enforcer is not None) |
| 167 | |
| 168 | """ |
| 169 | This is the security policy for Users |
| 170 | """ |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 171 | |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 172 | def test_user_policy(self): |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 173 | xproto = """ |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 174 | policy test_policy < |
| 175 | ctx.user.is_admin |
| 176 | | ctx.user.id = obj.id |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 177 | | (exists Privilege: |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 178 | Privilege.accessor_id = ctx.user.id |
| 179 | & Privilege.accessor_type = "User" |
| 180 | & Privilege.permission = "role:admin" |
| 181 | & Privilege.object_type = "Site" |
| 182 | & Privilege.object_id = ctx.user.site.id) > |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 183 | """ |
| Scott Baker | 1f7791d | 2018-10-04 13:21:20 -0700 | [diff] [blame] | 184 | args = XOSProcessorArgs() |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 185 | args.inputs = xproto |
| 186 | args.target = self.target |
| 187 | |
| Sapan Bhatia | bfb233a | 2018-02-09 14:53:09 -0800 | [diff] [blame] | 188 | output = XOSProcessor.process(args) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 189 | |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 190 | exec(output) # This loads the generated function, which should look like this: |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 191 | |
| 192 | """ |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 193 | def policy_output_enforcer(obj, ctx): |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 194 | i2 = ctx.user.is_admin |
| Sapan Bhatia | b69f470 | 2017-07-31 16:03:33 -0400 | [diff] [blame] | 195 | i4 = (ctx.user.id == obj.id) |
| 196 | i5 = Privilege.objects.filter(Q(accessor_id=ctx.user.id), Q(accessor_type='User'), Q(permission='role:admin'), Q(object_type='Site'), Q(object_id=ctx.user.site.id))[0] |
| 197 | i3 = (i4 or i5) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 198 | i1 = (i2 or i3) |
| 199 | return i1 |
| 200 | """ |
| 201 | |
| 202 | # FIXME: Test this policy by executing it |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 203 | self.assertTrue(policy_output_enforcer is not None) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 204 | |
| Zack Williams | 045b63d | 2019-01-22 16:30:57 -0700 | [diff] [blame] | 205 | |
| 206 | if __name__ == "__main__": |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 207 | unittest.main() |