Gitiles
Code Review Sign In
gerrit.opencord.org / xos / b69f47009f8ce704a16dadaa4f4b4a87ea86fe5d / . / lib / xos-genx / tests / xos_validation_test.py
blob: 7e70ede5e88e73d0fc1b0311d2a94fa25ef42731 [file] [log] [blame]
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]1import unittest
2from xosgenx.generator import XOSGenerator
3from helpers import FakeArgs, XProtoTestHelpers
4
5"""The function below is for eliminating warnings arising due to the missing policy_output_validator,
6which is generated and loaded dynamically.
7"""
8def policy_output_validator(x, y):
9 raise Exception("Validator not generated. Test failed.")
10 return False
11
12"""
13The tests below use the Python code target to generate
14Python validation policies, set up an appropriate environment and execute the Python.
15"""
16class XProtoXOSModelValidationTest(unittest.TestCase):
17 def setUp(self):
18 self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_validator('output', proto.policies.test_policy, None, 'Necessary Failure') }}")
19
20 def test_instance_container(self):
21 xproto = \
22"""
23 policy test_policy < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") >
24"""
25 args = FakeArgs()
26 args.inputs = xproto
27 args.target = self.target
28
29 output = XOSGenerator.generate(args)
30
31 obj = FakeArgs()
32 obj.isolation = 'container'
33 obj.kind = 'not a container'
34
35 exec(output) # This loads the generated function, which should look like this:
36
37 """
38 def policy_output_validator(obj, ctx):
39 i4 = (obj.isolation == 'container')
40 i5 = (self.isolation == 'container_vm')
41 i2 = (i4 or i5)
42 i3 = (obj.image.kind == 'container')
43 i1 = (i2 or i3)
44 return i1
45 """
46
47 with self.assertRaises(Exception):
48 policy_output_validator(obj, {})
49
50 def test_slice_name_validation(self):
51 xproto = \
52"""
53 policy test_policy < not obj.id -> {{ obj.name.startswith(obj.site.login_base) }} >
54"""
55 args = FakeArgs()
56 args.inputs = xproto
57 args.target = self.target
58
59 output = XOSGenerator.generate(args)
60
61 obj = FakeArgs()
62 obj.isolation = 'container'
63 obj.kind = 'not a container'
64
65 exec(output) # This loads the generated function, which should look like this:
66
67 """
68 def policy_output_validator(obj, ctx):
69 i3 = obj.id
70 i4 = obj.name.startswith(obj.site.login_base)
71 i2 = ((not i3) or i4)
72 i1 = (not i2)
73 if (not i1):
74 raise ValidationError('Necessary Failure')
75 """
76
77 with self.assertRaises(Exception):
78 policy_output_validator(obj, {})
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]79
80 def test_equal(self):
81 xproto = \
82"""
83 policy test_policy < not (ctx.user = obj.user) >
84"""
85
86 args = FakeArgs()
87 args.inputs = xproto
88 args.target = self.target
89
90 output = XOSGenerator.generate(args)
91
92 exec(output) # This loads the generated function, which should look like this:
93
94 """
95 def policy_output_validator(obj, ctx):
96 i2 = (ctx.user == obj.user)
97 i1 = (not i2)
98 if (not i1):
99 raise Exception('Necessary Failure')
100 """
101
102 obj = FakeArgs()
103 obj.user = 1
104 ctx = FakeArgs()
105 ctx.user = 1
106
107 with self.assertRaises(Exception):
108 policy_output_validator(obj, ctx)
109
110 def test_bin(self):
111 xproto = \
112"""
Sapan Bhatiab69f4702017-07-31 16:03:33 -0400[diff] [blame^]113 policy test_policy < not (ctx.is_admin = True | obj.empty = True) | False>
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]114"""
115
116 args = FakeArgs()
117 args.inputs = xproto
118 args.target = self.target
119
120 output = XOSGenerator.generate(args)
121 exec(output) # This loads the generated function, which should look like this:
122
123 """
124 def policy_output_validator(obj, ctx):
125 i2 = (ctx.is_admin == True)
126 i3 = (obj.empty == True)
127 i1 = (i2 or i3)
128 if (not i1):
129 raise Exception('Necessary Failure')
130 """
131
132 obj = FakeArgs()
133 obj.empty = True
134
135 ctx = FakeArgs()
136 ctx.is_admin = True
137
138 with self.assertRaises(Exception):
139 verdict = policy_output_validator(obj, ctx)
140
141
142 def test_exists(self):
143 xproto = \
144"""
145 policy test_policy < exists Privilege: Privilege.object_id = obj.id >
146"""
147 args = FakeArgs()
148 args.inputs = xproto
149 args.target = self.target
150
151 output = XOSGenerator.generate(args)
152 exec(output) # This loads the generated function, which should look like this:
153
154 """
155 def policy_output_validator(obj, ctx):
156 i1 = Privilege.objects.filter(Q(object_id=obj.id))[0]
157 if (not i1):
158 raise Exception('Necessary Failure')
159 """
160
161 self.assertTrue(policy_output_validator is not None)
162
163 def test_python(self):
164 xproto = \
165"""
166 policy test_policy < {{ "jack" in ["the", "box"] }} = True >
167"""
168 args = FakeArgs()
169 args.inputs = xproto
170 args.target = self.target
171 output = XOSGenerator.generate(args)
172 exec(output) # This loads the generated function, which should look like this:
173
174 """
175 def policy_output_validator(obj, ctx):
176 i2 = ('jack' in ['the', 'box'])
177 i1 = (i2 == True)
178 if (not i1):
179 raise Exception('Necessary Failure')
180 """
181
182 with self.assertRaises(Exception):
183 self.assertTrue(policy_output_validator({}, {}) is True)
184
185 def test_forall(self):
186 # This one we only parse
187 xproto = \
188"""
189 policy test_policy < forall Credential: Credential.obj_id = obj_id >
190"""
191
192 args = FakeArgs()
193 args.inputs = xproto
194 args.target = self.target
195
196 output = XOSGenerator.generate(args)
197
198 """
199 def policy_output_enforcer(obj, ctx):
200 i2 = Credential.objects.filter((~ Q(obj_id=obj_id)))[0]
201 i1 = (not i2)
202 return i1
203 """
204
205 self.assertIn('policy_output_validator', output)
206
207if __name__ == '__main__':
208 unittest.main()