aboutsummaryrefslogtreecommitdiffstats
path: root/tests/functional
diff options
context:
space:
mode:
authorRuan HE <ruan.he@orange.com>2017-12-27 12:55:12 +0000
committerGerrit Code Review <gerrit@opnfv.org>2017-12-27 12:55:12 +0000
commit1ae589007f72d648f03745983633b5453cae0592 (patch)
tree9949f60696db589b9ef1ac480cd2eb196d9d5299 /tests/functional
parenta7d5b9a4b29e3b3d18b3a63bd32b28c1008ec48e (diff)
parent30dfb6af2e2cd2cbc1632031202f48c1ef6a876f (diff)
Merge "moon_forming for policy templates"
Diffstat (limited to 'tests/functional')
-rw-r--r--tests/functional/scenario_tests/mls.py59
-rw-r--r--tests/functional/scenario_tests/rbac.py61
2 files changed, 120 insertions, 0 deletions
diff --git a/tests/functional/scenario_tests/mls.py b/tests/functional/scenario_tests/mls.py
new file mode 100644
index 00000000..0e6285c9
--- /dev/null
+++ b/tests/functional/scenario_tests/mls.py
@@ -0,0 +1,59 @@
+
+pdp_name = "pdp_mls"
+policy_name = "MLS Policy example"
+model_name = "MLS"
+policy_genre = "authz"
+
+subjects = {"adminuser": "", "user1": "", "user2": "", }
+objects = {"vm0": "", "vm1": "", }
+actions = {"start": "", "stop": ""}
+
+subject_categories = {"subject-security-level": "", }
+object_categories = {"object-security-level": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {
+ "subject-security-level": {"low": "", "medium": "", "high": ""},
+}
+object_data = {
+ "object-security-level": {"low": "", "medium": "", "high": ""},
+}
+action_data = {"action-type": {"vm-action": "", "storage-action": "", }}
+
+subject_assignments = {
+ "adminuser": {"subject-security-level": "high"},
+ "user1": {"subject-security-level": "medium"},
+}
+object_assignments = {
+ "vm0": {"object-security-level": "medium"},
+ "vm1": {"object-security-level": "low"},
+}
+action_assignments = {
+ "start": {"action-type": "vm-action"},
+ "stop": {"action-type": "vm-action"}
+}
+
+meta_rule = {
+ "mls": {
+ "id": "",
+ "value": ("subject-security-level",
+ "object-security-level",
+ "action-type")},
+}
+
+rules = {
+ "mls": (
+ {
+ "rule": ("high", "medium", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ {
+ "rule": ("high", "low", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ {
+ "rule": ("medium", "low", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ )
+}
diff --git a/tests/functional/scenario_tests/rbac.py b/tests/functional/scenario_tests/rbac.py
new file mode 100644
index 00000000..1d2cabee
--- /dev/null
+++ b/tests/functional/scenario_tests/rbac.py
@@ -0,0 +1,61 @@
+
+pdp_name = "pdp_rbac1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {"adminuser": "", "user1": "", }
+objects = {"vm0": "", "vm1": "", }
+actions = {"start": "", "stop": ""}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {"admin": "", "employee": "", "*": ""}}
+object_data = {"id": {"vm0": "", "vm1": "", "*": ""}}
+action_data = {"action-type": {"vm-action": "", "*": ""}}
+
+subject_assignments = {
+ "adminuser":
+ ({"role": "admin"}, {"role": "employee"}, {"role": "*"}),
+ "user1":
+ ({"role": "employee"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0":
+ ({"id": "vm0"}, {"id": "*"}),
+ "vm1":
+ ({"id": "vm1"}, {"id": "*"})
+}
+action_assignments = {
+ "start":
+ ({"action-type": "vm-action"}, {"action-type": "*"}),
+ "stop":
+ ({"action-type": "vm-action"}, {"action-type": "*"})
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-action"),
+ "instructions": (
+ {"decision": "grant"},
+ # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ )
+ },
+ {
+ "rule": ("employee", "vm1", "vm-action"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+