aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py4
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py39
-rw-r--r--keystone-moon/keystone/contrib/moon/routers.py6
-rw-r--r--moonclient/moonclient/intraextension.py15
-rw-r--r--moonclient/moonclient/shell.py16
-rw-r--r--moonclient/moonclient/tests.py4
-rw-r--r--moonclient/moonclient/tests/tests_admin_intraextensions.json123
-rw-r--r--moonclient/moonclient/tests/tests_empty_policy_new_user.json3471
-rw-r--r--moonclient/moonclient/tests/tests_root_intraextensions.json43
-rw-r--r--moonclient/setup.py1
10 files changed, 3700 insertions, 22 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index 58e62a28..84e27fa3 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -208,6 +208,10 @@ class IntraExtensions(controller.V3Controller):
intra_extension_dict['description'] = kw.get('intra_extension_description', None)
return self.admin_api.set_intra_extension_dict(user_id, intra_extension_id, intra_extension_dict)
+ @controller.protected()
+ def load_root_intra_extension(self, context, **kw):
+ self.admin_api.load_root_intra_extension_dict()
+
# Metadata functions
@controller.protected()
def get_subject_categories(self, context, **kw):
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 6f9832e9..a227174c 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -176,28 +176,27 @@ def enforce(action_names, object_name, **extra):
else:
intra_extension_id = intra_root_extension_id
+ try:
+ tenants_dict = self.tenant_api.driver.get_tenants_dict()
+ except AttributeError:
+ tenants_dict = self.driver.get_tenants_dict()
if self.root_api.is_admin_subject(user_id):
# TODO: check if there is no security hole here
+ self.moonlog_api.driver.info("Authorizing because it is the user admin of the root intra-extension")
returned_value_for_func = func(*args, **kwargs)
else:
intra_extensions_dict = self.admin_api.driver.get_intra_extensions_dict()
if intra_extension_id not in intra_extensions_dict:
# if id is not an intra_extension, maybe it is a tenant id
- try:
- tenants_dict = self.tenant_api.driver.get_tenants_dict()
- except AttributeError:
- tenants_dict = self.driver.get_tenants_dict()
+ intra_extension_id = intra_root_extension_id
if intra_extension_id in tenants_dict:
# id is in fact a tenant id so, we must check against the Root intra_extension
intra_extension_id = intra_root_extension_id
+ LOG.warning("intra_extension_id is a tenant ID ({})".format(intra_extension_id))
else:
# id is not a known tenant ID, so we must check against the Root intra_extension
intra_extension_id = intra_root_extension_id
- LOG.warning("Cannot enforce because the intra-extension is unknown ({})".format(intra_extension_id))
- try:
- tenants_dict = self.tenant_api.driver.get_tenants_dict()
- except AttributeError:
- tenants_dict = self.driver.get_tenants_dict()
+ LOG.warning("Cannot enforce because the intra-extension is unknown (fallback to the root intraextension)")
for _tenant_id in tenants_dict:
if tenants_dict[_tenant_id]['intra_authz_extension_id'] == intra_extension_id or \
tenants_dict[_tenant_id]['intra_admin_extension_id'] == intra_extension_id:
@@ -261,7 +260,9 @@ def enforce(action_names, object_name, **extra):
authz_result = False
for action_id in action_id_list:
- if self.admin_api.authz(intra_admin_extension_id, user_id, object_id, action_id):
+ res = self.admin_api.authz(intra_admin_extension_id, user_id, object_id, action_id)
+ self.moonlog_api.info("res={}".format(res))
+ if res:
authz_result = True
else:
self.moonlog_api.authz("No authorization for ({} {}-{}-{})".format(
@@ -519,6 +520,13 @@ class IntraExtensionManager(manager.Manager):
}
"""
authz_buffer = dict()
+ # Sometimes it is not the subject ID but the User Keystone ID, so, we have to check
+ subjects_dict = self.driver.get_subjects_dict(intra_extension_id)
+ if subject_id not in subjects_dict.keys():
+ for _subject_id in subjects_dict:
+ if subjects_dict[_subject_id]['keystone_id']:
+ subject_id = _subject_id
+ break
authz_buffer['subject_id'] = subject_id
authz_buffer['object_id'] = object_id
authz_buffer['action_id'] = action_id
@@ -882,7 +890,7 @@ class IntraExtensionManager(manager.Manager):
self.__load_rule_file(ie_dict, template_dir)
return ref
- def load_root_intra_extension_dict(self, policy_template):
+ def load_root_intra_extension_dict(self, policy_template=CONF.moon.root_policy_directory):
# Note (asteroide): Only one root Extension is authorized
# and this extension is created at the very beginning of the server
# so we don't need to use enforce here
@@ -897,13 +905,8 @@ class IntraExtensionManager(manager.Manager):
ie_dict["genre"] = "admin"
ie_dict["description"] = "policy_root"
ref = self.driver.set_intra_extension_dict(ie_dict['id'], ie_dict)
- try:
- self.moonlog_api.debug("Creation of IE: {}".format(ref))
- except AttributeError:
- pass
- # Creation of the root intra extension raise an error here because
- # self.moonlog_api doesn't exist.
- # FIXME (asteroide): understand why moonlog_api raise an error here...
+ self.moonlog_api.debug("Creation of root IE: {}".format(ref))
+
# read the template given by "model" and populate default variables
template_dir = os.path.join(CONF.moon.policy_directory, ie_dict["model"])
self.__load_metadata_file(ie_dict, template_dir)
diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py
index 357ae060..fd1c0adf 100644
--- a/keystone-moon/keystone/contrib/moon/routers.py
+++ b/keystone-moon/keystone/contrib/moon/routers.py
@@ -89,6 +89,12 @@ class Routers(wsgi.V3ExtensionRouter):
# IntraExtensions/Admin route
self._add_resource(
mapper, intra_ext_controller,
+ path=self.PATH_PREFIX+'/intra_extensions/init',
+ get_action='load_root_intra_extension',
+ rel=self._get_rel('intra_extensions'),
+ path_vars={})
+ self._add_resource(
+ mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions',
get_action='get_intra_extensions',
post_action='add_intra_extension',
diff --git a/moonclient/moonclient/intraextension.py b/moonclient/moonclient/intraextension.py
index 569a99ff..24286dd9 100644
--- a/moonclient/moonclient/intraextension.py
+++ b/moonclient/moonclient/intraextension.py
@@ -110,6 +110,21 @@ class IntraExtensionDelete(Command):
authtoken=True)
+class IntraExtensionInit(Command):
+ """Initialize the root Intra_Extension (if needed)."""
+
+ log = logging.getLogger(__name__)
+
+ def get_parser(self, prog_name):
+ parser = super(IntraExtensionInit, self).get_parser(prog_name)
+ return parser
+
+ def take_action(self, parsed_args):
+ self.app.get_url("/v3/OS-MOON/intra_extensions/init",
+ method="GET",
+ authtoken=True)
+
+
class IntraExtensionShow(ShowOne):
"""Show detail about one Intra_Extension."""
diff --git a/moonclient/moonclient/shell.py b/moonclient/moonclient/shell.py
index 49422a45..5e40bf40 100644
--- a/moonclient/moonclient/shell.py
+++ b/moonclient/moonclient/shell.py
@@ -150,9 +150,21 @@ class MoonClient(App):
content = resp.read()
conn.close()
try:
- return json.loads(content)
+ content = json.loads(content)
+ if "error" in content:
+ try:
+ raise Exception("Getting an error while requiring {} ({}: {}, {})".format(
+ url,
+ content['error']['code'],
+ content['error']['title'],
+ content['error']['message'],
+ ))
+ except ValueError:
+ raise Exception("Getting an error while requiring {} ({})".format(url, content))
+ return content
except ValueError:
- return {"content": content}
+ raise Exception("Getting an error while requiring {} ({})".format(url, content))
+ # return {"content": content}
def auth_keystone(self, username=None, password=None, host=None, port=None):
"""Send a new authentication request to Keystone
diff --git a/moonclient/moonclient/tests.py b/moonclient/moonclient/tests.py
index ea722955..6484009f 100644
--- a/moonclient/moonclient/tests.py
+++ b/moonclient/moonclient/tests.py
@@ -93,7 +93,7 @@ class TestsLaunch(Lister):
if port:
title += ":" + port
title += "\n"
- self.logfile.write(title)
+ self.logfile.write(title + "\n")
self.log.info(title)
data_tmp = list()
data_tmp.append("")
@@ -141,7 +141,7 @@ class TestsLaunch(Lister):
data_tmp.append(group_name)
data_tmp.append(test["name"])
compare = self.__compare_results(self.__replace_var_in_str(test["result"]), result_str)
- self.logfile.write("----->{} ({})\n\n".format(compare, self.__replace_var_in_str(test["result"])))
+ self.logfile.write("\\---->{}: {}\n\n".format(compare, self.__replace_var_in_str(test["result"])))
if error_str:
if compare:
compare = "\033[33mTrue\033[m"
diff --git a/moonclient/moonclient/tests/tests_admin_intraextensions.json b/moonclient/moonclient/tests/tests_admin_intraextensions.json
new file mode 100644
index 00000000..40ac04a3
--- /dev/null
+++ b/moonclient/moonclient/tests/tests_admin_intraextensions.json
@@ -0,0 +1,123 @@
+{
+ "command_options": "-f value",
+ "tests_group": {
+ "main": [
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "(?!alt_demo)",
+ "description": "List all tenants (must be empty)"
+ },
+ {
+ "name": "add tenant alt_demo",
+ "command": "tenant add alt_demo",
+ "result": "^$",
+ "description": "Add a new tenant",
+ "command_options": ""
+ },
+ {
+ "name": "check tenant alt_demo",
+ "command": "tenant list",
+ "result": "(?P<uuid>\\w+)\\s+alt_demo",
+ "description": "Check that tenant alt_demo has been correctly added"
+ },
+ {
+ "name": "create_intraextension_admin",
+ "command": "intraextension add --policy_model policy_rbac_admin admin_test",
+ "result": "IntraExtension created: (?P<uuid_admin>\\w+)",
+ "description": "Create an admin intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_admin",
+ "command": "intraextension list",
+ "result": "$uuid_admin",
+ "description": "Check the existence of that admin intra extension"
+ },
+ {
+ "name": "create_intraextension_authz",
+ "command": "intraextension add --policy_model policy_authz authz_test",
+ "result": "IntraExtension created: (?P<uuid_authz>\\w+)",
+ "description": "Create an authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_authz",
+ "command": "intraextension list",
+ "result": "$uuid_authz",
+ "description": "Check the existence of that authz intra extension"
+ },
+ {
+ "name": "set_tenant_authz",
+ "command": "tenant set --authz $uuid_authz $uuid",
+ "result": "",
+ "description": "Connect the authz intra extension to the tenant alt_demo",
+ "command_options": ""
+ },
+ {
+ "name": "check authz ie for tenant alt_demo",
+ "command": "tenant list",
+ "result": "alt_demo $uuid_authz",
+ "description": "Check that authz ie has been correctly added for tenant alt_demo ",
+ "command_options": "-c name -c intra_authz_extension_id -f value"
+ },
+ {
+ "name": "set_tenant_admin",
+ "command": "tenant set --admin $uuid_admin $uuid",
+ "result": "",
+ "description": "Connect the admin intra extension to the tenant alt_demo",
+ "command_options": ""
+ },
+ {
+ "name": "check admin ie for tenant alt_demo",
+ "command": "tenant list",
+ "result": "alt_demo $uuid_admin",
+ "description": "Check that admin ie has been correctly added for tenant alt_demo ",
+ "command_options": "-c name -c intra_admin_extension_id -f value"
+ },
+
+ {
+ "name": "select admin ie",
+ "command": "intraextension select $uuid_admin",
+ "result": "Select $uuid_admin IntraExtension.",
+ "description": "Select the admin intra extension to work with",
+ "command_options": ""
+ },
+ {
+ "name": "check_admin_user",
+ "command": "subject list",
+ "result": "admin",
+ "description": "Check that admin user was added"
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "rbac",
+ "description": "Check that submetarule was added"
+ },
+
+
+ {
+ "name": "delete_admin_intra_extension",
+ "command": "intraextension delete $uuid_admin",
+ "result": "",
+ "description": "Delete the admin intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "delete_authz_intra_extension",
+ "command": "intraextension delete $uuid_authz",
+ "result": "",
+ "description": "Delete the authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "delete_tenant",
+ "command": "tenant delete $uuid",
+ "result": "",
+ "description": "Delete the tenant alt_demo",
+ "command_options": ""
+ }
+ ]
+ }
+} \ No newline at end of file
diff --git a/moonclient/moonclient/tests/tests_empty_policy_new_user.json b/moonclient/moonclient/tests/tests_empty_policy_new_user.json
new file mode 100644
index 00000000..6344a3e7
--- /dev/null
+++ b/moonclient/moonclient/tests/tests_empty_policy_new_user.json
@@ -0,0 +1,3471 @@
+{
+ "command_options": "-f value",
+ "tests_group": {
+ "authz": [
+ {
+ "name": "nova image-list",
+ "external_command": "nova image-list",
+ "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros-0.3.4-x86_64-uec",
+ "description": "Get an Image ID"
+ },
+ {
+ "name": "nova boot new server",
+ "external_command": "nova boot --flavor m1.micro --image $uuid_image test_moonclient",
+ "result": "\\| OS-EXT-STS\\:vm_state\\s+\\| building",
+ "description": "Boot a new nova server."
+ },
+ {
+ "name": "sleep",
+ "external_command": "sleep 10",
+ "result": "",
+ "description": "time for server to really boot"
+ },
+ {
+ "name": "nova get new server",
+ "external_command": "nova list",
+ "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running",
+ "description": "Get the ID of the new server"
+ },
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "(?!demo)",
+ "description": "Check if tenant demo is used."
+ },
+ {
+ "name": "add tenant demo",
+ "command": "tenant add demo",
+ "result": "^$",
+ "description": "Add a new tenant",
+ "command_options": ""
+ },
+ {
+ "name": "check tenant demo",
+ "command": "tenant list",
+ "result": "(?P<uuid>\\w+)\\s+demo",
+ "description": "Check that tenant demo has been correctly added"
+ },
+ {
+ "name": "add role admin to demo",
+ "external_command": "keystone user-role-add --user demo --role admin --tenant demo",
+ "result": "",
+ "description": "Add role admin to user demo (an error may occurred)"
+ },
+ {
+ "name": "create_intraextension_authz",
+ "command": "intraextension add --policy_model policy_empty_authz empty_test",
+ "result": "IntraExtension created: (?P<uuid_authz>\\w+)",
+ "description": "Create an authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_authz",
+ "command": "intraextension list",
+ "result": "$uuid_authz",
+ "description": "Check the existence of that authz intra extension"
+ },
+ {
+ "name": "set_tenant_authz",
+ "command": "tenant set --authz $uuid_authz $uuid",
+ "result": "",
+ "description": "Connect the authz intra extension to the tenant demo",
+ "command_options": ""
+ },
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "demo",
+ "description": "Check if tenant demo is used."
+ },
+ {
+ "name": "select_authz_ie",
+ "command": "intraextension select $uuid_authz",
+ "result": "Select $uuid_authz IntraExtension.",
+ "description": "Select the authz IntraExtension",
+ "command_options": ""
+ },
+ {
+ "name": "check_select_authz_ie",
+ "command": "intraextension show selected",
+ "result": "$uuid_authz",
+ "description": "Check the selected authz IntraExtension",
+ "command_options": "-c id -f value"
+ },
+ {
+ "name": "add_subject",
+ "command": "subject add admin --password nomoresecrete",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject",
+ "command": "subject list",
+ "result": "(?P<uuid_subject_admin>\\w+)\\s+admin",
+ "description": "Check that admin subject was added."
+ },
+ {
+ "name": "add_subject",
+ "command": "subject add demo --password nomoresecrete",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject",
+ "command": "subject list",
+ "result": "(?P<uuid_subject_demo>\\w+)\\s+demo",
+ "description": "Check that demo subject was added."
+ },
+ {
+ "name": "add_object",
+ "command": "object add servers",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_servers>\\w+)\\s+servers",
+ "description": "Check that servers subject was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add pause",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_pause>\\w+)\\s+pause",
+ "description": "Check that pause action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add unpause",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause",
+ "description": "Check that unpause action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add list",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_list>\\w+)\\s+list",
+ "description": "Check that list action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add start",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_start>\\w+)\\s+start",
+ "description": "Check that start action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add stop",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_stop>\\w+)\\s+stop",
+ "description": "Check that stop action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add create",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_create>\\w+)\\s+create",
+ "description": "Check that create action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add upload",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_upload>\\w+)\\s+upload",
+ "description": "Check that upload action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add download",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_download>\\w+)\\s+download",
+ "description": "Check that download action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add post",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_post>\\w+)\\s+post",
+ "description": "Check that post action was added."
+ },
+ {
+ "name": "add_action",
+ "command": "action add storage_list",
+ "result": "",
+ "description": "",
+ "command_options": ""
+ },
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list",
+ "description": "Check that storage_list action was added."
+ },
+
+ {
+ "name": "add_subject_category",
+ "command": "subject category add subject_security_level",
+ "result": "",
+ "description": "Add the new subject category subject_security_level",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject_category",
+ "command": "subject category list",
+ "result": "(?P<uuid_subject_category_authz>\\w+)\\s+subject_security_level",
+ "description": "Check that subject_security_level subject_category was added."
+ },
+ {
+ "name": "add_object_category",
+ "command": "object category add object_security_level",
+ "result": "",
+ "description": "Add the new object category object_security_level",
+ "command_options": ""
+ },
+ {
+ "name": "list_object_category",
+ "command": "object category list",
+ "result": "(?P<uuid_object_category_authz>\\w+)\\s+object_security_level",
+ "description": "Check that object_security_level object_category was added."
+ },
+ {
+ "name": "add_action_category",
+ "command": "action category add resource_action",
+ "result": "",
+ "description": "Add the new action category resource_action",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject_category",
+ "command": "action category list",
+ "result": "(?P<uuid_action_category_authz>\\w+)\\s+resource_action",
+ "description": "Check that resource_action action_category was added."
+ },
+
+ {
+ "name": "add_scope",
+ "command": "subject scope add $uuid_subject_category_authz high --description \"high\"",
+ "result": "^$",
+ "description": "Add one scope to subject category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "subject scope list $uuid_subject_category_authz",
+ "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "subject scope add $uuid_subject_category_authz medium --description \"medium\"",
+ "result": "^$",
+ "description": "Add one scope to subject category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "subject scope list $uuid_subject_category_authz",
+ "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "subject scope add $uuid_subject_category_authz low --description \"low\"",
+ "result": "^$",
+ "description": "Add one scope to subject category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "subject scope list $uuid_subject_category_authz",
+ "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_authz high --description \"high\"",
+ "result": "^$",
+ "description": "Add one scope to object category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_authz",
+ "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_authz medium --description \"medium\"",
+ "result": "^$",
+ "description": "Add one scope to object category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_authz",
+ "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_authz low --description \"low\"",
+ "result": "^$",
+ "description": "Add one scope to object category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_authz",
+ "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "action scope add $uuid_action_category_authz vm_admin --description \"vm_admin\"",
+ "result": "^$",
+ "description": "Add one scope to action category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "action scope list $uuid_action_category_authz",
+ "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "action scope add $uuid_action_category_authz vm_access --description \"vm_access\"",
+ "result": "^$",
+ "description": "Add one scope to action category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "action scope list $uuid_action_category_authz",
+ "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "action scope add $uuid_action_category_authz storage_admin --description \"storage_admin\"",
+ "result": "^$",
+ "description": "Add one scope to action category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "action scope list $uuid_action_category_authz",
+ "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "action scope add $uuid_action_category_authz storage_access --description \"storage_access\"",
+ "result": "^$",
+ "description": "Add one scope to action category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "action scope list $uuid_action_category_authz",
+ "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_authz $uuid_subject_scope_high",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_authz",
+ "result": "$uuid_subject_scope_high high",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "subject assignment add $uuid_subject_demo $uuid_subject_category_authz $uuid_subject_scope_medium",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "subject assignment list $uuid_subject_demo $uuid_subject_category_authz",
+ "result": "$uuid_subject_scope_medium medium",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_servers $uuid_object_category_authz $uuid_object_scope_low",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_servers $uuid_object_category_authz",
+ "result": "$uuid_object_scope_low low",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_pause $uuid_action_category_authz $uuid_action_scope_vm_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_pause $uuid_action_category_authz",
+ "result": "$uuid_action_scope_vm_admin vm_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_unpause $uuid_action_category_authz $uuid_action_scope_vm_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_unpause $uuid_action_category_authz",
+ "result": "$uuid_action_scope_vm_admin vm_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_start $uuid_action_category_authz $uuid_action_scope_vm_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_start $uuid_action_category_authz",
+ "result": "$uuid_action_scope_vm_admin vm_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_stop $uuid_action_category_authz $uuid_action_scope_vm_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_stop $uuid_action_category_authz",
+ "result": "$uuid_action_scope_vm_admin vm_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_list $uuid_action_category_authz",
+ "result": "$uuid_action_scope_vm_admin vm_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_access",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_list $uuid_action_category_authz",
+ "result": "$uuid_action_scope_vm_access vm_access",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_create $uuid_action_category_authz $uuid_action_scope_vm_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_create $uuid_action_category_authz",
+ "result": "$uuid_action_scope_vm_admin vm_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_storage_list $uuid_action_category_authz $uuid_action_scope_storage_access",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_storage_list $uuid_action_category_authz",
+ "result": "$uuid_action_scope_storage_access storage_access",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_download $uuid_action_category_authz $uuid_action_scope_storage_access",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_download $uuid_action_category_authz",
+ "result": "$uuid_action_scope_storage_access storage_access",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_upload $uuid_action_category_authz $uuid_action_scope_storage_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_upload $uuid_action_category_authz",
+ "result": "$uuid_action_scope_storage_admin storage_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_post $uuid_action_category_authz $uuid_action_scope_storage_admin",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_post $uuid_action_category_authz",
+ "result": "$uuid_action_scope_storage_admin storage_admin",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "check_submetarules",
+ "command": "submetarule show",
+ "result": "(?P<submetarule_uuid_authz>\\w+)",
+ "description": "Get one submetarule ID",
+ "command_options": "-c id -f value"
+ },
+ {
+ "name": "set_submetarule",
+ "command": "submetarule set $submetarule_uuid_authz --subject_category_id=\"$uuid_subject_category_authz\" --object_category_id=\"$uuid_object_category_authz\" --action_category_id=\"$uuid_action_category_authz\"",
+ "result": "^$",
+ "description": "Set a new submetarule",
+ "command_options": ""
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "$submetarule_uuid_authz \\s*subject_security_level",
+ "description": "Check the new submetarule",
+ "command_options": "-c id -c \"subject categories\" -f value"
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "$submetarule_uuid_authz \\s*object_security_level",
+ "description": "Check the new submetarule",
+ "command_options": "-c id -c \"object categories\" -f value"
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "$submetarule_uuid_authz \\s*resource_action",
+ "description": "Check the new submetarule",
+ "command_options": "-c id -c \"action categories\" -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,vm_admin,medium\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,vm_admin,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"medium,vm_admin,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,vm_access,medium\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,vm_access,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"medium,vm_access,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,storage_admin,medium\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,storage_admin,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"medium,storage_admin,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,storage_access,medium\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"high,storage_access,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_authz \"medium,storage_access,low\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_authz",
+ "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value"
+ },
+ {
+ "name": "get aggregation algorithm",
+ "command": "aggregation algorithm list",
+ "result": "(?P<uuid_aggregation>\\w+)\\s+one_true",
+ "description": "Get aggregation algorithm.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "set aggregation algorithm",
+ "command": "aggregation algorithm set $uuid_aggregation",
+ "result": "",
+ "description": "Set aggregation algorithm to one_true.",
+ "command_options": ""
+ },
+ {
+ "name": "get aggregation algorithm",
+ "command": "aggregation algorithm show",
+ "result": "$uuid_aggregation\\s+one_true",
+ "description": "Check aggregation algorithm.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "get submetarule algorithm",
+ "command": "submetarule algorithm list",
+ "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion",
+ "description": "Get submetarule algorithm named inclusion.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "set submetarule algorithm",
+ "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_authz",
+ "result": "",
+ "description": "Set submetarule algorithm to inclusion.",
+ "command_options": ""
+ },
+
+ {
+ "name": "create_intraextension_admin",
+ "command": "intraextension add --policy_model policy_empty_admin empty_admin_test",
+ "result": "IntraExtension created: (?P<uuid_admin>\\w+)",
+ "description": "Create an admin intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "list_intraextension_authz",
+ "command": "intraextension list",
+ "result": "$uuid_admin",
+ "description": "Check the existence of that admin intra extension"
+ },
+ {
+ "name": "set_tenant_admin",
+ "command": "tenant set --admin $uuid_admin $uuid",
+ "result": "",
+ "description": "Connect the admin intra extension to the tenant demo",
+ "command_options": ""
+ },
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "demo",
+ "description": "Check if tenant demo is used."
+ },
+ {
+ "name": "select_admin_ie",
+ "command": "intraextension select $uuid_admin",
+ "result": "Select $uuid_admin IntraExtension.",
+ "description": "Select the admin IntraExtension",
+ "command_options": ""
+ },
+ {
+ "name": "check_select_admin_ie",
+ "command": "intraextension show selected",
+ "result": "$uuid_admin",
+ "description": "Check the selected admin IntraExtension",
+ "command_options": "-c id -f value"
+ },
+
+ {
+ "name": "add_subject",
+ "command": "subject add admin --password nomoresecrete",
+ "result": "",
+ "description": "Add admin subject.",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject",
+ "command": "subject list",
+ "result": "(?P<uuid_subject_admin>\\w+)\\s+admin",
+ "description": "Check that admin subject was already there."
+ },
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_subjects>\\w+)\\s+authz.subjects",
+ "description": "Check that authz_subjects subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_objects>\\w+)\\s+authz.objects",
+ "description": "Check that authz_objects subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_actions>\\w+)\\s+authz.actions",
+ "description": "Check that authz_actions subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_subject_categories>\\w+)\\s+authz.subject_categories",
+ "description": "Check that authz_subject_categories subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_object_categories>\\w+)\\s+authz.object_categories",
+ "description": "Check that authz_object_categories subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_action_categories>\\w+)\\s+authz.action_categories",
+ "description": "Check that authz_action_categories subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_subject_scopes>\\w+)\\s+authz.subject_scopes",
+ "description": "Check that authz_subject_scopes subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_object_scopes>\\w+)\\s+authz.object_scopes",
+ "description": "Check that authz_object_scopes subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_action_scopes>\\w+)\\s+authz.action_scopes",
+ "description": "Check that authz_action_scopes subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_subject_assignments>\\w+)\\s+authz.subject_assignments",
+ "description": "Check that authz_subject_assignments subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_object_assignments>\\w+)\\s+authz.object_assignments",
+ "description": "Check that authz_object_assignments subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_action_assignments>\\w+)\\s+authz.action_assignments",
+ "description": "Check that authz_action_assignments subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_aggregation_algorithm>\\w+)\\s+authz.aggregation_algorithm",
+ "description": "Check that authz_aggregation_algorithm subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_sub_meta_rules>\\w+)\\s+authz.sub_meta_rules",
+ "description": "Check that authz_sub_meta_rules subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_authz_rules>\\w+)\\s+authz.rules",
+ "description": "Check that authz_rules subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_subjects>\\w+)\\s+admin.subjects",
+ "description": "Check that admin_subjects subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_objects>\\w+)\\s+admin.objects",
+ "description": "Check that admin_objects subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_actions>\\w+)\\s+admin.actions",
+ "description": "Check that admin_actions subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_subject_categories>\\w+)\\s+admin.subject_categories",
+ "description": "Check that admin_subject_categories subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_object_categories>\\w+)\\s+admin.object_categories",
+ "description": "Check that admin_object_categories subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_action_categories>\\w+)\\s+admin.action_categories",
+ "description": "Check that admin_action_categories subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_subject_scopes>\\w+)\\s+admin.subject_scopes",
+ "description": "Check that admin_subject_scopes subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_object_scopes>\\w+)\\s+admin.object_scopes",
+ "description": "Check that admin_object_scopes subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_action_scopes>\\w+)\\s+admin.action_scopes",
+ "description": "Check that admin_action_scopes subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_subject_assignments>\\w+)\\s+admin.subject_assignments",
+ "description": "Check that admin_subject_assignments subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_object_assignments>\\w+)\\s+admin.object_assignments",
+ "description": "Check that admin_object_assignments subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_action_assignments>\\w+)\\s+admin.action_assignments",
+ "description": "Check that admin_action_assignments subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_aggregation_algorithm>\\w+)\\s+admin.aggregation_algorithm",
+ "description": "Check that admin_aggregation_algorithm subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_sub_meta_rules>\\w+)\\s+admin.sub_meta_rules",
+ "description": "Check that admin_sub_meta_rules subject was already there."
+ },
+
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_admin_rules>\\w+)\\s+admin.rules",
+ "description": "Check that admin_rules subject was already there."
+ },
+
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_read>\\w+)\\s+read",
+ "description": "Check that read action was already there."
+ },
+
+ {
+ "name": "list_action",
+ "command": "action list",
+ "result": "(?P<uuid_action_write>\\w+)\\s+write",
+ "description": "Check that write action was already there."
+ },
+
+ {
+ "name": "add_subject_category",
+ "command": "subject category add role",
+ "result": "",
+ "description": "Add the new subject category role",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject_category",
+ "command": "subject category list",
+ "result": "(?P<uuid_subject_category_admin>\\w+)\\s+role",
+ "description": "Check that role subject_category was added."
+ },
+ {
+ "name": "add_object_category",
+ "command": "object category add object_id",
+ "result": "",
+ "description": "Add the new object category object_id",
+ "command_options": ""
+ },
+ {
+ "name": "list_object_category",
+ "command": "object category list",
+ "result": "(?P<uuid_object_category_admin>\\w+)\\s+object_id",
+ "description": "Check that object_id object_category was added."
+ },
+ {
+ "name": "add_action_category",
+ "command": "action category add action_id",
+ "result": "",
+ "description": "Add the new action category action_id",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject_category",
+ "command": "action category list",
+ "result": "(?P<uuid_action_category_admin>\\w+)\\s+action_id",
+ "description": "Check that action_id action_category was added."
+ },
+
+ {
+ "name": "add_scope",
+ "command": "subject scope add $uuid_subject_category_admin root_role --description \"root role\"",
+ "result": "^$",
+ "description": "Add one scope to subject category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "subject scope list $uuid_subject_category_admin",
+ "result": "(?P<uuid_subject_scope_root_role>\\w+)\\s+root_role\\s+root role",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "subject scope add $uuid_subject_category_admin dev_role --description \"dev role\"",
+ "result": "^$",
+ "description": "Add one scope to subject category role",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "subject scope list $uuid_subject_category_admin",
+ "result": "(?P<uuid_subject_scope_dev_role>\\w+)\\s+dev_role\\s+dev role",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_subjects --description \"authz subjects\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_subjects>\\w+)\\s+authz.subjects\\s+authz subjects",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_objects --description \"authz objects\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_objects>\\w+)\\s+authz.objects\\s+authz objects",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_actions --description \"authz actions\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_actions>\\w+)\\s+authz.actions\\s+authz actions",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_subject_categories --description \"authz subject categories\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_subject_categories>\\w+)\\s+authz.subject_categories\\s+authz subject categories",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_object_categories --description \"authz object categories\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_object_categories>\\w+)\\s+authz.object_categories\\s+authz object categories",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_action_categories --description \"authz action categories\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_action_categories>\\w+)\\s+authz.action_categories\\s+authz action categories",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_subject_scopes --description \"authz subject scopes\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_subject_scopes>\\w+)\\s+authz.subject_scopes\\s+authz subject scopes",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_object_scopes --description \"authz object scopes\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_object_scopes>\\w+)\\s+authz.object_scopes\\s+authz object scopes",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_action_scopes --description \"authz action scopes\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_action_scopes>\\w+)\\s+authz.action_scopes\\s+authz action scopes",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_subject_assignments --description \"authz subject assignments\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_subject_assignments>\\w+)\\s+authz.subject_assignments\\s+authz subject assignments",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_object_assignments --description \"authz object assignments\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_object_assignments>\\w+)\\s+authz.object_assignments\\s+authz object assignments",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_action_assignments --description \"authz action assignments\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_action_assignments>\\w+)\\s+authz.action_assignments\\s+authz action assignments",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_aggregation_algorithm --description \"authz aggregation algorithm\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_aggregation_algorithm>\\w+)\\s+authz.aggregation_algorithm\\s+authz aggregation algorithm",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_sub_meta_rules --description \"authz sub meta rules\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_sub_meta_rules>\\w+)\\s+authz.sub_meta_rules\\s+authz sub meta rules",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin authz_rules --description \"authz rules\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_authz_rules>\\w+)\\s+authz.rules\\s+authz rules",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_subjects --description \"admin subjects\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_subjects>\\w+)\\s+admin.subjects\\s+admin subjects",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_objects --description \"admin objects\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_objects>\\w+)\\s+admin.objects\\s+admin objects",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_actions --description \"admin actions\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_actions>\\w+)\\s+admin.actions\\s+admin actions",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_subject_categories --description \"admin subject categories\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_subject_categories>\\w+)\\s+admin.subject_categories\\s+admin subject categories",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_object_categories --description \"admin object categories\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_object_categories>\\w+)\\s+admin.object_categories\\s+admin object categories",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_action_categories --description \"admin action categories\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_action_categories>\\w+)\\s+admin.action_categories\\s+admin action categories",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_subject_scopes --description \"admin subject scopes\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_subject_scopes>\\w+)\\s+admin.subject_scopes\\s+admin subject scopes",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_object_scopes --description \"admin object scopes\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_object_scopes>\\w+)\\s+admin.object_scopes\\s+admin object scopes",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_action_scopes --description \"admin action scopes\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_action_scopes>\\w+)\\s+admin.action_scopes\\s+admin action scopes",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_subject_assignments --description \"admin subject assignments\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_subject_assignments>\\w+)\\s+admin.subject_assignments\\s+admin subject assignments",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_object_assignments --description \"admin object assignments\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_object_assignments>\\w+)\\s+admin.object_assignments\\s+admin object assignments",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_action_assignments --description \"admin action assignments\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_action_assignments>\\w+)\\s+admin.action_assignments\\s+admin action assignments",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_aggregation_algorithm --description \"admin aggregation algorithm\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_aggregation_algorithm>\\w+)\\s+admin.aggregation_algorithm\\s+admin aggregation algorithm",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_sub_meta_rules --description \"admin sub meta rules\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_sub_meta_rules>\\w+)\\s+admin.sub_meta_rules\\s+admin sub meta rules",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_scope",
+ "command": "object scope add $uuid_object_category_admin admin_rules --description \"admin rules\"",
+ "result": "^$",
+ "description": "Add one scope to object category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "object scope list $uuid_object_category_admin",
+ "result": "(?P<uuid_object_scope_admin_rules>\\w+)\\s+admin.rules\\s+admin rules",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "action scope add $uuid_action_category_admin read --description \"read\"",
+ "result": "^$",
+ "description": "Add one scope to action category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "action scope list $uuid_action_category_admin",
+ "result": "(?P<uuid_action_scope_read>\\w+)\\s+read\\s+read",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+ {
+ "name": "add_scope",
+ "command": "action scope add $uuid_action_category_admin write --description \"write\"",
+ "result": "^$",
+ "description": "Add one scope to action category",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_scope",
+ "command": "action scope list $uuid_action_category_admin",
+ "result": "(?P<uuid_action_scope_write>\\w+)\\s+write\\s+write",
+ "description": "Check added scope.",
+ "command_options": "-c id -c name -c description -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_admin $uuid_subject_scope_root_role",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_admin",
+ "result": "$uuid_subject_scope_root_role root_role",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_subjects $uuid_object_category_admin $uuid_object_scope_authz_subjects",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_subjects $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_subjects authz_subjects",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_objects $uuid_object_category_admin $uuid_object_scope_authz_objects",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_objects $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_objects authz_objects",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_actions $uuid_object_category_admin $uuid_object_scope_authz_actions",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_actions $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_actions authz_actions",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_subject_categories $uuid_object_category_admin $uuid_object_scope_authz_subject_categories",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_subject_categories $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_subject_categories authz_subject_categories",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_object_categories $uuid_object_category_admin $uuid_object_scope_authz_object_categories",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_object_categories $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_object_categories authz_object_categories",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_action_categories $uuid_object_category_admin $uuid_object_scope_authz_action_categories",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_action_categories $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_action_categories authz_action_categories",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_subject_scopes $uuid_object_category_admin $uuid_object_scope_authz_subject_scopes",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_subject_scopes $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_subject_scopes authz_subject_scopes",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_object_scopes $uuid_object_category_admin $uuid_object_scope_authz_object_scopes",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_object_scopes $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_object_scopes authz_object_scopes",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_action_scopes $uuid_object_category_admin $uuid_object_scope_authz_action_scopes",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_action_scopes $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_action_scopes authz_action_scopes",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_subject_assignments $uuid_object_category_admin $uuid_object_scope_authz_subject_assignments",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_subject_assignments $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_subject_assignments authz_subject_assignments",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_object_assignments $uuid_object_category_admin $uuid_object_scope_authz_object_assignments",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_object_assignments $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_object_assignments authz_object_assignments",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_action_assignments $uuid_object_category_admin $uuid_object_scope_authz_action_assignments",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_action_assignments $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_action_assignments authz_action_assignments",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_authz_aggregation_algorithm",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_aggregation_algorithm authz_aggregation_algorithm",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_authz_sub_meta_rules",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_sub_meta_rules $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_sub_meta_rules authz_sub_meta_rules",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_authz_rules $uuid_object_category_admin $uuid_object_scope_authz_rules",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_authz_rules $uuid_object_category_admin",
+ "result": "$uuid_object_scope_authz_rules authz_rules",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_subjects $uuid_object_category_admin $uuid_object_scope_admin_subjects",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_subjects $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_subjects admin_subjects",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_objects $uuid_object_category_admin $uuid_object_scope_admin_objects",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_objects $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_objects admin_objects",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_actions $uuid_object_category_admin $uuid_object_scope_admin_actions",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_actions $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_actions admin_actions",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_subject_categories $uuid_object_category_admin $uuid_object_scope_admin_subject_categories",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_subject_categories $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_subject_categories admin_subject_categories",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_object_categories $uuid_object_category_admin $uuid_object_scope_admin_object_categories",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_object_categories $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_object_categories admin_object_categories",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_action_categories $uuid_object_category_admin $uuid_object_scope_admin_action_categories",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_action_categories $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_action_categories admin_action_categories",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_subject_scopes $uuid_object_category_admin $uuid_object_scope_admin_subject_scopes",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_subject_scopes $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_subject_scopes admin_subject_scopes",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_object_scopes $uuid_object_category_admin $uuid_object_scope_admin_object_scopes",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_object_scopes $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_object_scopes admin_object_scopes",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_action_scopes $uuid_object_category_admin $uuid_object_scope_admin_action_scopes",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_action_scopes $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_action_scopes admin_action_scopes",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_subject_assignments $uuid_object_category_admin $uuid_object_scope_admin_subject_assignments",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_subject_assignments $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_subject_assignments admin_subject_assignments",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_object_assignments $uuid_object_category_admin $uuid_object_scope_admin_object_assignments",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_object_assignments $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_object_assignments admin_object_assignments",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_action_assignments $uuid_object_category_admin $uuid_object_scope_admin_action_assignments",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_action_assignments $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_action_assignments admin_action_assignments",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_admin_aggregation_algorithm",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_aggregation_algorithm admin_aggregation_algorithm",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_admin_sub_meta_rules",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_sub_meta_rules $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_sub_meta_rules admin_sub_meta_rules",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_admin_rules $uuid_object_category_admin $uuid_object_scope_admin_rules",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_admin_rules $uuid_object_category_admin",
+ "result": "$uuid_object_scope_admin_rules admin_rules",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_read $uuid_action_category_admin $uuid_action_scope_read",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_read $uuid_action_category_admin",
+ "result": "$uuid_action_scope_read read",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_assignment",
+ "command": "action assignment add $uuid_action_write $uuid_action_category_admin $uuid_action_scope_write",
+ "result": "^$",
+ "description": "Add a new assignment",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "action assignment list $uuid_action_write $uuid_action_category_admin",
+ "result": "$uuid_action_scope_write write",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "check_submetarules",
+ "command": "submetarule show",
+ "result": "(?P<submetarule_uuid_admin>\\w+)",
+ "description": "Get one submetarule ID",
+ "command_options": "-c id -f value"
+ },
+ {
+ "name": "set_submetarule",
+ "command": "submetarule set $submetarule_uuid_admin --subject_category_id=\"$uuid_subject_category_admin\" --object_category_id=\"$uuid_object_category_admin\" --action_category_id=\"$uuid_action_category_admin\"",
+ "result": "^$",
+ "description": "Set a new submetarule",
+ "command_options": ""
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "$submetarule_uuid_admin \\s*role",
+ "description": "Check the new submetarule",
+ "command_options": "-c id -c \"subject categories\" -f value"
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "$submetarule_uuid_admin \\s*object_id",
+ "description": "Check the new submetarule",
+ "command_options": "-c id -c \"object categories\" -f value"
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "$submetarule_uuid_admin \\s*action_id",
+ "description": "Check the new submetarule",
+ "command_options": "-c id -c \"action categories\" -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subjects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subjects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_objects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.objects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_actions\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.actions",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_aggregation_algorithm\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.aggregation_algorithm",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_sub_meta_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.sub_meta_rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subjects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subjects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_objects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.objects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_actions\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.actions",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_aggregation_algorithm\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.aggregation_algorithm",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_sub_meta_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.sub_meta_rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subjects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subjects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_objects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.objects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_actions\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.actions",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_aggregation_algorithm\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.aggregation_algorithm",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_sub_meta_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.sub_meta_rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subjects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subjects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_objects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.objects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_actions\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.actions",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_categories\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_categories",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_scopes\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_scopes",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_aggregation_algorithm\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.aggregation_algorithm",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_sub_meta_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.sub_meta_rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_rules\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.rules",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+ {
+ "name": "get aggregation algorithm",
+ "command": "aggregation algorithm list",
+ "result": "(?P<uuid_aggregation>\\w+)\\s+one_true",
+ "description": "Get aggregation algorithm.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "set aggregation algorithm",
+ "command": "aggregation algorithm set $uuid_aggregation",
+ "result": "",
+ "description": "Set aggregation algorithm to one_true.",
+ "command_options": ""
+ },
+ {
+ "name": "get aggregation algorithm",
+ "command": "aggregation algorithm show",
+ "result": "$uuid_aggregation\\s+one_true",
+ "description": "Check aggregation algorithm.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "get submetarule algorithm",
+ "command": "submetarule algorithm list",
+ "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion",
+ "description": "Get submetarule algorithm named inclusion.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "set submetarule algorithm",
+ "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_admin",
+ "result": "",
+ "description": "Set submetarule algorithm to inclusion.",
+ "command_options": ""
+ },
+
+ {
+ "name": "select_admin_ie",
+ "command": "intraextension select $uuid_admin",
+ "result": "Select $uuid_admin IntraExtension.",
+ "description": "Select the admin IntraExtension",
+ "command_options": ""
+ },
+ {
+ "name": "check_select_admin_ie",
+ "command": "intraextension show selected",
+ "result": "$uuid_admin",
+ "description": "Check the selected admin IntraExtension",
+ "command_options": "-c id -f value"
+ },
+ {
+ "name": "add_subject",
+ "command": "subject add demo --password nomoresecrete",
+ "result": "",
+ "description": "Add demo subject.",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject",
+ "command": "subject list",
+ "result": "(?P<uuid_subject_demo_admin>\\w+)\\s+demo",
+ "description": "Check that demo subject was added."
+ },
+ {
+ "name": "add_new_role",
+ "command": "subject scope add $uuid_subject_category_admin demo_role",
+ "result": "",
+ "description": "Add demo_role to demo subject.",
+ "command_options": ""
+ },
+ {
+ "name": "check_new_role",
+ "command": "subject scope list $uuid_subject_category_admin",
+ "result": "(?P<uuid_subject_scope_demo_role>\\w+)\\s+demo_role",
+ "description": "Check that demo_role was added."
+ },
+ {
+ "name": "add_new_assignment",
+ "command": "subject assignment add $uuid_subject_demo_admin $uuid_subject_category_admin $uuid_subject_scope_demo_role",
+ "result": "",
+ "description": "Link the demo subject to the demo_role scope.",
+ "command_options": ""
+ },
+ {
+ "name": "check_new_assignment",
+ "command": "subject assignment list $uuid_subject_demo_admin $uuid_subject_category_admin",
+ "result": "$uuid_subject_scope_demo_role demo_role",
+ "description": "Check that assignment was added.",
+ "command_options": "-c id -c name -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_objects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_objects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_objects\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_objects",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_object_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+ {
+ "name": "add_a_new_rule",
+ "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_assignments\"",
+ "result": "^$",
+ "description": "Add a new rule.",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_rule",
+ "command": "rule list $submetarule_uuid_admin",
+ "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_object_assignments",
+ "description": "Check that the rule was correctly added.",
+ "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value"
+ },
+
+ {
+ "name": "select_authz_ie",
+ "command": "intraextension select $uuid_authz",
+ "result": "Select $uuid_authz IntraExtension.",
+ "description": "Select the authz IntraExtension",
+ "command_options": ""
+ },
+ {
+ "name": "check_select_authz_ie",
+ "command": "intraextension show selected",
+ "result": "$uuid_authz",
+ "description": "Check the selected admin IntraExtension",
+ "command_options": "-c id -f value"
+ },
+ {
+ "name": "add_subject",
+ "command": "subject add demo --password nomoresecrete",
+ "result": "",
+ "description": "Add demo subject.",
+ "command_options": ""
+ },
+ {
+ "name": "list_subject",
+ "command": "subject list",
+ "result": "(?P<uuid_subject_demo_admin>\\w+)\\s+demo",
+ "description": "Check that admin subject was added."
+ },
+
+ {
+ "name": "demo: check nova command",
+ "external_command": "nova --os-user-name demo list",
+ "result": "test_moonclient",
+ "description": "Check demo cant list nova servers due to the current rules"
+ },
+ {
+ "name": "demo: try to pause nova instance",
+ "external_command": "nova --os-user-name demo pause $uuid_server",
+ "result": "^$",
+ "description": "Pausing the server must be impossible due to the current rules"
+ },
+ {
+ "name": "check nova command",
+ "external_command": "nova --os-user-name demo list",
+ "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running",
+ "description": "Check that nova server is still in running state."
+ },
+
+ {
+ "name": "list tenant",
+ "command": "tenant list",
+ "result": "demo",
+ "description": "Check if tenant demo is used."
+ },
+
+ {
+ "name": "select_authz_ie",
+ "command": "intraextension select $uuid_authz",
+ "result": "Select $uuid_authz IntraExtension.",
+ "description": "Select the authz IntraExtension",
+ "command_options": ""
+ },
+ {
+ "name": "check_select_authz_ie",
+ "command": "intraextension show selected",
+ "result": "$uuid_authz",
+ "description": "Check the selected authz IntraExtension",
+ "command_options": "-c id -f value"
+ },
+
+ {
+ "auth_name": "demo",
+ "description": "Change user to demo"
+ },
+
+ {
+ "name": "add_object",
+ "command": "object add $uuid_server",
+ "result": "",
+ "description": "Add the new nova server",
+ "command_options": ""
+ },
+ {
+ "name": "list_object",
+ "command": "object list",
+ "result": "(?P<uuid_object_nova_server>\\w+)\\s+$uuid_server",
+ "description": "Check that the new nova server was added."
+ },
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low",
+ "result": "^$",
+ "description": "Set the assignment 'low' to nova server",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz",
+ "result": "$uuid_object_scope_low low",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "check nova command",
+ "external_command": "nova list",
+ "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running",
+ "description": "Check that we can now list nova servers due to the current rules"
+ },
+ {
+ "name": "try to pause nova instance",
+ "external_command": "nova pause $uuid_server",
+ "result": "^$",
+ "description": "Pausing the server must be possible now"
+ },
+ {
+ "name": "check nova command",
+ "external_command": "nova list",
+ "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused",
+ "description": "Check that we can still list nova servers due to the current rules"
+ },
+ {
+ "name": "reactivate nova instance",
+ "external_command": "nova unpause $uuid_server",
+ "result": "^$",
+ "description": "Unpausing the server for next tests"
+ },
+
+ {
+ "name": "del_assignment",
+ "command": "object assignment delete $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low",
+ "result": "^$",
+ "description": "Delete the assignment 'low' to nova server",
+ "command_options": ""
+ },
+ {
+ "name": "add_assignment",
+ "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_high",
+ "result": "^$",
+ "description": "Set the assignment 'high' to nova server",
+ "command_options": ""
+ },
+ {
+ "name": "check_added_assignment",
+ "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz",
+ "result": "$uuid_object_scope_high high",
+ "description": "Check added assignment.",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "check nova command",
+ "external_command": "nova list",
+ "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running",
+ "description": "Check that we can now list nova servers due to the current rules"
+ },
+ {
+ "name": "try to pause nova instance",
+ "external_command": "nova pause $uuid_server",
+ "result": "^$",
+ "description": "Pausing the server must be not possible now"
+ },
+ {
+ "name": "check nova command",
+ "external_command": "nova list",
+ "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running",
+ "description": "Check that we can still list nova servers due to the current rules"
+ },
+
+
+ {
+ "name": "delete_authz_intra_extension",
+ "command": "intraextension delete $uuid_authz",
+ "result": "",
+ "description": "Delete the authz intra extension",
+ "command_options": ""
+ },
+ {
+ "name": "delete_tenant",
+ "command": "tenant delete $uuid",
+ "result": "",
+ "description": "Delete the tenant demo",
+ "command_options": ""
+ },
+ {
+ "name": "nova delete new server",
+ "external_command": "nova delete $uuid_server",
+ "result": "",
+ "description": "Delete the new server"
+ }
+ ]
+ }
+} \ No newline at end of file
diff --git a/moonclient/moonclient/tests/tests_root_intraextensions.json b/moonclient/moonclient/tests/tests_root_intraextensions.json
new file mode 100644
index 00000000..339136d0
--- /dev/null
+++ b/moonclient/moonclient/tests/tests_root_intraextensions.json
@@ -0,0 +1,43 @@
+{
+ "command_options": "-f value",
+ "tests_group": {
+ "main": [
+
+ {
+ "name": "list_intraextension",
+ "command": "intraextension list",
+ "result": "(?P<uuid_root>\\w+)\\s+policy_root",
+ "description": "Check the existence of the root intra extension",
+ "command_options": "-c id -c name -f value"
+ },
+
+ {
+ "name": "select root ie",
+ "command": "intraextension select $uuid_root",
+ "result": "Select $uuid_root IntraExtension.",
+ "description": "Select the root intra extension to work with",
+ "command_options": ""
+ },
+ {
+ "name": "check_admin_user",
+ "command": "subject list",
+ "result": "admin",
+ "description": "Check that admin user was added"
+ },
+ {
+ "name": "check_submetarule",
+ "command": "submetarule show",
+ "result": "(?P<uuid_submetarule>\\w+)\\s+rbac_rule",
+ "description": "Check that submetarule was added"
+ },
+ {
+ "name": "check_rule",
+ "command": "rule list $uuid_submetarule",
+ "result": "root_role",
+ "description": "Check that rules were added"
+ }
+
+
+ ]
+ }
+} \ No newline at end of file
diff --git a/moonclient/setup.py b/moonclient/setup.py
index e048bf97..71ea704b 100644
--- a/moonclient/setup.py
+++ b/moonclient/setup.py
@@ -73,6 +73,7 @@ setup(
'intraextension_list = moonclient.intraextension:IntraExtensionList',
'intraextension_delete = moonclient.intraextension:IntraExtensionDelete',
'intraextension_show = moonclient.intraextension:IntraExtensionShow',
+ 'intraextension_init = moonclient.intraextension:IntraExtensionInit',
'subject_list = moonclient.subjects:SubjectsList',
'subject_add = moonclient.subjects:SubjectsAdd',