diff options
-rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 4 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 39 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/routers.py | 6 | ||||
-rw-r--r-- | moonclient/moonclient/intraextension.py | 15 | ||||
-rw-r--r-- | moonclient/moonclient/shell.py | 16 | ||||
-rw-r--r-- | moonclient/moonclient/tests.py | 4 | ||||
-rw-r--r-- | moonclient/moonclient/tests/tests_admin_intraextensions.json | 123 | ||||
-rw-r--r-- | moonclient/moonclient/tests/tests_empty_policy_new_user.json | 3471 | ||||
-rw-r--r-- | moonclient/moonclient/tests/tests_root_intraextensions.json | 43 | ||||
-rw-r--r-- | moonclient/setup.py | 1 |
10 files changed, 3700 insertions, 22 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 58e62a28..84e27fa3 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -208,6 +208,10 @@ class IntraExtensions(controller.V3Controller): intra_extension_dict['description'] = kw.get('intra_extension_description', None) return self.admin_api.set_intra_extension_dict(user_id, intra_extension_id, intra_extension_dict) + @controller.protected() + def load_root_intra_extension(self, context, **kw): + self.admin_api.load_root_intra_extension_dict() + # Metadata functions @controller.protected() def get_subject_categories(self, context, **kw): diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 6f9832e9..a227174c 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -176,28 +176,27 @@ def enforce(action_names, object_name, **extra): else: intra_extension_id = intra_root_extension_id + try: + tenants_dict = self.tenant_api.driver.get_tenants_dict() + except AttributeError: + tenants_dict = self.driver.get_tenants_dict() if self.root_api.is_admin_subject(user_id): # TODO: check if there is no security hole here + self.moonlog_api.driver.info("Authorizing because it is the user admin of the root intra-extension") returned_value_for_func = func(*args, **kwargs) else: intra_extensions_dict = self.admin_api.driver.get_intra_extensions_dict() if intra_extension_id not in intra_extensions_dict: # if id is not an intra_extension, maybe it is a tenant id - try: - tenants_dict = self.tenant_api.driver.get_tenants_dict() - except AttributeError: - tenants_dict = self.driver.get_tenants_dict() + intra_extension_id = intra_root_extension_id if intra_extension_id in tenants_dict: # id is in fact a tenant id so, we must check against the Root intra_extension intra_extension_id = intra_root_extension_id + LOG.warning("intra_extension_id is a tenant ID ({})".format(intra_extension_id)) else: # id is not a known tenant ID, so we must check against the Root intra_extension intra_extension_id = intra_root_extension_id - LOG.warning("Cannot enforce because the intra-extension is unknown ({})".format(intra_extension_id)) - try: - tenants_dict = self.tenant_api.driver.get_tenants_dict() - except AttributeError: - tenants_dict = self.driver.get_tenants_dict() + LOG.warning("Cannot enforce because the intra-extension is unknown (fallback to the root intraextension)") for _tenant_id in tenants_dict: if tenants_dict[_tenant_id]['intra_authz_extension_id'] == intra_extension_id or \ tenants_dict[_tenant_id]['intra_admin_extension_id'] == intra_extension_id: @@ -261,7 +260,9 @@ def enforce(action_names, object_name, **extra): authz_result = False for action_id in action_id_list: - if self.admin_api.authz(intra_admin_extension_id, user_id, object_id, action_id): + res = self.admin_api.authz(intra_admin_extension_id, user_id, object_id, action_id) + self.moonlog_api.info("res={}".format(res)) + if res: authz_result = True else: self.moonlog_api.authz("No authorization for ({} {}-{}-{})".format( @@ -519,6 +520,13 @@ class IntraExtensionManager(manager.Manager): } """ authz_buffer = dict() + # Sometimes it is not the subject ID but the User Keystone ID, so, we have to check + subjects_dict = self.driver.get_subjects_dict(intra_extension_id) + if subject_id not in subjects_dict.keys(): + for _subject_id in subjects_dict: + if subjects_dict[_subject_id]['keystone_id']: + subject_id = _subject_id + break authz_buffer['subject_id'] = subject_id authz_buffer['object_id'] = object_id authz_buffer['action_id'] = action_id @@ -882,7 +890,7 @@ class IntraExtensionManager(manager.Manager): self.__load_rule_file(ie_dict, template_dir) return ref - def load_root_intra_extension_dict(self, policy_template): + def load_root_intra_extension_dict(self, policy_template=CONF.moon.root_policy_directory): # Note (asteroide): Only one root Extension is authorized # and this extension is created at the very beginning of the server # so we don't need to use enforce here @@ -897,13 +905,8 @@ class IntraExtensionManager(manager.Manager): ie_dict["genre"] = "admin" ie_dict["description"] = "policy_root" ref = self.driver.set_intra_extension_dict(ie_dict['id'], ie_dict) - try: - self.moonlog_api.debug("Creation of IE: {}".format(ref)) - except AttributeError: - pass - # Creation of the root intra extension raise an error here because - # self.moonlog_api doesn't exist. - # FIXME (asteroide): understand why moonlog_api raise an error here... + self.moonlog_api.debug("Creation of root IE: {}".format(ref)) + # read the template given by "model" and populate default variables template_dir = os.path.join(CONF.moon.policy_directory, ie_dict["model"]) self.__load_metadata_file(ie_dict, template_dir) diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py index 357ae060..fd1c0adf 100644 --- a/keystone-moon/keystone/contrib/moon/routers.py +++ b/keystone-moon/keystone/contrib/moon/routers.py @@ -89,6 +89,12 @@ class Routers(wsgi.V3ExtensionRouter): # IntraExtensions/Admin route self._add_resource( mapper, intra_ext_controller, + path=self.PATH_PREFIX+'/intra_extensions/init', + get_action='load_root_intra_extension', + rel=self._get_rel('intra_extensions'), + path_vars={}) + self._add_resource( + mapper, intra_ext_controller, path=self.PATH_PREFIX+'/intra_extensions', get_action='get_intra_extensions', post_action='add_intra_extension', diff --git a/moonclient/moonclient/intraextension.py b/moonclient/moonclient/intraextension.py index 569a99ff..24286dd9 100644 --- a/moonclient/moonclient/intraextension.py +++ b/moonclient/moonclient/intraextension.py @@ -110,6 +110,21 @@ class IntraExtensionDelete(Command): authtoken=True) +class IntraExtensionInit(Command): + """Initialize the root Intra_Extension (if needed).""" + + log = logging.getLogger(__name__) + + def get_parser(self, prog_name): + parser = super(IntraExtensionInit, self).get_parser(prog_name) + return parser + + def take_action(self, parsed_args): + self.app.get_url("/v3/OS-MOON/intra_extensions/init", + method="GET", + authtoken=True) + + class IntraExtensionShow(ShowOne): """Show detail about one Intra_Extension.""" diff --git a/moonclient/moonclient/shell.py b/moonclient/moonclient/shell.py index 49422a45..5e40bf40 100644 --- a/moonclient/moonclient/shell.py +++ b/moonclient/moonclient/shell.py @@ -150,9 +150,21 @@ class MoonClient(App): content = resp.read() conn.close() try: - return json.loads(content) + content = json.loads(content) + if "error" in content: + try: + raise Exception("Getting an error while requiring {} ({}: {}, {})".format( + url, + content['error']['code'], + content['error']['title'], + content['error']['message'], + )) + except ValueError: + raise Exception("Getting an error while requiring {} ({})".format(url, content)) + return content except ValueError: - return {"content": content} + raise Exception("Getting an error while requiring {} ({})".format(url, content)) + # return {"content": content} def auth_keystone(self, username=None, password=None, host=None, port=None): """Send a new authentication request to Keystone diff --git a/moonclient/moonclient/tests.py b/moonclient/moonclient/tests.py index ea722955..6484009f 100644 --- a/moonclient/moonclient/tests.py +++ b/moonclient/moonclient/tests.py @@ -93,7 +93,7 @@ class TestsLaunch(Lister): if port: title += ":" + port title += "\n" - self.logfile.write(title) + self.logfile.write(title + "\n") self.log.info(title) data_tmp = list() data_tmp.append("") @@ -141,7 +141,7 @@ class TestsLaunch(Lister): data_tmp.append(group_name) data_tmp.append(test["name"]) compare = self.__compare_results(self.__replace_var_in_str(test["result"]), result_str) - self.logfile.write("----->{} ({})\n\n".format(compare, self.__replace_var_in_str(test["result"]))) + self.logfile.write("\\---->{}: {}\n\n".format(compare, self.__replace_var_in_str(test["result"]))) if error_str: if compare: compare = "\033[33mTrue\033[m" diff --git a/moonclient/moonclient/tests/tests_admin_intraextensions.json b/moonclient/moonclient/tests/tests_admin_intraextensions.json new file mode 100644 index 00000000..40ac04a3 --- /dev/null +++ b/moonclient/moonclient/tests/tests_admin_intraextensions.json @@ -0,0 +1,123 @@ +{ + "command_options": "-f value", + "tests_group": { + "main": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!alt_demo)", + "description": "List all tenants (must be empty)" + }, + { + "name": "add tenant alt_demo", + "command": "tenant add alt_demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant alt_demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+alt_demo", + "description": "Check that tenant alt_demo has been correctly added" + }, + { + "name": "create_intraextension_admin", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", + "result": "IntraExtension created: (?P<uuid_admin>\\w+)", + "description": "Create an admin intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_admin", + "command": "intraextension list", + "result": "$uuid_admin", + "description": "Check the existence of that admin intra extension" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension add --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "check authz ie for tenant alt_demo", + "command": "tenant list", + "result": "alt_demo $uuid_authz", + "description": "Check that authz ie has been correctly added for tenant alt_demo ", + "command_options": "-c name -c intra_authz_extension_id -f value" + }, + { + "name": "set_tenant_admin", + "command": "tenant set --admin $uuid_admin $uuid", + "result": "", + "description": "Connect the admin intra extension to the tenant alt_demo", + "command_options": "" + }, + { + "name": "check admin ie for tenant alt_demo", + "command": "tenant list", + "result": "alt_demo $uuid_admin", + "description": "Check that admin ie has been correctly added for tenant alt_demo ", + "command_options": "-c name -c intra_admin_extension_id -f value" + }, + + { + "name": "select admin ie", + "command": "intraextension select $uuid_admin", + "result": "Select $uuid_admin IntraExtension.", + "description": "Select the admin intra extension to work with", + "command_options": "" + }, + { + "name": "check_admin_user", + "command": "subject list", + "result": "admin", + "description": "Check that admin user was added" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "rbac", + "description": "Check that submetarule was added" + }, + + + { + "name": "delete_admin_intra_extension", + "command": "intraextension delete $uuid_admin", + "result": "", + "description": "Delete the admin intra extension", + "command_options": "" + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant alt_demo", + "command_options": "" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_empty_policy_new_user.json b/moonclient/moonclient/tests/tests_empty_policy_new_user.json new file mode 100644 index 00000000..6344a3e7 --- /dev/null +++ b/moonclient/moonclient/tests/tests_empty_policy_new_user.json @@ -0,0 +1,3471 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "nova image-list", + "external_command": "nova image-list", + "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros-0.3.4-x86_64-uec", + "description": "Get an Image ID" + }, + { + "name": "nova boot new server", + "external_command": "nova boot --flavor m1.micro --image $uuid_image test_moonclient", + "result": "\\| OS-EXT-STS\\:vm_state\\s+\\| building", + "description": "Boot a new nova server." + }, + { + "name": "sleep", + "external_command": "sleep 10", + "result": "", + "description": "time for server to really boot" + }, + { + "name": "nova get new server", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Get the ID of the new server" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!demo)", + "description": "Check if tenant demo is used." + }, + { + "name": "add tenant demo", + "command": "tenant add demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+demo", + "description": "Check that tenant demo has been correctly added" + }, + { + "name": "add role admin to demo", + "external_command": "keystone user-role-add --user demo --role admin --tenant demo", + "result": "", + "description": "Add role admin to user demo (an error may occurred)" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension add --policy_model policy_empty_authz empty_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject", + "command": "subject add admin --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", + "description": "Check that admin subject was added." + }, + { + "name": "add_subject", + "command": "subject add demo --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", + "description": "Check that demo subject was added." + }, + { + "name": "add_object", + "command": "object add servers", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_servers>\\w+)\\s+servers", + "description": "Check that servers subject was added." + }, + { + "name": "add_action", + "command": "action add pause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_pause>\\w+)\\s+pause", + "description": "Check that pause action was added." + }, + { + "name": "add_action", + "command": "action add unpause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", + "description": "Check that unpause action was added." + }, + { + "name": "add_action", + "command": "action add list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_list>\\w+)\\s+list", + "description": "Check that list action was added." + }, + { + "name": "add_action", + "command": "action add start", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_start>\\w+)\\s+start", + "description": "Check that start action was added." + }, + { + "name": "add_action", + "command": "action add stop", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_stop>\\w+)\\s+stop", + "description": "Check that stop action was added." + }, + { + "name": "add_action", + "command": "action add create", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_create>\\w+)\\s+create", + "description": "Check that create action was added." + }, + { + "name": "add_action", + "command": "action add upload", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_upload>\\w+)\\s+upload", + "description": "Check that upload action was added." + }, + { + "name": "add_action", + "command": "action add download", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_download>\\w+)\\s+download", + "description": "Check that download action was added." + }, + { + "name": "add_action", + "command": "action add post", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_post>\\w+)\\s+post", + "description": "Check that post action was added." + }, + { + "name": "add_action", + "command": "action add storage_list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", + "description": "Check that storage_list action was added." + }, + + { + "name": "add_subject_category", + "command": "subject category add subject_security_level", + "result": "", + "description": "Add the new subject category subject_security_level", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category_authz>\\w+)\\s+subject_security_level", + "description": "Check that subject_security_level subject_category was added." + }, + { + "name": "add_object_category", + "command": "object category add object_security_level", + "result": "", + "description": "Add the new object category object_security_level", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category_authz>\\w+)\\s+object_security_level", + "description": "Check that object_security_level object_category was added." + }, + { + "name": "add_action_category", + "command": "action category add resource_action", + "result": "", + "description": "Add the new action category resource_action", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "action category list", + "result": "(?P<uuid_action_category_authz>\\w+)\\s+resource_action", + "description": "Check that resource_action action_category was added." + }, + + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category_authz high --description \"high\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category_authz", + "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category_authz medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category_authz", + "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category_authz low --description \"low\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category_authz", + "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_authz high --description \"high\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_authz", + "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_authz medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_authz", + "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_authz low --description \"low\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_authz", + "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category_authz vm_admin --description \"vm_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category_authz", + "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category_authz vm_access --description \"vm_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category_authz", + "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category_authz storage_admin --description \"storage_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category_authz", + "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category_authz storage_access --description \"storage_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category_authz", + "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_authz $uuid_subject_scope_high", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_authz", + "result": "$uuid_subject_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_demo $uuid_subject_category_authz $uuid_subject_scope_medium", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_demo $uuid_subject_category_authz", + "result": "$uuid_subject_scope_medium medium", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_servers $uuid_object_category_authz $uuid_object_scope_low", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_servers $uuid_object_category_authz", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_pause $uuid_action_category_authz $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_pause $uuid_action_category_authz", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_unpause $uuid_action_category_authz $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_unpause $uuid_action_category_authz", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_start $uuid_action_category_authz $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_start $uuid_action_category_authz", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_stop $uuid_action_category_authz $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_stop $uuid_action_category_authz", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category_authz", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category_authz", + "result": "$uuid_action_scope_vm_access vm_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_create $uuid_action_category_authz $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_create $uuid_action_category_authz", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_storage_list $uuid_action_category_authz $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_storage_list $uuid_action_category_authz", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_download $uuid_action_category_authz $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_download $uuid_action_category_authz", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_upload $uuid_action_category_authz $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_upload $uuid_action_category_authz", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_post $uuid_action_category_authz $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_post $uuid_action_category_authz", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check_submetarules", + "command": "submetarule show", + "result": "(?P<submetarule_uuid_authz>\\w+)", + "description": "Get one submetarule ID", + "command_options": "-c id -f value" + }, + { + "name": "set_submetarule", + "command": "submetarule set $submetarule_uuid_authz --subject_category_id=\"$uuid_subject_category_authz\" --object_category_id=\"$uuid_object_category_authz\" --action_category_id=\"$uuid_action_category_authz\"", + "result": "^$", + "description": "Set a new submetarule", + "command_options": "" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid_authz \\s*subject_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"subject categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid_authz \\s*object_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"object categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid_authz \\s*resource_action", + "description": "Check the new submetarule", + "command_options": "-c id -c \"action categories\" -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,vm_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"medium,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,vm_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"medium,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,storage_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"medium,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,storage_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"high,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_authz \"medium,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_authz", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm list", + "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", + "description": "Get aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set aggregation algorithm", + "command": "aggregation algorithm set $uuid_aggregation", + "result": "", + "description": "Set aggregation algorithm to one_true.", + "command_options": "" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm show", + "result": "$uuid_aggregation\\s+one_true", + "description": "Check aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "get submetarule algorithm", + "command": "submetarule algorithm list", + "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", + "description": "Get submetarule algorithm named inclusion.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set submetarule algorithm", + "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_authz", + "result": "", + "description": "Set submetarule algorithm to inclusion.", + "command_options": "" + }, + + { + "name": "create_intraextension_admin", + "command": "intraextension add --policy_model policy_empty_admin empty_admin_test", + "result": "IntraExtension created: (?P<uuid_admin>\\w+)", + "description": "Create an admin intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_admin", + "description": "Check the existence of that admin intra extension" + }, + { + "name": "set_tenant_admin", + "command": "tenant set --admin $uuid_admin $uuid", + "result": "", + "description": "Connect the admin intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + { + "name": "select_admin_ie", + "command": "intraextension select $uuid_admin", + "result": "Select $uuid_admin IntraExtension.", + "description": "Select the admin IntraExtension", + "command_options": "" + }, + { + "name": "check_select_admin_ie", + "command": "intraextension show selected", + "result": "$uuid_admin", + "description": "Check the selected admin IntraExtension", + "command_options": "-c id -f value" + }, + + { + "name": "add_subject", + "command": "subject add admin --password nomoresecrete", + "result": "", + "description": "Add admin subject.", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", + "description": "Check that admin subject was already there." + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_subjects>\\w+)\\s+authz.subjects", + "description": "Check that authz_subjects subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_objects>\\w+)\\s+authz.objects", + "description": "Check that authz_objects subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_actions>\\w+)\\s+authz.actions", + "description": "Check that authz_actions subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_subject_categories>\\w+)\\s+authz.subject_categories", + "description": "Check that authz_subject_categories subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_object_categories>\\w+)\\s+authz.object_categories", + "description": "Check that authz_object_categories subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_action_categories>\\w+)\\s+authz.action_categories", + "description": "Check that authz_action_categories subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_subject_scopes>\\w+)\\s+authz.subject_scopes", + "description": "Check that authz_subject_scopes subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_object_scopes>\\w+)\\s+authz.object_scopes", + "description": "Check that authz_object_scopes subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_action_scopes>\\w+)\\s+authz.action_scopes", + "description": "Check that authz_action_scopes subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_subject_assignments>\\w+)\\s+authz.subject_assignments", + "description": "Check that authz_subject_assignments subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_object_assignments>\\w+)\\s+authz.object_assignments", + "description": "Check that authz_object_assignments subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_action_assignments>\\w+)\\s+authz.action_assignments", + "description": "Check that authz_action_assignments subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_aggregation_algorithm>\\w+)\\s+authz.aggregation_algorithm", + "description": "Check that authz_aggregation_algorithm subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_sub_meta_rules>\\w+)\\s+authz.sub_meta_rules", + "description": "Check that authz_sub_meta_rules subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_authz_rules>\\w+)\\s+authz.rules", + "description": "Check that authz_rules subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_subjects>\\w+)\\s+admin.subjects", + "description": "Check that admin_subjects subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_objects>\\w+)\\s+admin.objects", + "description": "Check that admin_objects subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_actions>\\w+)\\s+admin.actions", + "description": "Check that admin_actions subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_subject_categories>\\w+)\\s+admin.subject_categories", + "description": "Check that admin_subject_categories subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_object_categories>\\w+)\\s+admin.object_categories", + "description": "Check that admin_object_categories subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_action_categories>\\w+)\\s+admin.action_categories", + "description": "Check that admin_action_categories subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_subject_scopes>\\w+)\\s+admin.subject_scopes", + "description": "Check that admin_subject_scopes subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_object_scopes>\\w+)\\s+admin.object_scopes", + "description": "Check that admin_object_scopes subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_action_scopes>\\w+)\\s+admin.action_scopes", + "description": "Check that admin_action_scopes subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_subject_assignments>\\w+)\\s+admin.subject_assignments", + "description": "Check that admin_subject_assignments subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_object_assignments>\\w+)\\s+admin.object_assignments", + "description": "Check that admin_object_assignments subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_action_assignments>\\w+)\\s+admin.action_assignments", + "description": "Check that admin_action_assignments subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_aggregation_algorithm>\\w+)\\s+admin.aggregation_algorithm", + "description": "Check that admin_aggregation_algorithm subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_sub_meta_rules>\\w+)\\s+admin.sub_meta_rules", + "description": "Check that admin_sub_meta_rules subject was already there." + }, + + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_admin_rules>\\w+)\\s+admin.rules", + "description": "Check that admin_rules subject was already there." + }, + + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_read>\\w+)\\s+read", + "description": "Check that read action was already there." + }, + + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_write>\\w+)\\s+write", + "description": "Check that write action was already there." + }, + + { + "name": "add_subject_category", + "command": "subject category add role", + "result": "", + "description": "Add the new subject category role", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category_admin>\\w+)\\s+role", + "description": "Check that role subject_category was added." + }, + { + "name": "add_object_category", + "command": "object category add object_id", + "result": "", + "description": "Add the new object category object_id", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category_admin>\\w+)\\s+object_id", + "description": "Check that object_id object_category was added." + }, + { + "name": "add_action_category", + "command": "action category add action_id", + "result": "", + "description": "Add the new action category action_id", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "action category list", + "result": "(?P<uuid_action_category_admin>\\w+)\\s+action_id", + "description": "Check that action_id action_category was added." + }, + + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category_admin root_role --description \"root role\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category_admin", + "result": "(?P<uuid_subject_scope_root_role>\\w+)\\s+root_role\\s+root role", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category_admin dev_role --description \"dev role\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category_admin", + "result": "(?P<uuid_subject_scope_dev_role>\\w+)\\s+dev_role\\s+dev role", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_subjects --description \"authz subjects\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_subjects>\\w+)\\s+authz.subjects\\s+authz subjects", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_objects --description \"authz objects\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_objects>\\w+)\\s+authz.objects\\s+authz objects", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_actions --description \"authz actions\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_actions>\\w+)\\s+authz.actions\\s+authz actions", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_subject_categories --description \"authz subject categories\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_subject_categories>\\w+)\\s+authz.subject_categories\\s+authz subject categories", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_object_categories --description \"authz object categories\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_object_categories>\\w+)\\s+authz.object_categories\\s+authz object categories", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_action_categories --description \"authz action categories\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_action_categories>\\w+)\\s+authz.action_categories\\s+authz action categories", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_subject_scopes --description \"authz subject scopes\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_subject_scopes>\\w+)\\s+authz.subject_scopes\\s+authz subject scopes", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_object_scopes --description \"authz object scopes\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_object_scopes>\\w+)\\s+authz.object_scopes\\s+authz object scopes", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_action_scopes --description \"authz action scopes\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_action_scopes>\\w+)\\s+authz.action_scopes\\s+authz action scopes", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_subject_assignments --description \"authz subject assignments\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_subject_assignments>\\w+)\\s+authz.subject_assignments\\s+authz subject assignments", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_object_assignments --description \"authz object assignments\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_object_assignments>\\w+)\\s+authz.object_assignments\\s+authz object assignments", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_action_assignments --description \"authz action assignments\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_action_assignments>\\w+)\\s+authz.action_assignments\\s+authz action assignments", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_aggregation_algorithm --description \"authz aggregation algorithm\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_aggregation_algorithm>\\w+)\\s+authz.aggregation_algorithm\\s+authz aggregation algorithm", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_sub_meta_rules --description \"authz sub meta rules\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_sub_meta_rules>\\w+)\\s+authz.sub_meta_rules\\s+authz sub meta rules", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin authz_rules --description \"authz rules\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_authz_rules>\\w+)\\s+authz.rules\\s+authz rules", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_subjects --description \"admin subjects\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_subjects>\\w+)\\s+admin.subjects\\s+admin subjects", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_objects --description \"admin objects\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_objects>\\w+)\\s+admin.objects\\s+admin objects", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_actions --description \"admin actions\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_actions>\\w+)\\s+admin.actions\\s+admin actions", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_subject_categories --description \"admin subject categories\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_subject_categories>\\w+)\\s+admin.subject_categories\\s+admin subject categories", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_object_categories --description \"admin object categories\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_object_categories>\\w+)\\s+admin.object_categories\\s+admin object categories", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_action_categories --description \"admin action categories\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_action_categories>\\w+)\\s+admin.action_categories\\s+admin action categories", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_subject_scopes --description \"admin subject scopes\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_subject_scopes>\\w+)\\s+admin.subject_scopes\\s+admin subject scopes", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_object_scopes --description \"admin object scopes\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_object_scopes>\\w+)\\s+admin.object_scopes\\s+admin object scopes", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_action_scopes --description \"admin action scopes\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_action_scopes>\\w+)\\s+admin.action_scopes\\s+admin action scopes", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_subject_assignments --description \"admin subject assignments\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_subject_assignments>\\w+)\\s+admin.subject_assignments\\s+admin subject assignments", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_object_assignments --description \"admin object assignments\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_object_assignments>\\w+)\\s+admin.object_assignments\\s+admin object assignments", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_action_assignments --description \"admin action assignments\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_action_assignments>\\w+)\\s+admin.action_assignments\\s+admin action assignments", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_aggregation_algorithm --description \"admin aggregation algorithm\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_aggregation_algorithm>\\w+)\\s+admin.aggregation_algorithm\\s+admin aggregation algorithm", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_sub_meta_rules --description \"admin sub meta rules\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_sub_meta_rules>\\w+)\\s+admin.sub_meta_rules\\s+admin sub meta rules", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_scope", + "command": "object scope add $uuid_object_category_admin admin_rules --description \"admin rules\"", + "result": "^$", + "description": "Add one scope to object category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category_admin", + "result": "(?P<uuid_object_scope_admin_rules>\\w+)\\s+admin.rules\\s+admin rules", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category_admin read --description \"read\"", + "result": "^$", + "description": "Add one scope to action category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category_admin", + "result": "(?P<uuid_action_scope_read>\\w+)\\s+read\\s+read", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category_admin write --description \"write\"", + "result": "^$", + "description": "Add one scope to action category", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category_admin", + "result": "(?P<uuid_action_scope_write>\\w+)\\s+write\\s+write", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_admin $uuid_subject_scope_root_role", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_admin", + "result": "$uuid_subject_scope_root_role root_role", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_subjects $uuid_object_category_admin $uuid_object_scope_authz_subjects", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_subjects $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_subjects authz_subjects", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_objects $uuid_object_category_admin $uuid_object_scope_authz_objects", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_objects $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_objects authz_objects", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_actions $uuid_object_category_admin $uuid_object_scope_authz_actions", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_actions $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_actions authz_actions", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_subject_categories $uuid_object_category_admin $uuid_object_scope_authz_subject_categories", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_subject_categories $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_subject_categories authz_subject_categories", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_object_categories $uuid_object_category_admin $uuid_object_scope_authz_object_categories", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_object_categories $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_object_categories authz_object_categories", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_action_categories $uuid_object_category_admin $uuid_object_scope_authz_action_categories", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_action_categories $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_action_categories authz_action_categories", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_subject_scopes $uuid_object_category_admin $uuid_object_scope_authz_subject_scopes", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_subject_scopes $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_subject_scopes authz_subject_scopes", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_object_scopes $uuid_object_category_admin $uuid_object_scope_authz_object_scopes", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_object_scopes $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_object_scopes authz_object_scopes", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_action_scopes $uuid_object_category_admin $uuid_object_scope_authz_action_scopes", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_action_scopes $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_action_scopes authz_action_scopes", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_subject_assignments $uuid_object_category_admin $uuid_object_scope_authz_subject_assignments", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_subject_assignments $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_subject_assignments authz_subject_assignments", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_object_assignments $uuid_object_category_admin $uuid_object_scope_authz_object_assignments", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_object_assignments $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_object_assignments authz_object_assignments", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_action_assignments $uuid_object_category_admin $uuid_object_scope_authz_action_assignments", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_action_assignments $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_action_assignments authz_action_assignments", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_authz_aggregation_algorithm", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_aggregation_algorithm authz_aggregation_algorithm", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_authz_sub_meta_rules", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_sub_meta_rules $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_sub_meta_rules authz_sub_meta_rules", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_authz_rules $uuid_object_category_admin $uuid_object_scope_authz_rules", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_authz_rules $uuid_object_category_admin", + "result": "$uuid_object_scope_authz_rules authz_rules", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_subjects $uuid_object_category_admin $uuid_object_scope_admin_subjects", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_subjects $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_subjects admin_subjects", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_objects $uuid_object_category_admin $uuid_object_scope_admin_objects", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_objects $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_objects admin_objects", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_actions $uuid_object_category_admin $uuid_object_scope_admin_actions", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_actions $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_actions admin_actions", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_subject_categories $uuid_object_category_admin $uuid_object_scope_admin_subject_categories", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_subject_categories $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_subject_categories admin_subject_categories", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_object_categories $uuid_object_category_admin $uuid_object_scope_admin_object_categories", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_object_categories $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_object_categories admin_object_categories", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_action_categories $uuid_object_category_admin $uuid_object_scope_admin_action_categories", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_action_categories $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_action_categories admin_action_categories", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_subject_scopes $uuid_object_category_admin $uuid_object_scope_admin_subject_scopes", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_subject_scopes $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_subject_scopes admin_subject_scopes", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_object_scopes $uuid_object_category_admin $uuid_object_scope_admin_object_scopes", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_object_scopes $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_object_scopes admin_object_scopes", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_action_scopes $uuid_object_category_admin $uuid_object_scope_admin_action_scopes", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_action_scopes $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_action_scopes admin_action_scopes", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_subject_assignments $uuid_object_category_admin $uuid_object_scope_admin_subject_assignments", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_subject_assignments $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_subject_assignments admin_subject_assignments", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_object_assignments $uuid_object_category_admin $uuid_object_scope_admin_object_assignments", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_object_assignments $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_object_assignments admin_object_assignments", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_action_assignments $uuid_object_category_admin $uuid_object_scope_admin_action_assignments", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_action_assignments $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_action_assignments admin_action_assignments", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_admin_aggregation_algorithm", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_aggregation_algorithm admin_aggregation_algorithm", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_admin_sub_meta_rules", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_sub_meta_rules $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_sub_meta_rules admin_sub_meta_rules", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_admin_rules $uuid_object_category_admin $uuid_object_scope_admin_rules", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_admin_rules $uuid_object_category_admin", + "result": "$uuid_object_scope_admin_rules admin_rules", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_read $uuid_action_category_admin $uuid_action_scope_read", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_read $uuid_action_category_admin", + "result": "$uuid_action_scope_read read", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_write $uuid_action_category_admin $uuid_action_scope_write", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_write $uuid_action_category_admin", + "result": "$uuid_action_scope_write write", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check_submetarules", + "command": "submetarule show", + "result": "(?P<submetarule_uuid_admin>\\w+)", + "description": "Get one submetarule ID", + "command_options": "-c id -f value" + }, + { + "name": "set_submetarule", + "command": "submetarule set $submetarule_uuid_admin --subject_category_id=\"$uuid_subject_category_admin\" --object_category_id=\"$uuid_object_category_admin\" --action_category_id=\"$uuid_action_category_admin\"", + "result": "^$", + "description": "Set a new submetarule", + "command_options": "" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid_admin \\s*role", + "description": "Check the new submetarule", + "command_options": "-c id -c \"subject categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid_admin \\s*object_id", + "description": "Check the new submetarule", + "command_options": "-c id -c \"object categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid_admin \\s*action_id", + "description": "Check the new submetarule", + "command_options": "-c id -c \"action categories\" -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subjects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subjects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_objects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.objects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_actions\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.actions", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_aggregation_algorithm\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.aggregation_algorithm", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_sub_meta_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.sub_meta_rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subjects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subjects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_objects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.objects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_actions\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.actions", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_aggregation_algorithm\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.aggregation_algorithm", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_sub_meta_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.sub_meta_rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subjects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subjects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_objects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.objects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_actions\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.actions", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_aggregation_algorithm\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.aggregation_algorithm", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_sub_meta_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.sub_meta_rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subjects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subjects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_objects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.objects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_actions\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.actions", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_categories\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_categories", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_scopes\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_scopes", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_aggregation_algorithm\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.aggregation_algorithm", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_sub_meta_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.sub_meta_rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_rules\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.rules", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm list", + "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", + "description": "Get aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set aggregation algorithm", + "command": "aggregation algorithm set $uuid_aggregation", + "result": "", + "description": "Set aggregation algorithm to one_true.", + "command_options": "" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm show", + "result": "$uuid_aggregation\\s+one_true", + "description": "Check aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "get submetarule algorithm", + "command": "submetarule algorithm list", + "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", + "description": "Get submetarule algorithm named inclusion.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set submetarule algorithm", + "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_admin", + "result": "", + "description": "Set submetarule algorithm to inclusion.", + "command_options": "" + }, + + { + "name": "select_admin_ie", + "command": "intraextension select $uuid_admin", + "result": "Select $uuid_admin IntraExtension.", + "description": "Select the admin IntraExtension", + "command_options": "" + }, + { + "name": "check_select_admin_ie", + "command": "intraextension show selected", + "result": "$uuid_admin", + "description": "Check the selected admin IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject", + "command": "subject add demo --password nomoresecrete", + "result": "", + "description": "Add demo subject.", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_demo_admin>\\w+)\\s+demo", + "description": "Check that demo subject was added." + }, + { + "name": "add_new_role", + "command": "subject scope add $uuid_subject_category_admin demo_role", + "result": "", + "description": "Add demo_role to demo subject.", + "command_options": "" + }, + { + "name": "check_new_role", + "command": "subject scope list $uuid_subject_category_admin", + "result": "(?P<uuid_subject_scope_demo_role>\\w+)\\s+demo_role", + "description": "Check that demo_role was added." + }, + { + "name": "add_new_assignment", + "command": "subject assignment add $uuid_subject_demo_admin $uuid_subject_category_admin $uuid_subject_scope_demo_role", + "result": "", + "description": "Link the demo subject to the demo_role scope.", + "command_options": "" + }, + { + "name": "check_new_assignment", + "command": "subject assignment list $uuid_subject_demo_admin $uuid_subject_category_admin", + "result": "$uuid_subject_scope_demo_role demo_role", + "description": "Check that assignment was added.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_objects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_objects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_objects\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_objects", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_object_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_assignments\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid_admin", + "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_object_assignments", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" + }, + + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected admin IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject", + "command": "subject add demo --password nomoresecrete", + "result": "", + "description": "Add demo subject.", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_demo_admin>\\w+)\\s+demo", + "description": "Check that admin subject was added." + }, + + { + "name": "demo: check nova command", + "external_command": "nova --os-user-name demo list", + "result": "test_moonclient", + "description": "Check demo cant list nova servers due to the current rules" + }, + { + "name": "demo: try to pause nova instance", + "external_command": "nova --os-user-name demo pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be impossible due to the current rules" + }, + { + "name": "check nova command", + "external_command": "nova --os-user-name demo list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that nova server is still in running state." + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + + { + "auth_name": "demo", + "description": "Change user to demo" + }, + + { + "name": "add_object", + "command": "object add $uuid_server", + "result": "", + "description": "Add the new nova server", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_nova_server>\\w+)\\s+$uuid_server", + "description": "Check that the new nova server was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to nova server", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can now list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be possible now" + }, + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused", + "description": "Check that we can still list nova servers due to the current rules" + }, + { + "name": "reactivate nova instance", + "external_command": "nova unpause $uuid_server", + "result": "^$", + "description": "Unpausing the server for next tests" + }, + + { + "name": "del_assignment", + "command": "object assignment delete $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low", + "result": "^$", + "description": "Delete the assignment 'low' to nova server", + "command_options": "" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_high", + "result": "^$", + "description": "Set the assignment 'high' to nova server", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz", + "result": "$uuid_object_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can now list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be not possible now" + }, + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can still list nova servers due to the current rules" + }, + + + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant demo", + "command_options": "" + }, + { + "name": "nova delete new server", + "external_command": "nova delete $uuid_server", + "result": "", + "description": "Delete the new server" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_root_intraextensions.json b/moonclient/moonclient/tests/tests_root_intraextensions.json new file mode 100644 index 00000000..339136d0 --- /dev/null +++ b/moonclient/moonclient/tests/tests_root_intraextensions.json @@ -0,0 +1,43 @@ +{ + "command_options": "-f value", + "tests_group": { + "main": [ + + { + "name": "list_intraextension", + "command": "intraextension list", + "result": "(?P<uuid_root>\\w+)\\s+policy_root", + "description": "Check the existence of the root intra extension", + "command_options": "-c id -c name -f value" + }, + + { + "name": "select root ie", + "command": "intraextension select $uuid_root", + "result": "Select $uuid_root IntraExtension.", + "description": "Select the root intra extension to work with", + "command_options": "" + }, + { + "name": "check_admin_user", + "command": "subject list", + "result": "admin", + "description": "Check that admin user was added" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "(?P<uuid_submetarule>\\w+)\\s+rbac_rule", + "description": "Check that submetarule was added" + }, + { + "name": "check_rule", + "command": "rule list $uuid_submetarule", + "result": "root_role", + "description": "Check that rules were added" + } + + + ] + } +}
\ No newline at end of file diff --git a/moonclient/setup.py b/moonclient/setup.py index e048bf97..71ea704b 100644 --- a/moonclient/setup.py +++ b/moonclient/setup.py @@ -73,6 +73,7 @@ setup( 'intraextension_list = moonclient.intraextension:IntraExtensionList', 'intraextension_delete = moonclient.intraextension:IntraExtensionDelete', 'intraextension_show = moonclient.intraextension:IntraExtensionShow', + 'intraextension_init = moonclient.intraextension:IntraExtensionInit', 'subject_list = moonclient.subjects:SubjectsList', 'subject_add = moonclient.subjects:SubjectsAdd', |