diff options
| author |   asteroide <thomas.duval@orange.com> | 2017-05-15 14:19:43 +0200 |
|---|---|---|
| committer | asteroide <thomas.duval@orange.com> | 2017-05-15 14:19:43 +0200 |
| commit | 019b10d95976bb80bcce60ee93099b0fd57fcab5 (patch) | |
| tree | 9e2b5c68dd8dadfc97346b77bf5549edbdf2c57a /moonv4/moon_interface/tests/apitests/scenario | |
| parent | 80ca346a4cb183a6a1e684f6d8a9e19e3fc55d0e (diff) | |
Update Moon engine to allow a session policy
Change-Id: I63a80597710f08a6641e159cc2306d3cc68b1240
Diffstat (limited to 'moonv4/moon_interface/tests/apitests/scenario')
| -rw-r--r-- | moonv4/moon_interface/tests/apitests/scenario/rbac.py | 19 | ||||
| -rw-r--r-- | moonv4/moon_interface/tests/apitests/scenario/session.py | 23 |
2 files changed, 24 insertions, 18 deletions
diff --git a/moonv4/moon_interface/tests/apitests/scenario/rbac.py b/moonv4/moon_interface/tests/apitests/scenario/rbac.py index a43bd1f4..89fd7de8 100644 --- a/moonv4/moon_interface/tests/apitests/scenario/rbac.py +++ b/moonv4/moon_interface/tests/apitests/scenario/rbac.py @@ -2,6 +2,7 @@ pdp_name = "pdp1" policy_name = "RBAC policy example" model_name = "RBAC" +policy_genre = "authz" subjects = {"user0": "", "user1": "", } objects = {"vm0": "", "vm1": "", } @@ -11,13 +12,13 @@ subject_categories = {"role": "", } object_categories = {"id": "", } action_categories = {"action-type": "", } -subject_data = {"role": {"admin": "", "employee": ""}} -object_data = {"id": {"vm0": "", "vm1": ""}} -action_data = {"action-type": {"vm-action": "", }} +subject_data = {"role": {"admin": "", "employee": "", "*": ""}} +object_data = {"id": {"vm0": "", "vm1": "", "*": ""}} +action_data = {"action-type": {"vm-action": "", "*": ""}} -subject_assignments = {"user0": {"role": "employee"}, "user1": {"role": "employee"}, } -object_assignments = {"vm0": {"id": "vm0"}, "vm1": {"id": "vm1"}} -action_assignments = {"start": {"action-type": "vm-action"}, "stop": {"action-type": "vm-action"}} +subject_assignments = {"user0": ({"role": "employee"}, {"role": "*"}), "user1": ({"role": "employee"}, {"role": "*"}), } +object_assignments = {"vm0": ({"id": "vm0"}, {"id": "*"}), "vm1": ({"id": "vm1"}, {"id": "*"})} +action_assignments = {"start": ({"action-type": "vm-action"}, {"action-type": "*"}), "stop": ({"action-type": "vm-action"}, {"action-type": "*"})} meta_rule = { "rbac": {"id": "", "value": ("role", "id", "action-type")}, @@ -28,13 +29,13 @@ rules = { { "rule": ("admin", "vm0", "vm-action"), "instructions": ( - {"decision": "grant"} # "grant" to immediately exit, "continue" to wait for the result of next policy + {"decision": "grant"}, # "grant" to immediately exit, "continue" to wait for the result of next policy ) }, { - "rule": ("admin", "vm1", "vm-action"), + "rule": ("employee", "vm1", "vm-action"), "instructions": ( - {"decision": "grant"} + {"decision": "grant"}, ) }, ) diff --git a/moonv4/moon_interface/tests/apitests/scenario/session.py b/moonv4/moon_interface/tests/apitests/scenario/session.py index 6b7e0f18..97d7aec3 100644 --- a/moonv4/moon_interface/tests/apitests/scenario/session.py +++ b/moonv4/moon_interface/tests/apitests/scenario/session.py @@ -2,6 +2,7 @@ pdp_name = "pdp1" policy_name = "Session policy example" model_name = "Session" +policy_genre = "session" subjects = {"user0": "", "user1": "", } objects = {"admin": "", "employee": "", } @@ -12,12 +13,16 @@ object_categories = {"role": "", } action_categories = {"session-action": "", } subject_data = {"subjectid": {"user0": "", "user1": ""}} -object_data = {"role": {"admin": "", "employee": ""}} -action_data = {"session-action": {"activate": "", "deactivate": ""}} +object_data = {"role": {"admin": "", "employee": "", "*": ""}} +action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}} -subject_assignments = {"user0": {"subjectid": "user0"}, "user1": {"subjectid": "user1"}, } -object_assignments = {"admin": {"role": "admin"}, "employee": {"role": "employee"}} -action_assignments = {"activate": {"session-action": "activate"}, "deactivate": {"session-action": "deactivate"}} +subject_assignments = {"user0": ({"subjectid": "user0"}, ), "user1": ({"subjectid": "user1"}, ), } +object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}), + "employee": ({"role": "employee"}, {"role": "employee"}) + } +action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ), + "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, ) + } meta_rule = { "session": {"id": "", "value": ("subjectid", "role", "session-action")}, @@ -26,7 +31,7 @@ meta_rule = { rules = { "session": ( { - "rule": ("user0", "admin", "activate"), + "rule": ("user0", "employee", "*"), "instructions": ( { "update": { @@ -34,11 +39,11 @@ rules = { "target": "rbac:role:admin" # add the role admin to the current user } }, - {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac + {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac ) }, { - "rule": ("user1", "employee", "deactivate"), + "rule": ("user1", "employee", "*"), "instructions": ( { "update": { @@ -46,7 +51,7 @@ rules = { "target": "rbac:role:employee" # delete the role employee from the current user } }, - {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac + {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac ) }, ) |