From 3c5730578eaae061f37ed3f262055c9c41da49a0 Mon Sep 17 00:00:00 2001 From: Mihaela Balutoiu Date: Thu, 14 Dec 2023 14:36:30 +0200 Subject: [PATCH] Add unit tests for the `policy.py` module Signed-off-by: Mihaela Balutoiu --- coriolis/tests/test_policy.py | 128 ++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 coriolis/tests/test_policy.py diff --git a/coriolis/tests/test_policy.py b/coriolis/tests/test_policy.py new file mode 100644 index 000000000..c329ec8fe --- /dev/null +++ b/coriolis/tests/test_policy.py @@ -0,0 +1,128 @@ +# Copyright 2023 Cloudbase Solutions Srl +# All Rights Reserved. + +from unittest import mock + +from coriolis import policy +from coriolis.tests import test_base + + +class PolicyTestCase(test_base.CoriolisBaseTestCase): + """Test suite for the Coriolis policy module.""" + + @mock.patch.object(policy, '_ENFORCER') + def test_reset(self, mock_enforcer): + result = policy.reset() + + mock_enforcer.clear.assert_called_once_with() + self.assertEqual(result, None) + + @mock.patch.object(policy, 'register_rules') + @mock.patch.object(policy, 'policy') + @mock.patch.object(policy, 'CONF') + def test_init(self, mock_conf, mock_policy, mock_register_rules): + mock_enforcer = mock.Mock() + mock_policy.Enforcer.return_value = mock_enforcer + + result = policy.init() + + mock_policy.Enforcer.assert_called_once_with(mock_conf) + mock_register_rules.assert_called_once_with(mock_enforcer) + mock_enforcer.load_rules.assert_called_once_with() + self.assertEqual(result, None) + + @mock.patch.object(policy, '_ENFORCER') + def test_init_already_initialized(self, mock_enforcer): + mock_enforcer_instance = mock.Mock() + mock_enforcer.return_value = mock_enforcer_instance + + result = policy.init() + self.assertEqual(result, None) + + @mock.patch.object(policy, 'itertools') + def test_register_rules(self, mock_itertools): + mock_enforcer = mock.Mock() + mock_enforcer.register_defaults.return_value = ['rule1', 'rule2'] + mock_itertools.chain.return_value = ['rule1', 'rule2', 'rule3'] + + result = policy.register_rules(mock_enforcer) + + mock_enforcer.register_defaults.assert_called_once_with( + ['rule1', 'rule2', 'rule3']) + self.assertEqual(result, None) + + @mock.patch.object(policy, 'init') + def test_get_enforcer(self, mock_init): + mock_enforcer = mock.Mock() + policy._ENFORCER = mock_enforcer + + result = policy.get_enforcer() + + mock_init.assert_called_once_with() + self.assertEqual(result, mock_enforcer) + + @mock.patch.object(policy, 'init') + def test_get_enforcer_not_initialized(self, mock_init): + policy._ENFORCER = None + + result = policy.get_enforcer() + + self.assertEqual(result, None) + mock_init.assert_called_once_with() + + @mock.patch.object(policy, '_ENFORCER') + def test_check_policy_for_context(self, mock_enforcer): + mock_enforcer.authorize.return_value = True + + mock_context = mock.Mock() + mock_context.to_policy_values.return_value = 'test-credentials' + + result = policy.check_policy_for_context( + mock_context, 'rule', 'target') + + self.assertEqual(result, True) + mock_enforcer.authorize.assert_called_once_with( + 'rule', 'target', 'test-credentials', do_raise=True, exc=mock.ANY, + action='rule') + + @mock.patch.object(policy, '_ENFORCER') + def test_check_policy_for_context_do_not_raise(self, mock_enforcer): + mock_enforcer.authorize.return_value = False + + mock_context = mock.Mock() + mock_context.to_policy_values.return_value = 'test-credentials' + + result = policy.check_policy_for_context( + mock_context, 'rule', 'target', do_raise=False) + + mock_enforcer.authorize.assert_called_once_with( + 'rule', 'target', 'test-credentials', do_raise=False, exc=mock.ANY, + action='rule') + self.assertEqual(result, False) + + @mock.patch.object(policy, '_ENFORCER') + def test_check_policy_for_context_not_authorized(self, mock_enforcer): + mock_enforcer.authorize.side_effect = ( + policy.exception.PolicyNotAuthorized) + + mock_context = mock.Mock() + mock_context.to_policy_values.return_value = 'test-credentials' + + self.assertRaises( + policy.exception.PolicyNotAuthorized, + policy.check_policy_for_context, mock_context, 'rule', 'target') + + mock_enforcer.authorize.assert_called_once_with( + 'rule', 'target', 'test-credentials', do_raise=True, exc=mock.ANY, + action='rule') + + @mock.patch.object(policy, '_ENFORCER') + def test_check_policy_for_context_custom_exception(self, mock_enforcer): + mock_enforcer.authorize.side_effect = ValueError + + mock_context = mock.Mock() + mock_context.to_policy_values.return_value = 'test-credentials' + + self.assertRaises( + ValueError, policy.check_policy_for_context, mock_context, + 'rule', 'target', exc=ValueError)