Changeset 7664

Timestamp:

28/10/10 14:24:25 (10 years ago)

Author:

pjkersha

Message:

Refactor unit tests into policy and context sub-packages - single level package is getting too bloated.

Location:

TI12-security/trunk/ndg_xacml/ndg/xacml/test

Files:

• __init__.py (modified) (1 diff)
• context (added)
• context/__init__.py (added)
• policy (added)
• policy/__init__.py (added)
• test_context.py (modified) (3 diffs)
• test_pdp.py (added)

TI12-security/trunk/ndg_xacml/ndg/xacml/test/__init__.py

@@ -12 +12 @@
 from os import path
 
+import unittest
+
 THIS_DIR = path.dirname(__file__)
 XACML_NDGTEST1_FILENAME = "ndg1.xml"
 XACML_NDGTEST1_FILEPATH = path.join(THIS_DIR, XACML_NDGTEST1_FILENAME)
+
+
+class XacmlContextBaseTestCase(unittest.TestCase):
+    """Base class containing common methods for test initialisation"""
+    
+    def _createRequestCtx(self, 
+                          resourceId, 
+                          includeSubject=True,
+                          subjectRoles=('staff',),
+                          roleAttributeId=ROLE_ATTRIBUTE_ID,
+                          action='read'):
+        """Create an example XACML Request Context for tests"""
+        request = Request()
+        
+        if includeSubject:
+            subject = Subject()
+            openidSubjectAttribute = Attribute()
+            
+            
+            openidSubjectAttribute.attributeId = "urn:esg:openid"
+            openidSubjectAttribute.dataType = AnyUriAttributeValue.IDENTIFIER
+            
+            openidSubjectAttribute.attributeValues.append(
+                                                        AnyUriAttributeValue())
+            openidSubjectAttribute.attributeValues[-1].value = SUBJECT_ID
+                                        
+            
+            subject.attributes.append(openidSubjectAttribute)
+    
+            for role in subjectRoles:
+                roleAttribute = Attribute()
+                
+                roleAttribute.attributeId = roleAttributeId
+                roleAttribute.dataType = StringAttributeValue.IDENTIFIER
+                
+                roleAttribute.attributeValues.append(StringAttributeValue())
+                roleAttribute.attributeValues[-1].value = role 
+            
+                subject.attributes.append(roleAttribute)
+                                      
+            request.subjects.append(subject)
+        
+        resource = Resource()
+        resourceAttribute = Attribute()
+        resource.attributes.append(resourceAttribute)
+        
+        resourceAttribute.attributeId = Identifiers.Resource.RESOURCE_ID
+                            
+        resourceAttribute.dataType = AnyUriAttributeValue.IDENTIFIER
+        resourceAttribute.attributeValues.append(AnyUriAttributeValue())
+        resourceAttribute.attributeValues[-1].value = resourceId
+
+        request.resources.append(resource)
+        
+        request.action = Action()
+        actionAttribute = Attribute()
+        request.action.attributes.append(actionAttribute)
+        
+        actionAttribute.attributeId = Identifiers.Action.ACTION_ID
+        actionAttribute.dataType = StringAttributeValue.IDENTIFIER
+        actionAttribute.attributeValues.append(StringAttributeValue())
+        actionAttribute.attributeValues[-1].value = action
+        
+        return request
+        
+    def _createPDPfromNdgTest1Policy(self):
+        pdp = PDP.fromPolicySource(XACML_NDGTEST1_FILEPATH, ReaderFactory)
+        return pdp
+    

TI12-security/trunk/ndg_xacml/ndg/xacml/test/test_context.py

@@ -38 +38 @@
 ROLE_ATTRIBUTE_ID = "urn:ndg:security:authz:1.0:attr"
 SUBJECT_ID = 'https://my.name.somewhere.ac.uk'
+
 
 class TestContextHandler(CtxHandlerInterface):
@@ -84 +85 @@
             return [attrVal]
         else:
-            return None
-
-
-class XacmlContextBaseTestCase(unittest.TestCase):
-    """Base class containing common methods for test initialisation"""
-    
-    def _createRequestCtx(self, 
-                          resourceId, 
-                          includeSubject=True,
-                          subjectRoles=('staff',),
-                          roleAttributeId=ROLE_ATTRIBUTE_ID,
-                          action='read'):
-        """Create an example XACML Request Context for tests"""
-        request = Request()
-        
-        if includeSubject:
-            subject = Subject()
-            openidSubjectAttribute = Attribute()
-            
-            
-            openidSubjectAttribute.attributeId = "urn:esg:openid"
-            openidSubjectAttribute.dataType = AnyUriAttributeValue.IDENTIFIER
-            
-            openidSubjectAttribute.attributeValues.append(
-                                                        AnyUriAttributeValue())
-            openidSubjectAttribute.attributeValues[-1].value = SUBJECT_ID
-                                        
-            
-            subject.attributes.append(openidSubjectAttribute)
-    
-            for role in subjectRoles:
-                roleAttribute = Attribute()
-                
-                roleAttribute.attributeId = roleAttributeId
-                roleAttribute.dataType = StringAttributeValue.IDENTIFIER
-                
-                roleAttribute.attributeValues.append(StringAttributeValue())
-                roleAttribute.attributeValues[-1].value = role 
-            
-                subject.attributes.append(roleAttribute)
-                                      
-            request.subjects.append(subject)
-        
-        resource = Resource()
-        resourceAttribute = Attribute()
-        resource.attributes.append(resourceAttribute)
-        
-        resourceAttribute.attributeId = Identifiers.Resource.RESOURCE_ID
-                            
-        resourceAttribute.dataType = AnyUriAttributeValue.IDENTIFIER
-        resourceAttribute.attributeValues.append(AnyUriAttributeValue())
-        resourceAttribute.attributeValues[-1].value = resourceId
-
-        request.resources.append(resource)
-        
-        request.action = Action()
-        actionAttribute = Attribute()
-        request.action.attributes.append(actionAttribute)
-        
-        actionAttribute.attributeId = Identifiers.Action.ACTION_ID
-        actionAttribute.dataType = StringAttributeValue.IDENTIFIER
-        actionAttribute.attributeValues.append(StringAttributeValue())
-        actionAttribute.attributeValues[-1].value = action
-        
-        return request
-        
-    def _createPDPfromPolicy(self):
-        pdp = PDP.fromPolicySource(XACML_NDGTEST1_FILEPATH, ReaderFactory)
-        return pdp    
+            return None    
 
 
@@ -184 +117 @@
         
     def test07CreatePDPfromPolicy(self):
-        pdp = self._createPDPfromPolicy()
+        pdp = self._createPDPfromNdgTest1Policy()
         self.assert_(pdp)
-    
-    
-class XacmlEvalPdpWithPermitOverridesPolicy(XacmlContextBaseTestCase):
-    """Test PDP with permit overrides rule combining algorithm"""
-    
-    NOT_APPLICABLE_RESOURCE_ID = 'https://localhost'
-    
-    # This could be any applicable resource value, provided there's no rule to
-    # override and enable access
-    PRIVATE_RESOURCE_ID = 'http://localhost/private-resource'
-    
-    PUBLIC_RESOURCE_ID = 'http://localhost/resource-only-restricted'
-    NOT_APPLICABLE_RESOURCE_ID = 'https://localhost'
-        
-    SINGLE_SUBJECT_ROLE_RESTRICTED_ID = \
-        'http://localhost/single-subject-role-restricted'
-    ACTION_AND_SINGLE_SUBJECT_ROLE_RESTRICTED_ID = \
-        'http://localhost/action-and-single-subject-role-restricted'
-    AT_LEAST_ONE_SUBJECT_ROLE_RESTRICTED_ID = \
-        'http://localhost/at-least-of-subject-role-restricted'
-        
-    def setUp(self):
-        self.pdp = self._createPDPfromPolicy()
-        
-    def test01NotApplicable(self):
-        # Set a resource Id that doesn't match the main target
-        request = self._createRequestCtx(
-                                    self.__class__.NOT_APPLICABLE_RESOURCE_ID)
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.NOT_APPLICABLE, 
-                        "Expecting not applicable decision")
-        
-    def test02PublicallyAccessibleResource(self):
-        # Test a resource which has no subject restrictions
-        request = self._createRequestCtx(self.__class__.PUBLIC_RESOURCE_ID,
-                                         includeSubject=False)
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.PERMIT, 
-                        "Expecting Permit decision")
-        
-    def test03PrivateResource(self):
-        request = self._createRequestCtx(
-                                    self.__class__.PRIVATE_RESOURCE_ID)
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.DENY, 
-                        "Expecting Deny decision")
-
-    def test04SingleSubjectRoleRestrictedResource(self):
-        # Access based on a resource ID and single subject role
-        request = self._createRequestCtx(
-                            self.__class__.SINGLE_SUBJECT_ROLE_RESTRICTED_ID)
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.PERMIT, 
-                        "Expecting Permit decision")  
-
-    def test05SingleSubjectRoleRestrictedResourceDeniesAccess(self):
-        # Subject doesn't have the required role for access
-        request = self._createRequestCtx(
-                            self.__class__.SINGLE_SUBJECT_ROLE_RESTRICTED_ID,
-                            subjectRoles=('student',))
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.DENY, 
-                        "Expecting Deny decision")  
-
-    def test06ActionAndSingleSubjectRoleRestrictedResource(self):
-        # Test restriction based on action type as well as subject role
-        request = self._createRequestCtx(
-                    self.__class__.ACTION_AND_SINGLE_SUBJECT_ROLE_RESTRICTED_ID)
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.PERMIT, 
-                        "Expecting Permit decision")
-
-    def test07ActionAndSingleSubjectRoleRestrictedResourceDeniesAccess(self):
-        # Test subject requests invalid action type
-        request = self._createRequestCtx(
-                    self.__class__.ACTION_AND_SINGLE_SUBJECT_ROLE_RESTRICTED_ID,
-                    action='write')
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.DENY, 
-                        "Expecting Deny decision")  
-
-    def test08AtLeastOneSubjectRoleResource(self):
-        # Test at least one member function
-        request = self._createRequestCtx(
-                    self.__class__.AT_LEAST_ONE_SUBJECT_ROLE_RESTRICTED_ID,
-                    action='write')
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.PERMIT, 
-                        "Expecting Permit decision")             
-
-    def test09AtLeastOneSubjectRoleResourceDeniesAccess(self):
-        # Test at least one member function where subject doesn't have one of
-        # the required roles
-        request = self._createRequestCtx(
-                    self.__class__.AT_LEAST_ONE_SUBJECT_ROLE_RESTRICTED_ID,
-                    subjectRoles=('student',))
-        response = self.pdp.evaluate(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.DENY, 
-                        "Expecting Deny decision")             
-    
-    def test10PipAddsRequiredAttributeValToEnableAccess(self):
-        # The PDP is part of a context handler with a PIP which adds subject
-        # attributes under prescribed conditions on the evaluation of 
-        # subject attribute designators.  In this case the addition of the PIP
-        # adds an attribute value to one of the subject's attributes which means
-        # they're granted access where otherwise access would be denied
-        ctxHandler = TestContextHandler()
-        ctxHandler.pdp = self.pdp
-        
-        request = self._createRequestCtx(
-                    self.__class__.AT_LEAST_ONE_SUBJECT_ROLE_RESTRICTED_ID,
-                    subjectRoles=('student',))
-        
-        response = ctxHandler.handlePEPRequest(request)
-        self.failIf(response is None, "Null response")
-        for result in response.results:
-            self.failIf(result.decision != Decision.PERMIT, 
-                        "Expecting PERMIT decision")