Context Navigation

test_policypy @ 6779

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDG_XACML/ndg/xacml/test/test_policypy@6779

Revision 6779, 11.3 KB checked in by pjkersha, 10 years ago (diff)
Generic test_xacml renamed test_policy

Line
1	"""NDG XACML unit test package
2
3	NERC DataGrid Project
4	"""
5	__author__ = "P J Kershaw"
6	__date__ = "16/03/10"
7	__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8	__contact__ = "Philip.Kershaw@stfc.ac.uk"
9	__license__ = "BSD - see LICENSE file in top-level directory"
10	__contact__ = "Philip.Kershaw@stfc.ac.uk"
11	__revision__ = "$Id: $"
12	import unittest
13	from os import path
14	import logging
15	logging.basicConfig(level=logging.DEBUG)
16
17	from ndg.xacml.core.policy import Policy
18	from ndg.xacml.core.attributedesignator import SubjectAttributeDesignator
19	from ndg.xacml.core.attributeselector import AttributeSelector
20	from ndg.xacml.parsers.etree.factory import ReaderFactory
21
22	from ndg.xacml.test import XACML_NDGTEST1_FILEPATH, THIS_DIR
23
24
25	class XACMLPolicyTestCase(unittest.TestCase):
26	XACML_TEST1_FILENAME = "rule1.xml"
27	XACML_TEST1_FILEPATH = path.join(THIS_DIR, XACML_TEST1_FILENAME)
28	XACML_TEST2_FILENAME = "rule2.xml"
29	XACML_TEST2_FILEPATH = path.join(THIS_DIR, XACML_TEST2_FILENAME)
30	XACML_TEST3_FILENAME = "rule3.xml"
31	XACML_TEST3_FILEPATH = path.join(THIS_DIR, XACML_TEST3_FILENAME)
32	XACML_TEST4_FILENAME = "rule4.xml"
33	XACML_TEST4_FILEPATH = path.join(THIS_DIR, XACML_TEST4_FILENAME)
34
35	def test01ETreeParseRule1Policy(self):
36	PolicyReader = ReaderFactory.getReader(Policy)
37	policy = PolicyReader.parse(XACMLPolicyTestCase.XACML_TEST1_FILEPATH)
38	self.assert_(policy)
39
40	self.assert_(
41	policy.policyId == "urn:oasis:names:tc:example:SimplePolicy1")
42
43	self.assert_(policy.ruleCombiningAlgId == \
44	"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides")
45
46	self.assert_(
47	"Med Example Corp access control policy" in policy.description)
48
49	self.assert_(len(policy.target.subjects) == 0)
50
51	self.assert_(policy.rules[0].id == \
52	"urn:oasis:names:tc:xacml:2.0:example:SimpleRule1")
53
54	self.assert_(policy.rules[0].effect == 'Permit')
55
56	self.assert_(
57	'Any subject with an e-mail name in the med.example.com domain' in \
58	policy.rules[0].description)
59
60	self.assert_(len(policy.rules[0].target.subjects) == 1)
61	self.assert_(len(policy.rules[0].target.actions) == 0)
62	self.assert_(len(policy.rules[0].target.resources) == 0)
63	self.assert_(len(policy.rules[0].target.environments) == 0)
64
65	self.assert_(len(policy.rules[0].target.subjects[0].subjectMatches) == 1)
66
67	self.assert_(policy.rules[0].target.subjects[0].subjectMatches[0
68	].matchId == \
69	"urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match")
70
71	self.assert_(policy.rules[0].target.subjects[0].subjectMatches[0
72	].attributeValue.dataType == \
73	"urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name")
74
75	self.assert_(policy.rules[0].target.subjects[0].subjectMatches[0
76	].attributeDesignator.dataType == \
77	"urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name")
78
79	# Attribute ID
80	self.assert_(policy.rules[0].target.subjects[0].subjectMatches[0
81	].attributeDesignator.attributeId == \
82	"urn:oasis:names:tc:xacml:1.0:subject:subject-id")
83
84	def test02ETreeParseRule2Policy(self):
85	PolicyReader = ReaderFactory.getReader(Policy)
86	policy = PolicyReader.parse(XACMLPolicyTestCase.XACML_TEST2_FILEPATH)
87	self.assert_(policy)
88
89	self.assert_(
90	policy.policyId == "urn:oasis:names:tc:xacml:2.0:example:policyid:2")
91
92	self.assert_(policy.ruleCombiningAlgId == \
93	"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides")
94
95	self.assert_(policy.description is None)
96
97	self.assert_(len(policy.target.actions) == 0)
98
99	self.assert_(policy.rules[0].id == \
100	"urn:oasis:names:tc:xacml:2.0:example:ruleid:2")
101
102	self.assert_(policy.rules[0].effect == 'Permit')
103
104	self.assert_(policy.rules[0].description == """\
105	A person may read any medical record in the
106	http://www.med.example.com/records.xsd namespace
107	for which he or she is the designated parent or guardian,
108	and for which the patient is under 16 years of age""")
109
110	self.assert_(len(policy.rules[0].target.subjects) == 0)
111	self.assert_(len(policy.rules[0].target.actions) == 1)
112	self.assert_(len(policy.rules[0].target.resources) == 1)
113	self.assert_(len(policy.rules[0].target.environments) == 0)
114
115	self.assert_(len(policy.rules[0].target.resources[0
116	].resourceMatches) == 2)
117
118	self.assert_(policy.rules[0].target.resources[0].resourceMatches[0
119	].matchId == "urn:oasis:names:tc:xacml:1.0:function:string-equal")
120
121	self.assert_(policy.rules[0].target.resources[0].resourceMatches[0
122	].attributeValue.dataType == \
123	"http://www.w3.org/2001/XMLSchema#string")
124
125	self.assert_(policy.rules[0].target.resources[0].resourceMatches[0
126	].attributeValue.value == 'urn:med:example:schemas:record')
127
128	self.assert_(policy.rules[0].target.resources[0].resourceMatches[0
129	].attributeDesignator.dataType == \
130	"http://www.w3.org/2001/XMLSchema#string")
131
132	self.assert_(policy.rules[0].target.resources[0].resourceMatches[1
133	].attributeDesignator.attributeId == \
134	"urn:oasis:names:tc:xacml:1.0:resource:xpath")
135	self.assert_(policy.rules[0].target.resources[0].resourceMatches[1
136	].matchId == \
137	"urn:oasis:names:tc:xacml:1.0:function:xpath-node-match")
138
139	self.assert_(policy.rules[0].target.resources[0].resourceMatches[1
140	].attributeValue.dataType == \
141	"http://www.w3.org/2001/XMLSchema#string")
142
143	self.assert_(policy.rules[0].target.resources[0].resourceMatches[1
144	].attributeValue.value == '/md:record')
145
146	self.assert_(policy.rules[0].target.resources[0].resourceMatches[1
147	].attributeDesignator.dataType == \
148	"http://www.w3.org/2001/XMLSchema#string")
149
150	self.assert_(policy.rules[0].target.resources[0].resourceMatches[1
151	].attributeDesignator.attributeId == \
152	"urn:oasis:names:tc:xacml:1.0:resource:xpath")
153
154	# Verify Action
155	self.assert_(len(policy.rules[0].target.actions[0
156	].actionMatches) == 1)
157
158	self.assert_(policy.rules[0].target.actions[0].actionMatches[0
159	].matchId == "urn:oasis:names:tc:xacml:1.0:function:string-equal")
160
161	self.assert_(policy.rules[0].target.actions[0].actionMatches[0
162	].attributeValue.dataType == \
163	"http://www.w3.org/2001/XMLSchema#string")
164
165	self.assert_(policy.rules[0].target.actions[0].actionMatches[0
166	].attributeValue.value == "read")
167
168	self.assert_(policy.rules[0].target.actions[0].actionMatches[0
169	].attributeDesignator.dataType == \
170	"http://www.w3.org/2001/XMLSchema#string")
171
172	self.assert_(policy.rules[0].target.actions[0].actionMatches[0
173	].attributeDesignator.attributeId == \
174	"urn:oasis:names:tc:xacml:1.0:action:action-id")
175
176	self.assert_(policy.rules[0].condition)
177	self.assert_(policy.rules[0].condition.expression.functionId == \
178	"urn:oasis:names:tc:xacml:1.0:function:and")
179
180	self.assert_(len(policy.rules[0].condition.expression.expressions) == 1)
181
182	self.assert_(policy.rules[0].condition.expression.expressions[0
183	].functionId == \
184	'urn:oasis:names:tc:xacml:1.0:function:string-equal')
185
186	self.assert_(len(policy.rules[0].condition.expression.expressions) == 1)
187
188	self.assert_(len(policy.rules[0].condition.expression.expressions[0
189	].expressions) == 2)
190
191	self.assert_(policy.rules[0].condition.expression.expressions[0
192	].expressions[0].functionId == \
193	"urn:oasis:names:tc:xacml:1.0:function:string-one-and-only")
194
195	self.assert_(isinstance(
196	policy.rules[0].condition.expression.expressions[0
197	].expressions[0
198	].expressions[0], SubjectAttributeDesignator))
199
200	self.assert_(policy.rules[0].condition.expression.expressions[0
201	].expressions[0
202	].expressions[0].attributeId == \
203	"urn:oasis:names:tc:xacml:2.0:example:attribute:"
204	"parent-guardian-id")
205
206	self.assert_(policy.rules[0].condition.expression.expressions[0
207	].expressions[0
208	].expressions[0].dataType == \
209	"http://www.w3.org/2001/XMLSchema#string")
210
211	self.assert_(policy.rules[0].condition.expression.expressions[0
212	].expressions[0
213	].expressions[0].attributeId == \
214	"urn:oasis:names:tc:xacml:2.0:example:attribute:"
215	"parent-guardian-id")
216
217	self.assert_(isinstance(policy.rules[0
218	].condition.expression.expressions[0
219	].expressions[1
220	].expressions[0], AttributeSelector))
221
222	self.assert_(policy.rules[0
223	].condition.expression.expressions[0
224	].expressions[1
225	].expressions[0].requestContextPath == \
226	"//md:record/md:parentGuardian/md:parentGuardianId/"
227	"text()")
228
229	self.assert_(policy.rules[0
230	].condition.expression.expressions[0
231	].expressions[1
232	].expressions[0].dataType == \
233	"http://www.w3.org/2001/XMLSchema#string")
234
235	def test03ETreeParseRule3Policy(self):
236	PolicyReader = ReaderFactory.getReader(Policy)
237
238	try:
239	policy = PolicyReader.parse(XACMLPolicyTestCase.XACML_TEST3_FILEPATH)
240	self.assert_(policy)
241	except NotImplementedError, e:
242	print("Expecting Obligations not implemented exception: %s" %e)
243
244	def test04ETreeParseRule4Policy(self):
245	PolicyReader = ReaderFactory.getReader(Policy)
246	policy = PolicyReader.parse(XACMLPolicyTestCase.XACML_TEST4_FILEPATH)
247	self.assert_(policy)
248
249	def test05ETreeParseNdg1Policy(self):
250	# Example policy for URI Regular expression based matching of
251	# resources for NDG
252	PolicyReader = ReaderFactory.getReader(Policy)
253	policy = PolicyReader.parse(XACML_NDGTEST1_FILEPATH)
254	self.assert_(policy)
255
256
257	if __name__ == "__main__":
258	unittest.main()

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format