| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 1 | import unittest |
| 2 | from xosgenx.generator import XOSGenerator |
| 3 | from helpers import FakeArgs, XProtoTestHelpers |
| 4 | import pdb |
| 5 | |
| 6 | """The function below is for eliminating warnings arising due to the missing policy_output_0, |
| 7 | which is generated and loaded dynamically. |
| 8 | """ |
| 9 | def policy_output_0(x, y): |
| 10 | raise Exception("Security enforcer not generated. Test failed.") |
| 11 | return False |
| 12 | |
| 13 | """ |
| 14 | The tests below use the Python code target to generate |
| 15 | Python security policies, set up an appropriate environment and execute the Python. |
| 16 | """ |
| 17 | class XProtoXOSSecurityTest(unittest.TestCase): |
| 18 | def setUp(self): |
| 19 | self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_test(proto.policies.test_policy, None, '0') }}") |
| 20 | |
| 21 | """ |
| 22 | This is the security policy for controllers |
| 23 | """ |
| 24 | def test_controller_policy(self): |
| 25 | xproto = \ |
| 26 | """ |
| 27 | policy test_policy < ctx.user.is_admin | exists Privilege: Privilege.user_id = ctx.user.id & Privilege.object_type = "Deployment" > |
| 28 | """ |
| 29 | args = FakeArgs() |
| 30 | args.inputs = xproto |
| 31 | args.target = self.target |
| 32 | |
| 33 | output = XOSGenerator.generate(args) |
| 34 | |
| 35 | exec(output) # This loads the generated function, which should look like this: |
| 36 | |
| 37 | """ |
| 38 | def policy_output_0(obj, ctx): |
| 39 | i2 = ctx.user.is_admin |
| 40 | i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0] |
| 41 | i1 = (i2 or i3) |
| 42 | return i1 |
| 43 | """ |
| 44 | |
| 45 | # FIXME: Test this policy by executing it |
| 46 | self.assertTrue(policy_output_0 is not None) |
| 47 | |
| 48 | """ |
| 49 | This is the security policy for controllers |
| 50 | """ |
| 51 | def _test_controller_network_policy(self): |
| 52 | xproto = \ |
| 53 | """ |
| 54 | policy test_policy < ctx.user.is_admin | exists Slice: forall ctx.networks: ctx.networks.owner.id = Slice.id > |
| 55 | """ |
| 56 | args = FakeArgs() |
| 57 | args.inputs = xproto |
| 58 | args.target = self.target |
| 59 | |
| 60 | output = XOSGenerator.generate(args) |
| 61 | |
| 62 | exec(output) # This loads the generated function, which should look like this: |
| 63 | |
| 64 | """ |
| 65 | def policy_output_0(obj, ctx): |
| 66 | i2 = ctx.user.is_admin |
| 67 | i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0] |
| 68 | i1 = (i2 or i3) |
| 69 | return i1 |
| 70 | """ |
| 71 | |
| 72 | # FIXME: Test this policy by executing it |
| 73 | self.assertTrue(policy_output_0 is not None) |
| 74 | |
| 75 | |
| 76 | if __name__ == '__main__': |
| 77 | unittest.main() |