aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_interface/tests/apitests/scenario/session.py
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2017-05-15 14:19:43 +0200
committerasteroide <thomas.duval@orange.com>2017-05-15 14:19:43 +0200
commit019b10d95976bb80bcce60ee93099b0fd57fcab5 (patch)
tree9e2b5c68dd8dadfc97346b77bf5549edbdf2c57a /moonv4/moon_interface/tests/apitests/scenario/session.py
parent80ca346a4cb183a6a1e684f6d8a9e19e3fc55d0e (diff)
Update Moon engine to allow a session policy
Change-Id: I63a80597710f08a6641e159cc2306d3cc68b1240
Diffstat (limited to 'moonv4/moon_interface/tests/apitests/scenario/session.py')
-rw-r--r--moonv4/moon_interface/tests/apitests/scenario/session.py23
1 files changed, 14 insertions, 9 deletions
diff --git a/moonv4/moon_interface/tests/apitests/scenario/session.py b/moonv4/moon_interface/tests/apitests/scenario/session.py
index 6b7e0f18..97d7aec3 100644
--- a/moonv4/moon_interface/tests/apitests/scenario/session.py
+++ b/moonv4/moon_interface/tests/apitests/scenario/session.py
@@ -2,6 +2,7 @@
pdp_name = "pdp1"
policy_name = "Session policy example"
model_name = "Session"
+policy_genre = "session"
subjects = {"user0": "", "user1": "", }
objects = {"admin": "", "employee": "", }
@@ -12,12 +13,16 @@ object_categories = {"role": "", }
action_categories = {"session-action": "", }
subject_data = {"subjectid": {"user0": "", "user1": ""}}
-object_data = {"role": {"admin": "", "employee": ""}}
-action_data = {"session-action": {"activate": "", "deactivate": ""}}
+object_data = {"role": {"admin": "", "employee": "", "*": ""}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
-subject_assignments = {"user0": {"subjectid": "user0"}, "user1": {"subjectid": "user1"}, }
-object_assignments = {"admin": {"role": "admin"}, "employee": {"role": "employee"}}
-action_assignments = {"activate": {"session-action": "activate"}, "deactivate": {"session-action": "deactivate"}}
+subject_assignments = {"user0": ({"subjectid": "user0"}, ), "user1": ({"subjectid": "user1"}, ), }
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "employee"})
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
meta_rule = {
"session": {"id": "", "value": ("subjectid", "role", "session-action")},
@@ -26,7 +31,7 @@ meta_rule = {
rules = {
"session": (
{
- "rule": ("user0", "admin", "activate"),
+ "rule": ("user0", "employee", "*"),
"instructions": (
{
"update": {
@@ -34,11 +39,11 @@ rules = {
"target": "rbac:role:admin" # add the role admin to the current user
}
},
- {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
)
},
{
- "rule": ("user1", "employee", "deactivate"),
+ "rule": ("user1", "employee", "*"),
"instructions": (
{
"update": {
@@ -46,7 +51,7 @@ rules = {
"target": "rbac:role:employee" # delete the role employee from the current user
}
},
- {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
)
},
)