Hapi is distributed together with a test framework that eases its development and its usage. This framework lets Hapi users and developers validate if implemented functionalities are behaving as expected. The framework includes a suite of default tests that take a parametrization file to configure the execution environment. New testing patterns can be added to the framework by its users. These new tests can either be implemented from scratch or they can reuse libraries already distributed with Hapi.
Hapi's testing framework is strongly inspired by the LLVM Testing Regression Infrastructure which offers an user interface as plugins. Each plugin has an initial implementation to configure the system attributes and to output test results.
Tests are used to validate the tools distributed with Hapi. In other words, most of the tools and services available within the Hapi system are accompanied by a corresponding testing pattern. Hapi's development is strongly based on a test-driven methodology. Currently, the Testing Framework checks the following tools:
- Hapi -> YAML translator.
- Permissiveness validator
- Verification algorithm.
Translation is tested by calling the methods that translate Hapi specs into YAML. The YAML follows the schema requirements for policy files internally adopted at Cyral Inc. Verification of this phase happens through a linter, made available by Cyral Inc.
Permissiveness is verified through CVC4. This formal verifier is used to compare two different policies. In this case, what is really tested are the Python files automatically produced by CVC4 to check some property of policy. To this end, the testing framework relies on the PyCVC4 library to read and process CVC4 specifications.
The last default test distributed with Hapi checks its interpreter. The inputs, in this case, are the policy rules and a query that will be checked against these rules. A query checks the possibility of a given Actor X performing an certain action Y on some resource Z. Testing returns a binary response reporting if the access is allowed or denied.
Hapi provides an auto install script, which checks if the requirements to use
the test framework are present.
When that is not the case, some applications will be installed automatically.
To install the testing framework, once in the
hapi/test/ directory type:
foo@bar:~/hapi/test$ sudo sh autoinstall.sh