Home | Trees | Indices | Help |
|
---|
|
1 """Tests for AttributeSelector in policies with resource content XML in the 2 requests 3 """ 4 __author__ = "R B Wilkinson" 5 __date__ = "06/01/12" 6 __copyright__ = "(C) 2012 Science and Technology Facilities Council" 7 __license__ = "BSD - see LICENSE file in top-level directory" 8 __contact__ = "Philip.Kershaw@stfc.ac.uk" 9 __revision__ = "$Id$" 10 11 from ndg.xacml import Config, importElementTree 12 ElementTree = importElementTree() 13 14 import logging 15 import unittest 16 17 from ndg.xacml.core.context.resource import Resource as XacmlResource 18 from ndg.xacml.core.context import XacmlContextBase 19 from ndg.xacml.parsers.etree import QName 20 from ndg.xacml.parsers.etree.factory import ReaderFactory 21 from ndg.xacml.core.context.pdp import PDP 22 from ndg.xacml.core.context.result import Decision 23 from ndg.xacml.test import XACML_ATTRIBUTESELECTOR1_FILEPATH 24 from ndg.xacml.test import XACML_ATTRIBUTESELECTOR2_FILEPATH 25 from ndg.xacml.test import XACML_ATTRIBUTESELECTOR3_FILEPATH 26 from ndg.xacml.test import XACML_ATTRIBUTESELECTOR4_FILEPATH 27 from ndg.xacml.test import XACML_ATTRIBUTESELECTOR5_FILEPATH 28 from ndg.xacml.test import XACML_ATTRIBUTESELECTOR6_FILEPATH 29 from ndg.xacml.test.context import XacmlContextBaseTestCase 30 from ndg.xacml.utils.etree import prettyPrint 31 from ndg.xacml.utils.xpath_selector import EtreeXPathSelector 32 33 from ndg.xacml.parsers.etree.context import RequestElementTree 34 35 logging.basicConfig(level=logging.DEBUG) 36 37 log = logging.getLogger(__name__)41 """Tests use of AttributeSelector in policies with resource content XML in 42 the requests. 43 """ 44 NOT_APPLICABLE_RESOURCE_ID = 'https://localhost' 45 PUBLIC_RESOURCE_ID = 'http://localhost/resource-only-restricted' 46 47 RESOURCE_CONTENT_VERSION_100 = \ 48 '''<wps:GetCapabilities xmlns:ows="http://www.opengis.net/ows/1.1" 49 xmlns:wps="http://www.opengis.net/wps/1.0.0" 50 xmlns:xlink="http://www.w3.org/1999/xlink" 51 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 52 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsGetCapabilities_request.xsd" 53 language="en-CA" service="WPS"> 54 <wps:AcceptVersions> 55 <ows:Version>1.0.0</ows:Version> 56 </wps:AcceptVersions> 57 </wps:GetCapabilities> 58 ''' 59 RESOURCE_CONTENT_VERSION_200 = \ 60 '''<wps:GetCapabilities xmlns:ows="http://www.opengis.net/ows/1.1" 61 xmlns:wps="http://www.opengis.net/wps/1.0.0" 62 xmlns:xlink="http://www.w3.org/1999/xlink" 63 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 64 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsGetCapabilities_request.xsd" 65 language="en-CA" service="WPS"> 66 <wps:AcceptVersions> 67 <ows:Version>2.0.0</ows:Version> 68 </wps:AcceptVersions> 69 </wps:GetCapabilities> 70 ''' 71 RESOURCE_CONTENT_NO_VERSION = \ 72 '''<wps:GetCapabilities xmlns:ows="http://www.opengis.net/ows/1.1" 73 xmlns:wps="http://www.opengis.net/wps/1.0.0" 74 xmlns:xlink="http://www.w3.org/1999/xlink" 75 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 76 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsGetCapabilities_request.xsd" 77 language="en-CA" service="WPS"> 78 </wps:GetCapabilities> 79 ''' 80 RESOURCE_CONTENT_EXECUTE = \ 81 '''<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 82 <wps:Execute service="WPS" version="1.0.0" 83 xmlns:wps="http://www.opengis.net/wps/1.0.0" 84 xmlns:ows="http://www.opengis.net/ows/1.1" 85 xmlns:xlink="http://www.w3.org/1999/xlink" 86 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 87 xsi:schemaLocation="http://www.opengis.net/wps/1.0.0/wpsExecute_request.xsd"> 88 <ows:Identifier>Buffer</ows:Identifier> 89 <wps:DataInputs> 90 <wps:Input> 91 <ows:Identifier>InputPolygon</ows:Identifier> 92 <ows:Title>Playground area</ows:Title> 93 <wps:Reference xlink:href="http://foo.bar/some_WFS_request.xml"/> 94 </wps:Input> 95 <wps:Input> 96 <ows:Identifier>BufferDistance</ows:Identifier> 97 <ows:Title>Distance which people will walk to get to a playground.</ows:Title> 98 <wps:Data> 99 <wps:LiteralData>400</wps:LiteralData> 100 </wps:Data> 101 </wps:Input> 102 </wps:DataInputs> 103 <wps:ResponseForm> 104 <wps:RawDataOutput> 105 <ows:Identifier>BufferedPolygon</ows:Identifier> 106 </wps:RawDataOutput> 107 </wps:ResponseForm> 108 </wps:Execute> 109 ''' 110 @staticmethod312 313 314 if __name__ == "__main__": 315 unittest.main() 316112 if Config.use_lxml: 113 elem = ElementTree.Element(tag, nsmap={ns_prefix: ns_uri}) 114 else: 115 elem = ElementTree.Element(tag) 116 ElementTree._namespace_map[ns_uri] = ns_prefix 117 return elem118120 resourceContentSubElem = ElementTree.XML(resourceContent) 121 tag = str(QName(XacmlContextBase.XACML_2_0_CONTEXT_NS, 122 XacmlResource.RESOURCE_CONTENT_ELEMENT_LOCAL_NAME)) 123 resourceContentElem = self._make_element(tag, 124 XacmlContextBase.XACML_2_0_CONTEXT_NS_PREFIX, 125 XacmlContextBase.XACML_2_0_CONTEXT_NS) 126 resourceContentElem.append(resourceContentSubElem) 127 128 log.debug("\n%s", prettyPrint(resourceContentElem)) 129 130 return resourceContentElem131 132134 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 135 ReaderFactory) 136 resourceContent = self._make_resource_content_element( 137 self.__class__.RESOURCE_CONTENT_VERSION_100) 138 request = self._createRequestCtx( 139 self.__class__.NOT_APPLICABLE_RESOURCE_ID, 140 resourceContent=resourceContent) 141 request.elem = RequestElementTree.toXML(request) 142 request.attributeSelector = EtreeXPathSelector(request.elem) 143 response = self.pdp.evaluate(request) 144 self.failIf(response is None, "Null response") 145 for result in response.results: 146 self.failIf(result.decision != Decision.NOT_APPLICABLE, 147 "Expecting not applicable decision")148150 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 151 ReaderFactory) 152 resourceContent = self._make_resource_content_element( 153 self.__class__.RESOURCE_CONTENT_VERSION_100) 154 request = self._createRequestCtx( 155 self.__class__.PUBLIC_RESOURCE_ID, 156 resourceContent=resourceContent) 157 request.elem = RequestElementTree.toXML(request) 158 request.attributeSelector = EtreeXPathSelector(request.elem) 159 response = self.pdp.evaluate(request) 160 self.failIf(response is None, "Null response") 161 for result in response.results: 162 self.failIf(result.decision != Decision.PERMIT, 163 "Expecting permit decision")164166 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 167 ReaderFactory) 168 resourceContent = self._make_resource_content_element( 169 self.__class__.RESOURCE_CONTENT_VERSION_200) 170 request = self._createRequestCtx( 171 self.__class__.PUBLIC_RESOURCE_ID, 172 resourceContent=resourceContent) 173 request.elem = RequestElementTree.toXML(request) 174 request.attributeSelector = EtreeXPathSelector(request.elem) 175 response = self.pdp.evaluate(request) 176 self.failIf(response is None, "Null response") 177 for result in response.results: 178 self.failIf(result.decision != Decision.DENY, 179 "Expecting deny decision")180182 '''This should result in an indeterminate decision because the policy 183 includes an AttributeSelector with MustBePresent="true", whereas the 184 request context path is not found in the request XML. 185 ''' 186 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR1_FILEPATH, 187 ReaderFactory) 188 resourceContent = self._make_resource_content_element( 189 self.__class__.RESOURCE_CONTENT_NO_VERSION) 190 request = self._createRequestCtx( 191 self.__class__.PUBLIC_RESOURCE_ID, 192 resourceContent=resourceContent) 193 request.elem = RequestElementTree.toXML(request) 194 request.attributeSelector = EtreeXPathSelector(request.elem) 195 response = self.pdp.evaluate(request) 196 self.failIf(response is None, "Null response") 197 for result in response.results: 198 self.failIf(result.decision != Decision.INDETERMINATE, 199 "Expecting indeterminate decision")200202 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR2_FILEPATH, 203 ReaderFactory) 204 resourceContent = self._make_resource_content_element( 205 self.__class__.RESOURCE_CONTENT_EXECUTE) 206 request = self._createRequestCtx( 207 self.__class__.PUBLIC_RESOURCE_ID, 208 resourceContent=resourceContent) 209 request.elem = RequestElementTree.toXML(request) 210 request.attributeSelector = EtreeXPathSelector(request.elem) 211 response = self.pdp.evaluate(request) 212 self.failIf(response is None, "Null response") 213 for result in response.results: 214 self.failIf(result.decision != Decision.PERMIT, 215 "Expecting permit decision")216218 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR3_FILEPATH, 219 ReaderFactory) 220 resourceContent = self._make_resource_content_element( 221 self.__class__.RESOURCE_CONTENT_EXECUTE) 222 request = self._createRequestCtx( 223 self.__class__.PUBLIC_RESOURCE_ID, 224 resourceContent=resourceContent) 225 request.elem = RequestElementTree.toXML(request) 226 request.attributeSelector = EtreeXPathSelector(request.elem) 227 response = self.pdp.evaluate(request) 228 self.failIf(response is None, "Null response") 229 for result in response.results: 230 self.failIf(result.decision != Decision.PERMIT, 231 "Expecting permit decision")232234 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR3_FILEPATH, 235 ReaderFactory) 236 resourceContent = self._make_resource_content_element( 237 self.__class__.RESOURCE_CONTENT_EXECUTE) 238 request = self._createRequestCtx( 239 self.__class__.PUBLIC_RESOURCE_ID, 240 subjectId='https://nowhere.ac.uk/noone', 241 resourceContent=resourceContent) 242 request.elem = RequestElementTree.toXML(request) 243 request.attributeSelector = EtreeXPathSelector(request.elem) 244 response = self.pdp.evaluate(request) 245 self.failIf(response is None, "Null response") 246 for result in response.results: 247 self.failIf(result.decision != Decision.DENY, 248 "Expecting deny decision")249251 # Test with condition in XPath expression - this will only return a 252 # permit decision when using lxml 253 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR4_FILEPATH, 254 ReaderFactory) 255 resourceContent = self._make_resource_content_element( 256 self.__class__.RESOURCE_CONTENT_EXECUTE) 257 request = self._createRequestCtx( 258 self.__class__.PUBLIC_RESOURCE_ID, 259 resourceContent=resourceContent) 260 request.elem = RequestElementTree.toXML(request) 261 request.attributeSelector = EtreeXPathSelector(request.elem) 262 response = self.pdp.evaluate(request) 263 self.failIf(response is None, "Null response") 264 for result in response.results: 265 if Config.use_lxml: 266 self.failIf(result.decision != Decision.PERMIT, 267 "Expecting permit decision") 268 else: 269 log.debug("Using ElementTree: dependent on the version, this " 270 "test may result in an indeterminate decision. " 271 "result.decision = %s" % result.decision)272274 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR5_FILEPATH, 275 ReaderFactory) 276 resourceContent = self._make_resource_content_element( 277 self.__class__.RESOURCE_CONTENT_EXECUTE) 278 request = self._createRequestCtx( 279 self.__class__.PUBLIC_RESOURCE_ID, 280 resourceContent=resourceContent) 281 request.elem = RequestElementTree.toXML(request) 282 request.attributeSelector = EtreeXPathSelector(request.elem) 283 response = self.pdp.evaluate(request) 284 self.failIf(response is None, "Null response") 285 for result in response.results: 286 if Config.use_lxml: 287 self.failIf(result.decision != Decision.PERMIT, 288 "Expecting permit decision") 289 else: 290 self.failIf(result.decision != Decision.INDETERMINATE, 291 "Expecting indeterminate decision")292294 self.pdp = PDP.fromPolicySource(XACML_ATTRIBUTESELECTOR6_FILEPATH, 295 ReaderFactory) 296 resourceContent = self._make_resource_content_element( 297 self.__class__.RESOURCE_CONTENT_EXECUTE) 298 request = self._createRequestCtx( 299 self.__class__.PUBLIC_RESOURCE_ID, 300 resourceContent=resourceContent) 301 request.elem = RequestElementTree.toXML(request) 302 request.attributeSelector = EtreeXPathSelector(request.elem) 303 response = self.pdp.evaluate(request) 304 self.failIf(response is None, "Null response") 305 for result in response.results: 306 if Config.use_lxml: 307 self.failIf(result.decision != Decision.DENY, 308 "Expecting deny decision") 309 else: 310 self.failIf(result.decision != Decision.INDETERMINATE, 311 "Expecting indeterminate decision")
Home | Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Thu Apr 5 08:44:37 2012 | http://epydoc.sourceforge.net |