How does it work?

Since the Testing Framework was written in Python, the use of this structure consists of creating scripts which have a concise pattern based on execution and printing result. Therefore every plugin should implement two mandatory methods that are called by the main function of our system. Moreover, given the need to parametrize the test, it is also possible to catch a file in JSON or YAML format which will be instantiated as a dict or a list in Python code.


To run a custom test, we type:

foo@bar:~/hapi/test$ python3 -<plugin_name> <config_file>

The following image shows how the execution flow of a test works with its plugin. Exemplo_1

This flow consists of the following steps:

  1. read config file: the framework checks if the plugin has received input arguments. When that is not the case the argument <config_file> should be "None". Otherwise, a configuration file, in the JSON/YAML format, will be specified.
  2. run: the framework runs a test, possibly using other tools distributed with the Hapi implementation. During this phase, messages are printed in the standard output.
  3. result: the framework collects and processes the output messages. To this end, it contains a number of tools that generate customized reports.


The output of the Hapi translator can be verified with a linter. The linter's main functionality is to check whether an YAML file containing policy rules follows the Cyral schema. To do that the plugin uses the [PAJV][1] validator, which given a mount schema, checks if a JSON/YAML file conforms to the schema. This script requires a configuration file as shown below:

schema: ../datamap/schemas/policy.json
  - policy-1.yaml
  - policy-2.yaml 

File paths in the configuration file are relative to the <config_file>. Using the workflow to explain this script, we have run calling PAJV for each policy file with the same schema. At each iteration, responses are stored and at the end of the testing process the framework formats and prints a log in the standard output. Commands to run this example are available [here][2].

[1]: [2]: