| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 1 | import unittest |
| 2 | from xosgenx.generator import XOSGenerator |
| 3 | from helpers import FakeArgs, XProtoTestHelpers |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 4 | |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 5 | """The function below is for eliminating warnings arising due to the missing policy_output_enforcer, |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 6 | which is generated and loaded dynamically. |
| 7 | """ |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 8 | def policy_output_enforcer(x, y): |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 9 | raise Exception("Security enforcer not generated. Test failed.") |
| 10 | return False |
| 11 | |
| 12 | """ |
| 13 | The tests below use the Python code target to generate |
| 14 | Python security policies, set up an appropriate environment and execute the Python. |
| 15 | """ |
| 16 | class XProtoXOSSecurityTest(unittest.TestCase): |
| 17 | def setUp(self): |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 18 | self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_test('output',proto.policies.test_policy, None, '0') }}") |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 19 | |
| 20 | """ |
| 21 | This is the security policy for controllers |
| 22 | """ |
| 23 | def test_controller_policy(self): |
| 24 | xproto = \ |
| 25 | """ |
| 26 | policy test_policy < ctx.user.is_admin | exists Privilege: Privilege.user_id = ctx.user.id & Privilege.object_type = "Deployment" > |
| 27 | """ |
| 28 | args = FakeArgs() |
| 29 | args.inputs = xproto |
| 30 | args.target = self.target |
| 31 | |
| 32 | output = XOSGenerator.generate(args) |
| 33 | |
| 34 | exec(output) # This loads the generated function, which should look like this: |
| 35 | |
| 36 | """ |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 37 | def policy_output_enforcer(obj, ctx): |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 38 | i2 = ctx.user.is_admin |
| 39 | i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0] |
| 40 | i1 = (i2 or i3) |
| 41 | return i1 |
| 42 | """ |
| 43 | |
| 44 | # FIXME: Test this policy by executing it |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 45 | self.assertTrue(policy_output_enforcer is not None) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 46 | |
| 47 | """ |
| 48 | This is the security policy for controllers |
| 49 | """ |
| 50 | def _test_controller_network_policy(self): |
| 51 | xproto = \ |
| 52 | """ |
| 53 | policy test_policy < ctx.user.is_admin | exists Slice: forall ctx.networks: ctx.networks.owner.id = Slice.id > |
| 54 | """ |
| 55 | args = FakeArgs() |
| 56 | args.inputs = xproto |
| 57 | args.target = self.target |
| 58 | |
| 59 | output = XOSGenerator.generate(args) |
| 60 | |
| 61 | exec(output) # This loads the generated function, which should look like this: |
| 62 | |
| 63 | """ |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 64 | def policy_output_enforcer(obj, ctx): |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 65 | i2 = ctx.user.is_admin |
| 66 | i3 = Privilege.objects.filter(Q(user_id=ctx.user.id), Q(object_type='Deployment'))[0] |
| 67 | i1 = (i2 or i3) |
| 68 | return i1 |
| 69 | """ |
| 70 | |
| 71 | # FIXME: Test this policy by executing it |
| Sapan Bhatia | 5ea307d | 2017-07-19 00:13:21 -0400 | [diff] [blame] | 72 | self.assertTrue(policy_output_enforcer is not None) |
| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 73 | |
| 74 | |
| 75 | if __name__ == '__main__': |
| 76 | unittest.main() |