blob: 69dafc578c9cc29c16bdd40b68c5c770a692b484 [file] [log] [blame]
Matteo Scandolod2044a42017-08-07 16:08:28 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Sapan Bhatia5ea307d2017-07-19 00:13:21 -040017import unittest
18from xosgenx.generator import XOSGenerator
19from helpers import FakeArgs, XProtoTestHelpers
20
21"""The function below is for eliminating warnings arising due to the missing policy_output_validator,
22which is generated and loaded dynamically.
23"""
24def policy_output_validator(x, y):
25 raise Exception("Validator not generated. Test failed.")
26 return False
27
28"""
29The tests below use the Python code target to generate
30Python validation policies, set up an appropriate environment and execute the Python.
31"""
32class XProtoXOSModelValidationTest(unittest.TestCase):
33 def setUp(self):
34 self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_validator('output', proto.policies.test_policy, None, 'Necessary Failure') }}")
35
36 def test_instance_container(self):
37 xproto = \
38"""
39 policy test_policy < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") >
40"""
41 args = FakeArgs()
42 args.inputs = xproto
43 args.target = self.target
44
45 output = XOSGenerator.generate(args)
46
47 obj = FakeArgs()
48 obj.isolation = 'container'
49 obj.kind = 'not a container'
50
51 exec(output) # This loads the generated function, which should look like this:
52
53 """
54 def policy_output_validator(obj, ctx):
55 i4 = (obj.isolation == 'container')
56 i5 = (self.isolation == 'container_vm')
57 i2 = (i4 or i5)
58 i3 = (obj.image.kind == 'container')
59 i1 = (i2 or i3)
60 return i1
61 """
62
63 with self.assertRaises(Exception):
64 policy_output_validator(obj, {})
65
66 def test_slice_name_validation(self):
67 xproto = \
68"""
69 policy test_policy < not obj.id -> {{ obj.name.startswith(obj.site.login_base) }} >
70"""
71 args = FakeArgs()
72 args.inputs = xproto
73 args.target = self.target
74
75 output = XOSGenerator.generate(args)
76
77 obj = FakeArgs()
78 obj.isolation = 'container'
79 obj.kind = 'not a container'
80
81 exec(output) # This loads the generated function, which should look like this:
82
83 """
84 def policy_output_validator(obj, ctx):
85 i3 = obj.id
86 i4 = obj.name.startswith(obj.site.login_base)
87 i2 = ((not i3) or i4)
88 i1 = (not i2)
89 if (not i1):
90 raise ValidationError('Necessary Failure')
91 """
92
93 with self.assertRaises(Exception):
94 policy_output_validator(obj, {})
Sapan Bhatia5ea307d2017-07-19 00:13:21 -040095
96 def test_equal(self):
97 xproto = \
98"""
99 policy test_policy < not (ctx.user = obj.user) >
100"""
101
102 args = FakeArgs()
103 args.inputs = xproto
104 args.target = self.target
105
106 output = XOSGenerator.generate(args)
107
108 exec(output) # This loads the generated function, which should look like this:
109
110 """
111 def policy_output_validator(obj, ctx):
112 i2 = (ctx.user == obj.user)
113 i1 = (not i2)
114 if (not i1):
115 raise Exception('Necessary Failure')
116 """
117
118 obj = FakeArgs()
119 obj.user = 1
120 ctx = FakeArgs()
121 ctx.user = 1
122
123 with self.assertRaises(Exception):
124 policy_output_validator(obj, ctx)
125
126 def test_bin(self):
127 xproto = \
128"""
Sapan Bhatiab69f4702017-07-31 16:03:33 -0400129 policy test_policy < not (ctx.is_admin = True | obj.empty = True) | False>
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400130"""
131
132 args = FakeArgs()
133 args.inputs = xproto
134 args.target = self.target
135
136 output = XOSGenerator.generate(args)
137 exec(output) # This loads the generated function, which should look like this:
138
139 """
140 def policy_output_validator(obj, ctx):
141 i2 = (ctx.is_admin == True)
142 i3 = (obj.empty == True)
143 i1 = (i2 or i3)
144 if (not i1):
145 raise Exception('Necessary Failure')
146 """
147
148 obj = FakeArgs()
149 obj.empty = True
150
151 ctx = FakeArgs()
152 ctx.is_admin = True
153
154 with self.assertRaises(Exception):
155 verdict = policy_output_validator(obj, ctx)
156
157
158 def test_exists(self):
159 xproto = \
160"""
161 policy test_policy < exists Privilege: Privilege.object_id = obj.id >
162"""
163 args = FakeArgs()
164 args.inputs = xproto
165 args.target = self.target
166
167 output = XOSGenerator.generate(args)
168 exec(output) # This loads the generated function, which should look like this:
169
170 """
171 def policy_output_validator(obj, ctx):
172 i1 = Privilege.objects.filter(Q(object_id=obj.id))[0]
173 if (not i1):
174 raise Exception('Necessary Failure')
175 """
176
177 self.assertTrue(policy_output_validator is not None)
178
179 def test_python(self):
180 xproto = \
181"""
182 policy test_policy < {{ "jack" in ["the", "box"] }} = True >
183"""
184 args = FakeArgs()
185 args.inputs = xproto
186 args.target = self.target
187 output = XOSGenerator.generate(args)
188 exec(output) # This loads the generated function, which should look like this:
189
190 """
191 def policy_output_validator(obj, ctx):
192 i2 = ('jack' in ['the', 'box'])
193 i1 = (i2 == True)
194 if (not i1):
195 raise Exception('Necessary Failure')
196 """
197
198 with self.assertRaises(Exception):
199 self.assertTrue(policy_output_validator({}, {}) is True)
200
201 def test_forall(self):
202 # This one we only parse
203 xproto = \
204"""
205 policy test_policy < forall Credential: Credential.obj_id = obj_id >
206"""
207
208 args = FakeArgs()
209 args.inputs = xproto
210 args.target = self.target
211
212 output = XOSGenerator.generate(args)
213
214 """
215 def policy_output_enforcer(obj, ctx):
216 i2 = Credential.objects.filter((~ Q(obj_id=obj_id)))[0]
217 i1 = (not i2)
218 return i1
219 """
220
221 self.assertIn('policy_output_validator', output)
222
223if __name__ == '__main__':
224 unittest.main()