Home | Trees | Indices | Help |
|
---|
|
1 #!/usr/bin/env python 2 """NDG unit tests for PDP working with a policy and request context containing 3 custom AttributeValue data types 4 5 NERC DataGrid 6 """ 7 __author__ = "P J Kershaw" 8 __date__ = "28/10/10" 9 __copyright__ = "(C) 2010 Science and Technology Facilities Council" 10 __contact__ = "Philip.Kershaw@stfc.ac.uk" 11 __license__ = "BSD - see LICENSE file in top-level directory" 12 __contact__ = "Philip.Kershaw@stfc.ac.uk" 13 __revision__ = "$Id$" 14 import unittest 15 import logging 16 logging.basicConfig(level=logging.DEBUG) 17 18 from ndg.xacml.core import Identifiers 19 from ndg.xacml.core.attribute import Attribute 20 from ndg.xacml.core.attributevalue import AttributeValueClassFactory 21 from ndg.xacml.core.functions import functionMap 22 from ndg.xacml.core.context.request import Request 23 from ndg.xacml.core.context.subject import Subject 24 from ndg.xacml.core.context.resource import Resource 25 from ndg.xacml.core.context.action import Action 26 27 from ndg.xacml.parsers.etree.factory import ReaderFactory 28 from ndg.xacml.parsers.etree.attributevaluereader import ( 29 DataTypeReaderClassFactory) 30 from ndg.xacml.core.context.pdp import PDP 31 from ndg.xacml.core.context.result import Decision 32 from ndg.xacml.test import (XACML_ESGFTEST1_FILEPATH, 33 GroupRoleAttributeValue, 34 ETreeGroupRoleDataTypeReader, 35 GroupRoleBag, 36 GroupRoleAtLeastOneMemberOf) 37 from ndg.xacml.test.context import (AnyUriAttributeValue, StringAttributeValue, 38 SUBJECT_ID)42 """Evaluate a policy which contains custom XACML Attribute Value Data types 43 """ 44 AT_LEAST_ONE_SUBJECT_ROLE_RESTRICTED_ID = \ 45 'http://localhost/at-least-one-of-subject-role-restricted' 46 SUBJECT_DOES_NOT_HAVE_ANY_OF_SPECIFIED_ROLES_ID = \ 47 'http://localhost/subject-does-not-have-any-of-specified-roles' 48 49 @staticmethod153 154 155 if __name__ == "__main__": 156 unittest.main() 15750 - def _createRequestCtx(resourceId, 51 includeSubject=True, 52 subjectGroupRoles=None, 53 groupRoleAttributeId='urn:esg:attr', 54 action='read'):55 """Create an example XACML Request Context for tests""" 56 if subjectGroupRoles is None: 57 subjectGroupRoles = [('ACME', 'default')] 58 59 request = Request() 60 61 if includeSubject: 62 subject = Subject() 63 openidSubjectAttribute = Attribute() 64 65 openidSubjectAttribute.attributeId = "urn:esg:openid" 66 openidSubjectAttribute.dataType = AnyUriAttributeValue.IDENTIFIER 67 68 openidSubjectAttribute.attributeValues.append( 69 AnyUriAttributeValue()) 70 openidSubjectAttribute.attributeValues[-1].value = SUBJECT_ID 71 72 73 subject.attributes.append(openidSubjectAttribute) 74 75 for group, role in subjectGroupRoles: 76 groupRoleAttribute = Attribute() 77 78 groupRoleAttribute.attributeId = groupRoleAttributeId 79 groupRoleAttribute.dataType = 'urn:grouprole' 80 81 groupRoleAttribute.attributeValues.append( 82 GroupRoleAttributeValue()) 83 groupRoleAttribute.attributeValues[-1].group = group 84 groupRoleAttribute.attributeValues[-1].role = role 85 86 subject.attributes.append(groupRoleAttribute) 87 88 request.subjects.append(subject) 89 90 resource = Resource() 91 resourceAttribute = Attribute() 92 resource.attributes.append(resourceAttribute) 93 94 resourceAttribute.attributeId = Identifiers.Resource.RESOURCE_ID 95 96 resourceAttribute.dataType = AnyUriAttributeValue.IDENTIFIER 97 resourceAttribute.attributeValues.append(AnyUriAttributeValue()) 98 resourceAttribute.attributeValues[-1].value = resourceId 99 100 request.resources.append(resource) 101 102 request.action = Action() 103 actionAttribute = Attribute() 104 request.action.attributes.append(actionAttribute) 105 106 actionAttribute.attributeId = Identifiers.Action.ACTION_ID 107 actionAttribute.dataType = StringAttributeValue.IDENTIFIER 108 actionAttribute.attributeValues.append(StringAttributeValue()) 109 actionAttribute.attributeValues[-1].value = action 110 111 return request112114 """Use ESG sample policy""" 115 # Add new type 116 AttributeValueClassFactory.addClass('urn:grouprole', 117 GroupRoleAttributeValue) 118 119 # Add new parser for this type 120 DataTypeReaderClassFactory.addReader('urn:grouprole', 121 ETreeGroupRoleDataTypeReader) 122 123 # Add extra matching and bag functions 124 functionMap['urn:grouprole-bag'] = GroupRoleBag 125 functionMap['urn:grouprole-at-least-one-member-of' 126 ] = GroupRoleAtLeastOneMemberOf 127 128 # Example policy with custom attribute value type used with ESGF 129 self.pdp = PDP.fromPolicySource(XACML_ESGFTEST1_FILEPATH, ReaderFactory)130132 # Test at least one member function 133 request = self._createRequestCtx( 134 self.__class__.AT_LEAST_ONE_SUBJECT_ROLE_RESTRICTED_ID, 135 action='write') 136 response = self.pdp.evaluate(request) 137 self.failIf(response is None, "Null response") 138 for result in response.results: 139 self.failIf(result.decision != Decision.PERMIT, 140 "Expecting Permit decision")141143 # Test at least one member function 144 request = self._createRequestCtx( 145 self.__class__.SUBJECT_DOES_NOT_HAVE_ANY_OF_SPECIFIED_ROLES_ID, 146 action='write') 147 148 response = self.pdp.evaluate(request) 149 self.failIf(response is None, "Null response") 150 for result in response.results: 151 self.failIf(result.decision != Decision.DENY, 152 "Expecting Deny decision")
Home | Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Thu Apr 5 08:44:39 2012 | http://epydoc.sourceforge.net |