Home       Trees       Indices       Help   
NDG XACML
Package ndg :: Package xacml :: Package test :: Package context :: Module test_pdp_with_match_combinations
[hide private]

Source Code for Module ndg.xacml.test.context.test_pdp_with_match_combinations

  1  ''' 
  2  Created on 26 Aug 2011 
  3   
  4  @author: rwilkinson 
  5  ''' 
  6  import logging 
  7  import unittest 
  8   
  9  from ndg.xacml.parsers.etree.factory import ReaderFactory 
 10  from ndg.xacml.core.context.pdp import PDP 
 11  from ndg.xacml.core.context.result import Decision 
 12  from ndg.xacml.test import XACML_SUBJECTMATCH_FILEPATH 
 13  from ndg.xacml.test.context import XacmlContextBaseTestCase 
 14   
 15   
 16  logging.basicConfig(level=logging.DEBUG) 
 17   

 18 -class Test(XacmlContextBaseTestCase): 

 19   
 20      NOT_APPLICABLE_RESOURCE_ID = 'https://localhost' 
 21   
 22      RESOURCE_ID = 'http://localhost/role-combinations' 
 23   

 24 -    def setUp(self): 

 26   
 27   
 28      # There is a single permit rule for which the subject must have: 
 29      # role1, role2 and role3 
 30      # or role4 
 31      # or role5 and role6. 
 32   

 34          # All roles of first combination should result in permit decision. 
 35          request = self._createRequestCtx( 
 36                              self.__class__.RESOURCE_ID, 
 37                              subjectRoles=('role1', 'role2', 'role3')) 
 38          response = self.pdp.evaluate(request) 
 39          self.failIf(response is None, "Null response") 
 40          for result in response.results: 
 41              self.failIf(result.decision != Decision.PERMIT, 
 42                          "Expecting Permit decision") 

 43   

 45          # Any role missing from first combination should result in deny 
 46          # decision. 
 47          request = self._createRequestCtx( 
 48                              self.__class__.RESOURCE_ID, 
 49                              subjectRoles=('role1', 'role2')) 
 50          response = self.pdp.evaluate(request) 
 51          self.failIf(response is None, "Null response") 
 52          for result in response.results: 
 53              self.failIf(result.decision != Decision.DENY, 
 54                          "Expecting Deny decision") 

 55   

 57          # Any role missing from first combination should result in deny 
 58          # decision. 
 59          request = self._createRequestCtx( 
 60                              self.__class__.RESOURCE_ID, 
 61                              subjectRoles=('role1', 'role3')) 
 62          response = self.pdp.evaluate(request) 
 63          self.failIf(response is None, "Null response") 
 64          for result in response.results: 
 65              self.failIf(result.decision != Decision.DENY, 
 66                          "Expecting Deny decision") 

 67   

 69          # Any role missing from first combination should result in deny 
 70          # decision. 
 71          request = self._createRequestCtx( 
 72                              self.__class__.RESOURCE_ID, 
 73                              subjectRoles=('role2', 'role3')) 
 74          response = self.pdp.evaluate(request) 
 75          self.failIf(response is None, "Null response") 
 76          for result in response.results: 
 77              self.failIf(result.decision != Decision.DENY, 
 78                          "Expecting Deny decision") 

 79   

 81          # Any roles missing from first combination should result in deny 
 82          # decision. 
 83          request = self._createRequestCtx( 
 84                              self.__class__.RESOURCE_ID, 
 85                              subjectRoles=('role1',)) 
 86          response = self.pdp.evaluate(request) 
 87          self.failIf(response is None, "Null response") 
 88          for result in response.results: 
 89              self.failIf(result.decision != Decision.DENY, 
 90                          "Expecting Deny decision") 

 91   

 93          # Any roles missing from first combination should result in deny 
 94          # decision. 
 95          request = self._createRequestCtx( 
 96                              self.__class__.RESOURCE_ID, 
 97                              subjectRoles=('role2',)) 
 98          response = self.pdp.evaluate(request) 
 99          self.failIf(response is None, "Null response") 
100          for result in response.results: 
101              self.failIf(result.decision != Decision.DENY, 
102                          "Expecting Deny decision") 

103   

105          # Any roles missing from first combination should result in deny 
106          # decision. 
107          request = self._createRequestCtx( 
108                              self.__class__.RESOURCE_ID, 
109                              subjectRoles=('role3',)) 
110          response = self.pdp.evaluate(request) 
111          self.failIf(response is None, "Null response") 
112          for result in response.results: 
113              self.failIf(result.decision != Decision.DENY, 
114                          "Expecting Deny decision") 

116          # All roles of first combination plus another should result in permit 
117          # decision. 
118          request = self._createRequestCtx( 
119                              self.__class__.RESOURCE_ID, 
120                              subjectRoles=('role1', 'role2', 'role3', 'role5')) 
121          response = self.pdp.evaluate(request) 
122          self.failIf(response is None, "Null response") 
123          for result in response.results: 
124              self.failIf(result.decision != Decision.PERMIT, 
125                          "Expecting Permit decision") 

126   
127   

129          # The role in the second combination should result in permit 
130          # decision. 
131          request = self._createRequestCtx( 
132                              self.__class__.RESOURCE_ID, 
133                              subjectRoles=('role4',)) 
134          response = self.pdp.evaluate(request) 
135          self.failIf(response is None, "Null response") 
136          for result in response.results: 
137              self.failIf(result.decision != Decision.PERMIT, 
138                          "Expecting Permit decision") 

139   

141          # The role in the second combination plus another should result in 
142          # permit decision. 
143          request = self._createRequestCtx( 
144                              self.__class__.RESOURCE_ID, 
145                              subjectRoles=('role2', 'role4')) 
146          response = self.pdp.evaluate(request) 
147          self.failIf(response is None, "Null response") 
148          for result in response.results: 
149              self.failIf(result.decision != Decision.PERMIT, 
150                          "Expecting Permit decision") 

151   
152   

154          # All roles of third combination should result in permit decision. 
155          request = self._createRequestCtx( 
156                              self.__class__.RESOURCE_ID, 
157                              subjectRoles=('role5', 'role6')) 
158          response = self.pdp.evaluate(request) 
159          self.failIf(response is None, "Null response") 
160          for result in response.results: 
161              self.failIf(result.decision != Decision.PERMIT, 
162                          "Expecting Permit decision") 

163   

165          # All roles of third combination plus others should result in permit 
166          # decision. 
167          request = self._createRequestCtx( 
168                              self.__class__.RESOURCE_ID, 
169                              subjectRoles=('role2', 'role3', 'role5', 'role6')) 
170          response = self.pdp.evaluate(request) 
171          self.failIf(response is None, "Null response") 
172          for result in response.results: 
173              self.failIf(result.decision != Decision.PERMIT, 
174                          "Expecting Permit decision") 

175   

177          # Any role missing from third combination should result in deny 
178          # decision. 
179          request = self._createRequestCtx( 
180                              self.__class__.RESOURCE_ID, 
181                              subjectRoles=('role1', 'role3', 'role5')) 
182          response = self.pdp.evaluate(request) 
183          self.failIf(response is None, "Null response") 
184          for result in response.results: 
185              self.failIf(result.decision != Decision.DENY, 
186                          "Expecting Deny decision") 

187   

189          # Any role missing from third combination should result in deny 
190          # decision. 
191          request = self._createRequestCtx( 
192                              self.__class__.RESOURCE_ID, 
193                              subjectRoles=('role1', 'role3', 'role6')) 
194          response = self.pdp.evaluate(request) 
195          self.failIf(response is None, "Null response") 
196          for result in response.results: 
197              self.failIf(result.decision != Decision.DENY, 
198                          "Expecting Deny decision") 

199   
200   

202          # All roles for all combinations should result in permit decision. 
203          request = self._createRequestCtx( 
204                              self.__class__.RESOURCE_ID, 
205                              subjectRoles=('role1', 'role2', 'role3', 'role4', 'role5', 'role6')) 
206          response = self.pdp.evaluate(request) 
207          self.failIf(response is None, "Null response") 
208          for result in response.results: 
209              self.failIf(result.decision != Decision.PERMIT, 
210                          "Expecting Permit decision") 

211   
212   
213  if __name__ == "__main__": 
214      unittest.main() 
215

   Home       Trees       Indices       Help   
NDG XACML
Generated by Epydoc 3.0.1 on Thu Apr 5 08:44:37 2012 http://epydoc.sourceforge.net