diff options
31 files changed, 479 insertions, 159 deletions
@@ -2,8 +2,8 @@ Project: Security Management Module (Moon) Project Creation Date: 07 Mai 2015 Project Category: Collaborative Development Lifecycle State: Incubation -Primary Contact: ruan.he@orange.com -Project Lead: ruan.he@orange.com +Primary Contact: thomas.duval@orange.com +Project Lead: thomas.duval@orange.com Jira Project Name: Security Management Module Jira Project Prefix: MOON Mailing list tag: [moon] @@ -11,18 +11,21 @@ IRC: #opnfv-moon Repository: moon Contributors: -ruan.he@orange.com +rebirthmonkey@gmail.com jamil.chawki@orange.com thomas.duval@orange.com loic.lagadec@ensta-bretagne.fr ad5939@att.com marcel.winandy@huawei.com pyegani@juniper.net +jonathan.gourdin@orange.com +rhanafy.ext@orange.com +rfawzy.ext@orange.com +mmagraby.ext@orange.com +francois.cellier@orange.com Committers: -ruan (Linux Foundation ID) ruan.he@orange.com asteroide (Linux Foundation ID) thomas.duval@orange.com: nomination July 3rd 2015 -WuKong (Linux Foundation ID) rebirthmonkey@gmail.com: nomination July 3rd 2015 Link to TSC approval of the project: http://meetbot.opnfv.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-05-12-13.59.html Link(s) to approval of additional committers: diff --git a/moon_authz/Dockerfile b/moon_authz/Dockerfile index fea9555d..c44d7c23 100644 --- a/moon_authz/Dockerfile +++ b/moon_authz/Dockerfile @@ -3,6 +3,8 @@ FROM python:3 ADD . /root WORKDIR /root/ RUN pip3 install -r requirements.txt +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi RUN pip3 install . CMD ["python3", "-m", "moon_authz"]
\ No newline at end of file diff --git a/moon_gui/package.json b/moon_gui/package.json index 599452e4..45157e5e 100644 --- a/moon_gui/package.json +++ b/moon_gui/package.json @@ -50,5 +50,5 @@ "scripts": { "test": "echo \"Error: no test specified\" && exit 1" }, - "license": "ISC" + "license": "Apache-2.0" } diff --git a/moon_interface/Dockerfile b/moon_interface/Dockerfile index f4de15eb..069346c3 100644 --- a/moon_interface/Dockerfile +++ b/moon_interface/Dockerfile @@ -3,6 +3,8 @@ FROM python:3 ADD . /root WORKDIR /root/ RUN pip3 install -r requirements.txt +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi RUN pip3 install . CMD ["python3", "-m", "moon_interface"]
\ No newline at end of file diff --git a/moon_manager/Dockerfile b/moon_manager/Dockerfile index b5eb4e02..630c275b 100644 --- a/moon_manager/Dockerfile +++ b/moon_manager/Dockerfile @@ -3,6 +3,8 @@ FROM python:3 ADD . /root WORKDIR /root/ RUN pip3 install -r requirements.txt +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi RUN pip3 install . CMD ["python3", "-m", "moon_manager"]
\ No newline at end of file diff --git a/moon_manager/MANIFEST.in b/moon_manager/MANIFEST.in index 1f674d50..cf4d2e4e 100644 --- a/moon_manager/MANIFEST.in +++ b/moon_manager/MANIFEST.in @@ -3,7 +3,7 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -include README.rst +include README.md include LICENSE include setup.py include requirements.txt diff --git a/moon_manager/moon_manager/http_server.py b/moon_manager/moon_manager/http_server.py index 128d5b74..a7258a75 100644 --- a/moon_manager/moon_manager/http_server.py +++ b/moon_manager/moon_manager/http_server.py @@ -100,7 +100,7 @@ class Root(Resource): if _method in dir(item): _methods.append(_method) tree[item.__name__]["methods"] = _methods - tree[item.__name__]["description"] = item.__doc__.strip() + tree[item.__name__]["description"] = item.__doc__.strip() if item.__doc__ else "" return { "version": __version__, "tree": tree @@ -147,7 +147,7 @@ class HTTPServer(Server): while True: try: PDPManager.get_pdp(user_id="admin", pdp_id=None) - except sqlalchemy.exc.ProgrammingError: + except (sqlalchemy.exc.ProgrammingError, sqlalchemy.exc.InternalError): time.sleep(1) if first: logger.warning("Waiting for the database...") diff --git a/moon_manager/tests/functional_pod/run_functional_tests.sh b/moon_manager/tests/functional_pod/run_functional_tests.sh index 7a95a491..960e9480 100644 --- a/moon_manager/tests/functional_pod/run_functional_tests.sh +++ b/moon_manager/tests/functional_pod/run_functional_tests.sh @@ -1,4 +1,11 @@ #!/usr/bin/env bash +if [ -d /data/dist ]; +then + pip install /data/dist/*.tar.gz --upgrade + pip install /data/dist/*.whl --upgrade +fi + + cd /data/tests/functional_pod pytest . diff --git a/moon_manager/tests/unit_python/api/import_export_utilities.py b/moon_manager/tests/unit_python/api/import_export_utilities.py index 98586d02..3c921e21 100644 --- a/moon_manager/tests/unit_python/api/import_export_utilities.py +++ b/moon_manager/tests/unit_python/api/import_export_utilities.py @@ -4,7 +4,7 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. import api.utilities as utilities -import api.test_models as test_models +import api.test_unit_models as test_models import api.test_policies as test_policies import api.test_perimeter as test_perimeter import api.meta_data_test as test_categories diff --git a/moon_manager/tests/unit_python/api/test_import.py b/moon_manager/tests/unit_python/api/test_import.py index 4e970a0e..3c45f8a1 100644 --- a/moon_manager/tests/unit_python/api/test_import.py +++ b/moon_manager/tests/unit_python/api/test_import.py @@ -4,7 +4,7 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. import api.utilities as utilities -import api.test_models as test_models +import api.test_unit_models as test_models import api.test_policies as test_policies import api.test_perimeter as test_perimeter import api.meta_data_test as test_categories diff --git a/moon_manager/tests/unit_python/api/test_policies.py b/moon_manager/tests/unit_python/api/test_policies.py index 4d4e387e..40be35e6 100644 --- a/moon_manager/tests/unit_python/api/test_policies.py +++ b/moon_manager/tests/unit_python/api/test_policies.py @@ -1,5 +1,11 @@ +# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + import json import api.utilities as utilities +from uuid import uuid4 def get_policies(client): @@ -45,13 +51,14 @@ def test_get_policies(): def test_add_policies(): client = utilities.register_client() - req, policies = add_policies(client, "testuser") + policy_name = "testuser" + uuid4().hex + req, policies = add_policies(client, policy_name) assert req.status_code == 200 assert isinstance(policies, dict) value = list(policies["policies"].values())[0] assert "policies" in policies - assert value['name'] == "testuser" - assert value["description"] == "description of {}".format("testuser") + assert value['name'] == policy_name + assert value["description"] == "description of {}".format(policy_name) assert value["model_id"] == "modelId" assert value["genre"] == "genre" diff --git a/moon_manager/tests/unit_python/api/test_models.py b/moon_manager/tests/unit_python/api/test_unit_models.py index 3c205d1d..6f97b1ae 100644 --- a/moon_manager/tests/unit_python/api/test_models.py +++ b/moon_manager/tests/unit_python/api/test_unit_models.py @@ -1,3 +1,8 @@ +# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + import json import api.utilities as utilities @@ -34,6 +39,14 @@ def delete_models_without_id(client): return req +def clean_models(): + client = utilities.register_client() + req, models= get_models(client) + for key, value in models['models'].items(): + print(key) + print(value) + client.delete("/models/{}".format(key)) + def test_get_models(): client = utilities.register_client() req, models= get_models(client) @@ -43,6 +56,7 @@ def test_get_models(): def test_add_models(): + clean_models() client = utilities.register_client() req, models = add_models(client, "testuser") assert req.status_code == 200 diff --git a/moon_orchestrator/Dockerfile b/moon_orchestrator/Dockerfile index e9f83094..4d75d6d7 100644 --- a/moon_orchestrator/Dockerfile +++ b/moon_orchestrator/Dockerfile @@ -3,6 +3,8 @@ FROM python:3 ADD . /root WORKDIR /root/ RUN pip3 install -r requirements.txt +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi RUN pip3 install . CMD ["python3", "-m", "moon_orchestrator"]
\ No newline at end of file diff --git a/moon_wrapper/Dockerfile b/moon_wrapper/Dockerfile index 77ffaee9..00aeb3f1 100644 --- a/moon_wrapper/Dockerfile +++ b/moon_wrapper/Dockerfile @@ -3,6 +3,8 @@ FROM python:3 ADD . /root WORKDIR /root/ RUN pip3 install -r requirements.txt +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi +RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi RUN pip3 install . CMD ["python3", "-m", "moon_wrapper"] diff --git a/python_moondb/Changelog b/python_moondb/Changelog index 44ae7fa8..19cd0ac0 100644 --- a/python_moondb/Changelog +++ b/python_moondb/Changelog @@ -65,3 +65,7 @@ CHANGES 1.2.7 ----- - Fix some bugs + +1.2.8 +----- +- Add unique constraints on db tables diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py index bebaca8a..b266a9d4 100644 --- a/python_moondb/python_moondb/__init__.py +++ b/python_moondb/python_moondb/__init__.py @@ -3,5 +3,5 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.2.7" +__version__ = "1.2.8" diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py index bd475365..57857cd2 100644 --- a/python_moondb/python_moondb/api/model.py +++ b/python_moondb/python_moondb/api/model.py @@ -58,9 +58,6 @@ class ModelManager(Managers): def add_meta_rule(self, user_id, meta_rule_id=None, value=None): if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleExisting - if not meta_rule_id: - meta_rule_id = uuid4().hex - logger.info("add_meta_rule {}".format(value)) return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) @enforce(("read", "write"), "meta_rules") @@ -78,8 +75,6 @@ class ModelManager(Managers): def add_subject_category(self, user_id, category_id=None, value=None): if category_id in self.driver.get_subject_categories(category_id=category_id): raise exceptions.SubjectCategoryExisting - # if not category_id: - # category_id = uuid4().hex return self.driver.add_subject_category(name=value["name"], description=value["description"], uuid=category_id) @enforce(("read", "write"), "meta_data") @@ -98,8 +93,6 @@ class ModelManager(Managers): def add_object_category(self, user_id, category_id=None, value=None): if category_id in self.driver.get_object_categories(category_id=category_id): raise exceptions.ObjectCategoryExisting - # if not category_id: - # category_id = uuid4().hex return self.driver.add_object_category(name=value["name"], description=value["description"], uuid=category_id) @enforce(("read", "write"), "meta_data") @@ -118,8 +111,6 @@ class ModelManager(Managers): def add_action_category(self, user_id, category_id=None, value=None): if category_id in self.driver.get_action_categories(category_id=category_id): raise exceptions.ActionCategoryExisting - # if not category_id: - # category_id = uuid4().hex return self.driver.add_action_category(name=value["name"], description=value["description"], uuid=category_id) @enforce(("read", "write"), "meta_data") diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index cde3ab77..9e7ad96c 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -115,8 +115,6 @@ class PolicyManager(Managers): logger.info("add_action {}".format(policy_id)) if not self.get_policies(user_id=user_id, policy_id=policy_id): raise exceptions.PolicyUnknown - if not perimeter_id: - perimeter_id = uuid4().hex return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) @enforce(("read", "write"), "perimeter") diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py index c0670951..a838a854 100644 --- a/python_moondb/python_moondb/backends/sql.py +++ b/python_moondb/python_moondb/backends/sql.py @@ -16,6 +16,7 @@ from sqlalchemy import types as sql_types from python_moonutilities import configuration from python_moonutilities.exceptions import * from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver +import sqlalchemy logger = logging.getLogger("moon.db.driver.sql") Base = declarative_base() @@ -61,13 +62,14 @@ class JsonBlob(sql_types.TypeDecorator): class Model(Base, DictBase): __tablename__ = 'models' - attributes = ['id', 'value'] + attributes = ['id', 'name', 'value'] id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) value = sql.Column(JsonBlob(), nullable=True) def to_dict(self): return { - "name": self.value.get("name"), + "name": self.name, "description": self.value.get("description", ""), "meta_rules": self.value.get("meta_rules", list()), } @@ -75,30 +77,34 @@ class Model(Base, DictBase): class Policy(Base, DictBase): __tablename__ = 'policies' - attributes = ['id', 'value'] + attributes = ['id', 'name', 'model_id', 'value'] id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + model_id = sql.Column(sql.String(64), nullable=True, default="") value = sql.Column(JsonBlob(), nullable=True) def to_dict(self): return { - "name": self.value.get("name"), "description": self.value.get("description", ""), - "model_id": self.value.get("model_id", ""), "genre": self.value.get("genre", ""), + "model_id": self.model_id, + "name": self.name } class PDP(Base, DictBase): __tablename__ = 'pdp' - attributes = ['id', 'value'] + attributes = ['id', 'name', 'keystone_project_id', 'value'] id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + keystone_project_id = sql.Column(sql.String(64), nullable=True, default="") value = sql.Column(JsonBlob(), nullable=True) def to_dict(self): return { - "name": self.value.get("name"), + "name": self.name, "description": self.value.get("description", ""), - "keystone_project_id": self.value.get("keystone_project_id", ""), + "keystone_project_id": self.keystone_project_id, "security_pipeline": self.value.get("security_pipeline", []), } @@ -123,17 +129,18 @@ class ActionCategory(Base, PerimeterCategoryBase): class PerimeterBase(DictBase): - attributes = ['id', 'value'] + attributes = ['id', 'name', 'value'] id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) value = sql.Column(JsonBlob(), nullable=True) __mapper_args__ = {'concrete': True} def __repr__(self): - return "{}: {}".format(self.id, json.dumps(self.value)) + return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value)) def to_return(self): return { 'id': self.id, - 'name': self.value.get("name", ""), + 'name': self.name, 'description': self.value.get("description", ""), 'email': self.value.get("email", ""), 'extra': self.value.get("extra", dict()), @@ -141,12 +148,13 @@ class PerimeterBase(DictBase): } def to_dict(self): + dict_value = copy.deepcopy(self.value) + dict_value["name"] = self.name return { 'id': self.id, - 'value': self.value + 'value': dict_value } - class Subject(Base, PerimeterBase): __tablename__ = 'subjects' @@ -160,8 +168,9 @@ class Action(Base, PerimeterBase): class PerimeterDataBase(DictBase): - attributes = ['id', 'value', 'category_id', 'policy_id'] + attributes = ['id', 'name', 'value', 'category_id', 'policy_id'] id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) value = sql.Column(JsonBlob(), nullable=True) @declared_attr def policy_id(cls): @@ -170,7 +179,7 @@ class PerimeterDataBase(DictBase): def to_dict(self): return { 'id': self.id, - 'name': self.value.get("name", ""), + 'name': self.name, 'description': self.value.get("description", ""), 'category_id': self.category_id, 'policy_id': self.policy_id @@ -243,17 +252,21 @@ class ActionAssignment(Base, PerimeterAssignmentBase): class MetaRule(Base, DictBase): __tablename__ = 'meta_rules' - attributes = ['id', 'value'] + attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', 'value'] id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + subject_categories = sql.Column(JsonBlob(), nullable=True) + object_categories = sql.Column(JsonBlob(), nullable=True) + action_categories = sql.Column(JsonBlob(), nullable=True) value = sql.Column(JsonBlob(), nullable=True) def to_dict(self): return { - "name": self.value["name"], + "name": self.name, "description": self.value.get("description", ""), - "subject_categories": self.value.get("subject_categories", list()), - "object_categories": self.value.get("object_categories", list()), - "action_categories": self.value.get("action_categories", list()), + "subject_categories": self.subject_categories, + "object_categories": self.object_categories, + "action_categories": self.action_categories, } @@ -323,15 +336,23 @@ class BaseConnector(object): class PDPConnector(BaseConnector, PDPDriver): def update_pdp(self, pdp_id, value): - with self.get_session_for_write() as session: - query = session.query(PDP) - query = query.filter_by(id=pdp_id) - ref = query.first() - if ref: - d = dict(ref.value) - d.update(value) - setattr(ref, "value", d) - return {ref.id: ref.to_dict()} + try: + with self.get_session_for_write() as session: + query = session.query(PDP) + query = query.filter_by(id=pdp_id) + ref = query.first() + if ref: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + value_wo_name.pop("keystone_project_id", None) + ref.name = value["name"] + ref.keystone_project_id = value["keystone_project_id"] + d = dict(ref.value) + d.update(value_wo_name) + setattr(ref, "value", d) + return {ref.id: ref.to_dict()} + except sqlalchemy.exc.IntegrityError: + raise PdpExisting def delete_pdp(self, pdp_id): with self.get_session_for_write() as session: @@ -339,13 +360,21 @@ class PDPConnector(BaseConnector, PDPDriver): session.delete(ref) def add_pdp(self, pdp_id=None, value=None): - with self.get_session_for_write() as session: - new = PDP.from_dict({ - "id": pdp_id if pdp_id else uuid4().hex, - "value": value - }) - session.add(new) - return {new.id: new.to_dict()} + try: + with self.get_session_for_write() as session: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + value_wo_name.pop("keystone_project_id", None) + new = PDP.from_dict({ + "id": pdp_id if pdp_id else uuid4().hex, + "name": value["name"], + "keystone_project_id": value["keystone_project_id"], + "value": value_wo_name + }) + session.add(new) + return {new.id: new.to_dict()} + except sqlalchemy.exc.IntegrityError: + raise PdpExisting def get_pdp(self, pdp_id=None): with self.get_session_for_read() as session: @@ -364,8 +393,13 @@ class PolicyConnector(BaseConnector, PolicyDriver): query = query.filter_by(id=policy_id) ref = query.first() if ref: + value_wo_other_info = copy.deepcopy(value) + value_wo_other_info.pop("name", None) + value_wo_other_info.pop("model_id", None) + ref.name = value["name"] + ref.model_id= value["model_id"] d = dict(ref.value) - d.update(value) + d.update(value_wo_other_info) setattr(ref, "value", d) return {ref.id: ref.to_dict()} @@ -376,9 +410,14 @@ class PolicyConnector(BaseConnector, PolicyDriver): def add_policy(self, policy_id=None, value=None): with self.get_session_for_write() as session: + value_wo_other_info = copy.deepcopy(value) + value_wo_other_info.pop("name", None) + value_wo_other_info.pop("model_id", None) new = Policy.from_dict({ "id": policy_id if policy_id else uuid4().hex, - "value": value + "name": value["name"], + "model_id": value["model_id"], + "value": value_wo_other_info }) session.add(new) return {new.id: new.to_dict()} @@ -412,21 +451,26 @@ class PolicyConnector(BaseConnector, PolicyDriver): return {_ref.id: _ref.to_return() for _ref in results} return {_ref.id: _ref.to_return() for _ref in ref_list} - def __set_perimeter(self, ClassType, policy_id, perimeter_id=None, value=None): + def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, value=None): _perimeter = None with self.get_session_for_write() as session: if perimeter_id: query = session.query(ClassType) query = query.filter_by(id=perimeter_id) _perimeter = query.first() + logger.info("+++++++++++++ {}".format(_perimeter)) if not _perimeter: if "policy_list" not in value or type(value["policy_list"]) is not list: value["policy_list"] = [] if policy_id and policy_id not in value["policy_list"]: value["policy_list"] = [policy_id, ] + + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name",None) new = ClassType.from_dict({ - "id": perimeter_id if perimeter_id else uuid4().hex, - "value": value + "id": uuid4().hex, + "name": value["name"], + "value": value_wo_name }) session.add(new) return {new.id: new.to_return()} @@ -436,9 +480,19 @@ class PolicyConnector(BaseConnector, PolicyDriver): _value["value"]["policy_list"] = [] if policy_id and policy_id not in _value["value"]["policy_list"]: _value["value"]["policy_list"].append(policy_id) - new_perimeter = ClassType.from_dict(_value) - # setattr(_subject, "value", _value["value"]) - setattr(_perimeter, "value", getattr(new_perimeter, "value")) + logger.info("-------------_value- {}".format(_value)) + + name = _value["value"]["name"] + _value["value"].pop("name") + new_perimeter = ClassType.from_dict({ + "id": _value["id"], + "name": name, + "value": _value["value"] + }) + logger.info("-------------- new {}".format(new_perimeter)) + logger.info("-------------- old {}".format(_perimeter)) + _perimeter.value = new_perimeter.value + _perimeter.name = new_perimeter.name return {_perimeter.id: _perimeter.to_return()} def __delete_perimeter(self,ClassType, ClassUnknownException, policy_id, perimeter_id): @@ -462,7 +516,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): return self.__get_perimeters(Subject, policy_id, perimeter_id) def set_subject(self, policy_id, perimeter_id=None, value=None): - return self.__set_perimeter(Subject, policy_id, perimeter_id=perimeter_id, value=value) + try: + return self.__set_perimeter(Subject, SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError: + raise SubjectExisting def delete_subject(self, policy_id, perimeter_id): self.__delete_perimeter(Subject, SubjectUnknown, policy_id, perimeter_id) @@ -471,7 +528,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): return self.__get_perimeters(Object, policy_id, perimeter_id) def set_object(self, policy_id, perimeter_id=None, value=None): - return self.__set_perimeter(Object, policy_id, perimeter_id=perimeter_id, value=value) + try: + return self.__set_perimeter(Object, ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError: + raise ObjectExisting def delete_object(self, policy_id, perimeter_id): self.__delete_perimeter(Object, ObjectUnknown, policy_id, perimeter_id) @@ -480,7 +540,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): return self.__get_perimeters(Action, policy_id, perimeter_id) def set_action(self, policy_id, perimeter_id=None, value=None): - return self.__set_perimeter(Action, policy_id, perimeter_id=perimeter_id, value=value) + try: + return self.__set_perimeter(Action, ActionExisting, policy_id, perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError: + raise ActionExisting def delete_action(self, policy_id, perimeter_id): self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id) @@ -507,10 +570,13 @@ class PolicyConnector(BaseConnector, PolicyDriver): query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) ref = query.first() if not ref: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) new_ref = ClassTypeData.from_dict( { "id": data_id if data_id else uuid4().hex, - 'value': value, + 'name': value["name"], + 'value': value_wo_name, 'category_id': category_id, 'policy_id': policy_id, } @@ -540,7 +606,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None): - return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value) + try: + return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError: + raise SubjectScopeExisting def delete_subject_data(self, policy_id, data_id): return self.__delete_perimeter_data(SubjectData, policy_id, data_id) @@ -549,7 +618,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) def set_object_data(self, policy_id, data_id=None, category_id=None, value=None): - return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value) + try: + return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError: + raise ObjectScopeExisting def delete_object_data(self, policy_id, data_id): return self.__delete_perimeter_data(ObjectData, policy_id, data_id) @@ -558,7 +630,10 @@ class PolicyConnector(BaseConnector, PolicyDriver): return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id) def set_action_data(self, policy_id, data_id=None, category_id=None, value=None): - return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value) + try: + return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError: + raise ActionScopeExisting def delete_action_data(self, policy_id, data_id): return self.__delete_perimeter_data(ActionData, policy_id, data_id) @@ -587,6 +662,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): if data_id not in assignments: assignments.append(data_id) setattr(ref, "assignments", assignments) + else: + raise SubjectAssignmentExisting else: ref = SubjectAssignment.from_dict( { @@ -640,6 +717,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): if data_id not in assignments: assignments.append(data_id) setattr(ref, "assignments", assignments) + else: + raise ObjectAssignmentExisting else: ref = ObjectAssignment.from_dict( { @@ -693,6 +772,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): if data_id not in assignments: assignments.append(data_id) setattr(ref, "assignments", assignments) + else: + raise ActionAssignmentExisting else: ref = ActionAssignment.from_dict( { @@ -746,13 +827,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): } def add_rule(self, policy_id, meta_rule_id, value): - with self.get_session_for_write() as session: - query = session.query(Rule) - query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id) - ref_list = query.all() - rules = list(map(lambda x: x.rule, ref_list)) - if not rules or value not in rules: - logger.info("add_rule IN IF") + try: + with self.get_session_for_write() as session: ref = Rule.from_dict( { "id": uuid4().hex, @@ -763,7 +839,8 @@ class PolicyConnector(BaseConnector, PolicyDriver): ) session.add(ref) return {ref.id: ref.to_dict()} - return {} + except sqlalchemy.exc.IntegrityError: + raise RuleExisting def delete_rule(self, policy_id, rule_id): with self.get_session_for_write() as session: @@ -783,8 +860,11 @@ class ModelConnector(BaseConnector, ModelDriver): query = query.filter_by(id=model_id) ref = query.first() if ref: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + setattr(ref, "name", value["name"]) d = dict(ref.value) - d.update(value) + d.update(value_wo_name) setattr(ref, "value", d) return {ref.id: ref.to_dict()} @@ -794,13 +874,19 @@ class ModelConnector(BaseConnector, ModelDriver): session.delete(ref) def add_model(self, model_id=None, value=None): - with self.get_session_for_write() as session: - new = Model.from_dict({ - "id": model_id if model_id else uuid4().hex, - "value": value - }) - session.add(new) - return {new.id: new.to_dict()} + try: + with self.get_session_for_write() as session: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + new = Model.from_dict({ + "id": model_id if model_id else uuid4().hex, + "name": value["name"], + "value": value_wo_name + }) + session.add(new) + return {new.id: new.to_dict()} + except sqlalchemy.exc.IntegrityError as e: + raise ModelExisting def get_models(self, model_id=None): with self.get_session_for_read() as session: @@ -809,23 +895,41 @@ class ModelConnector(BaseConnector, ModelDriver): ref_list = query.filter(Model.id == model_id) else: ref_list = query.all() - return {_ref.id: _ref.to_dict() for _ref in ref_list} + + r = {_ref.id: _ref.to_dict() for _ref in ref_list} + return r def set_meta_rule(self, meta_rule_id, value): with self.get_session_for_write() as session: - query = session.query(MetaRule) - query = query.filter_by(id=meta_rule_id) - ref = query.first() - if not ref: - ref = MetaRule.from_dict( - { - "id": meta_rule_id if meta_rule_id else uuid4().hex, - "value": value - } - ) - session.add(ref) + value_wo_other_data = copy.deepcopy(value) + value_wo_other_data.pop("name", None) + value_wo_other_data.pop("subject_categories", None) + value_wo_other_data.pop("object_categories", None) + value_wo_other_data.pop("action_categories", None) + if meta_rule_id is None: + try: + ref = MetaRule.from_dict( + { + "id": uuid4().hex, + "name": value["name"], + "subject_categories": value["subject_categories"], + "object_categories": value["object_categories"], + "action_categories": value["action_categories"], + "value": value_wo_other_data + } + ) + session.add(ref) + except sqlalchemy.exc.IntegrityError as e: + raise MetaRuleExisting else: - setattr(ref, "value", value) + query = session.query(MetaRule) + query = query.filter_by(id=meta_rule_id) + ref = query.first() + setattr(ref, "name", value["name"]) + setattr(ref, "subject_categories", value["subject_categories"]) + setattr(ref, "object_categories", value["object_categories"]) + setattr(ref, "action_categories", value["action_categories"]) + setattr(ref, "value", value_wo_other_data) return {ref.id: ref.to_dict()} def get_meta_rules(self, meta_rule_id=None): @@ -854,18 +958,14 @@ class ModelConnector(BaseConnector, ModelDriver): def __add_perimeter_category(self, ClassType, name, description, uuid=None): with self.get_session_for_write() as session: - query = session.query(ClassType) - query = query.filter_by(name=name) - ref = query.first() - if not ref: - ref = ClassType.from_dict( - { - "id": uuid if uuid else uuid4().hex, - "name": name, - "description": description - } - ) - session.add(ref) + ref = ClassType.from_dict( + { + "id": uuid if uuid else uuid4().hex, + "name": name, + "description": description + } + ) + session.add(ref) return {ref.id: ref.to_dict()} def __delete_perimeter_category(self, ClassType, category_id): @@ -880,7 +980,10 @@ class ModelConnector(BaseConnector, ModelDriver): return self.__get_perimeter_categories(SubjectCategory, category_id=category_id) def add_subject_category(self, name, description, uuid=None): - return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid) + try: + return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid) + except sql.exc.IntegrityError as e: + raise SubjectCategoryExisting() def delete_subject_category(self, category_id): self.__delete_perimeter_category(SubjectCategory, category_id) @@ -889,16 +992,23 @@ class ModelConnector(BaseConnector, ModelDriver): return self.__get_perimeter_categories(ObjectCategory, category_id=category_id) def add_object_category(self, name, description, uuid=None): - return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid) + try: + return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid) + except sql.exc.IntegrityError as e: + raise ObjectCategoryExisting() def delete_object_category(self, category_id): self.__delete_perimeter_category(ObjectCategory, category_id) def get_action_categories(self, category_id=None): + return self.__get_perimeter_categories(ActionCategory, category_id=category_id) def add_action_category(self, name, description, uuid=None): - return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid) + try: + return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid) + except sql.exc.IntegrityError as e: + raise ActionCategoryExisting() def delete_action_category(self, category_id): self.__delete_perimeter_category(ActionCategory, category_id) diff --git a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py index 2cc36140..f69d708d 100644 --- a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py +++ b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py @@ -14,7 +14,10 @@ def upgrade(migrate_engine): 'pdp', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""), sql.Column('value', sql.Text(), nullable=True), + sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'), mysql_engine='InnoDB', mysql_charset='utf8') table.create(migrate_engine, checkfirst=True) @@ -23,7 +26,10 @@ def upgrade(migrate_engine): 'policies', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('model_id', sql.String(64), nullable=True, default=""), sql.Column('value', sql.Text(), nullable=True), + sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'), mysql_engine='InnoDB', mysql_charset='utf8') table.create(migrate_engine, checkfirst=True) @@ -32,7 +38,9 @@ def upgrade(migrate_engine): 'models', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), sql.Column('value', sql.Text(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_models'), mysql_engine='InnoDB', mysql_charset='utf8') table.create(migrate_engine, checkfirst=True) @@ -43,6 +51,8 @@ def upgrade(migrate_engine): sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), sql.Column('description', sql.String(256), nullable=True), + + sql.UniqueConstraint('name', name='unique_constraint_subject_categories'), mysql_engine='InnoDB', mysql_charset='utf8') subject_categories_table.create(migrate_engine, checkfirst=True) @@ -53,6 +63,8 @@ def upgrade(migrate_engine): sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), sql.Column('description', sql.String(256), nullable=True), + + sql.UniqueConstraint('name', name='unique_constraint_object_categories'), mysql_engine='InnoDB', mysql_charset='utf8') object_categories_table.create(migrate_engine, checkfirst=True) @@ -63,6 +75,8 @@ def upgrade(migrate_engine): sql.Column('id', sql.String(64), primary_key=True), sql.Column('name', sql.String(256), nullable=False), sql.Column('description', sql.String(256), nullable=True), + + sql.UniqueConstraint('name', name='unique_constraint_action_categories'), mysql_engine='InnoDB', mysql_charset='utf8') action_categories_table.create(migrate_engine, checkfirst=True) @@ -71,7 +85,9 @@ def upgrade(migrate_engine): 'subjects', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), sql.Column('value', sql.Text(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_subjects'), mysql_engine='InnoDB', mysql_charset='utf8') subjects_table.create(migrate_engine, checkfirst=True) @@ -80,7 +96,9 @@ def upgrade(migrate_engine): 'objects', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), sql.Column('value', sql.Text(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_objects'), mysql_engine='InnoDB', mysql_charset='utf8') objects_table.create(migrate_engine, checkfirst=True) @@ -89,7 +107,9 @@ def upgrade(migrate_engine): 'actions', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), sql.Column('value', sql.Text(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_actions'), mysql_engine='InnoDB', mysql_charset='utf8') actions_table.create(migrate_engine, checkfirst=True) @@ -98,9 +118,11 @@ def upgrade(migrate_engine): 'subject_data', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), sql.Column('value', sql.Text(), nullable=True), sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_subject_data'), mysql_engine='InnoDB', mysql_charset='utf8') subject_data_table.create(migrate_engine, checkfirst=True) @@ -109,9 +131,11 @@ def upgrade(migrate_engine): 'object_data', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), sql.Column('value', sql.Text(), nullable=True), sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_object_data'), mysql_engine='InnoDB', mysql_charset='utf8') object_data_table.create(migrate_engine, checkfirst=True) @@ -120,9 +144,11 @@ def upgrade(migrate_engine): 'action_data', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), sql.Column('value', sql.Text(), nullable=True), sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_action_data'), mysql_engine='InnoDB', mysql_charset='utf8') action_data_table.create(migrate_engine, checkfirst=True) @@ -135,6 +161,7 @@ def upgrade(migrate_engine): sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), + sql.UniqueConstraint('policy_id', 'subject_id', 'category_id', name='unique_constraint_subject_assignment'), mysql_engine='InnoDB', mysql_charset='utf8') subject_assignments_table.create(migrate_engine, checkfirst=True) @@ -147,6 +174,7 @@ def upgrade(migrate_engine): sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), + sql.UniqueConstraint('policy_id', 'object_id', 'category_id', name='unique_constraint_object_assignment'), mysql_engine='InnoDB', mysql_charset='utf8') object_assignments_table.create(migrate_engine, checkfirst=True) @@ -159,6 +187,7 @@ def upgrade(migrate_engine): sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False), sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), + sql.UniqueConstraint('policy_id', 'action_id', 'category_id', name='unique_constraint_action_assignment'), mysql_engine='InnoDB', mysql_charset='utf8') action_assignments_table.create(migrate_engine, checkfirst=True) @@ -167,7 +196,13 @@ def upgrade(migrate_engine): 'meta_rules', meta, sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('subject_categories', sql.Text(), nullable=False), + sql.Column('object_categories', sql.Text(), nullable=False), + sql.Column('action_categories', sql.Text(), nullable=False), sql.Column('value', sql.Text(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'), + sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'), mysql_engine='InnoDB', mysql_charset='utf8') meta_rules_table.create(migrate_engine, checkfirst=True) @@ -179,6 +214,7 @@ def upgrade(migrate_engine): sql.Column('rule', sql.Text(), nullable=True), sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False), + sql.UniqueConstraint('rule', 'policy_id', 'meta_rule_id', name='unique_constraint_rule'), mysql_engine='InnoDB', mysql_charset='utf8') rules_table.create(migrate_engine, checkfirst=True) diff --git a/python_moondb/tests/unit_python/models/test_categories.py b/python_moondb/tests/unit_python/models/test_categories.py new file mode 100644 index 00000000..111538b4 --- /dev/null +++ b/python_moondb/tests/unit_python/models/test_categories.py @@ -0,0 +1,44 @@ +import pytest +import logging +from python_moonutilities.exceptions import * + +logger = logging.getLogger("moon.db.tests.models.test_categories") + + +def add_subject_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_subject_category(user_id=None, category_id=cat_id, value=value) + return category + + +def test_add_subject_category_twice(): + category = add_subject_category(value={"name":"category name", "description":"description 1"}) + assert category is not None + with pytest.raises(SubjectCategoryExisting): + add_subject_category(value={"name":"category name", "description":"description 2"}) + + +def add_object_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_object_category(user_id=None, category_id=cat_id, value=value) + return category + + +def test_add_object_category_twice(): + category = add_object_category(value={"name":"category name", "description":"description 1"}) + assert category is not None + with pytest.raises(ObjectCategoryExisting): + add_object_category(value={"name":"category name", "description":"description 2"}) + + +def add_action_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_action_category(user_id=None, category_id=cat_id, value=value) + return category + + +def test_add_action_category_twice(): + category = add_action_category(value={"name":"category name", "description":"description 1"}) + assert category is not None + with pytest.raises(ActionCategoryExisting): + add_action_category(value={"name":"category name", "description":"description 2"}) diff --git a/python_moondb/tests/unit_python/models/test_meta_rules.py b/python_moondb/tests/unit_python/models/test_meta_rules.py index d8b61365..585274d9 100644 --- a/python_moondb/tests/unit_python/models/test_meta_rules.py +++ b/python_moondb/tests/unit_python/models/test_meta_rules.py @@ -127,7 +127,6 @@ def test_get_meta_rule_success(db): def test_get_specific_meta_rule_success(db): # arrange - add_meta_rule() added_meta_rules = add_meta_rule() added_meta_rule_id = list(added_meta_rules.keys())[0] # action diff --git a/python_moondb/tests/unit_python/models/test_models.py b/python_moondb/tests/unit_python/models/test_models.py index e56fea6b..54c45e77 100644 --- a/python_moondb/tests/unit_python/models/test_models.py +++ b/python_moondb/tests/unit_python/models/test_models.py @@ -1,5 +1,7 @@ import pytest - +from python_moonutilities.exceptions import * +import logging +logger = logging.getLogger("moon.db.tests.test_model") def get_models(model_id=None): from python_moondb.core import ModelManager @@ -9,8 +11,9 @@ def get_models(model_id=None): def add_model(model_id=None, value=None): from python_moondb.core import ModelManager if not value: + name = "MLS" if model_id is None else "MLS " + model_id value = { - "name": "MLS", + "name": name, "description": "test", "meta_rules": "meta_rule_mls_1" } @@ -27,6 +30,14 @@ def delete_models(uuid=None, name=None): ModelManager.delete_model(user_id=None, model_id=uuid) +def delete_all_models(): + from python_moondb.core import ModelManager + models_values = get_models() + print(models_values) + for model_id, model_value in models_values.items(): + ModelManager.delete_model(user_id=None, model_id=model_id) + + def update_model(model_id=None, value=None): from python_moondb.core import ModelManager return ModelManager.update_model(user_id=None, model_id=model_id, value=value) @@ -49,7 +60,7 @@ def test_get_model(db): assert isinstance(models, dict) assert models # assert model is not empty assert len(models) is 1 - + delete_all_models() def test_get_specific_model(db): # prepare @@ -61,7 +72,7 @@ def test_get_specific_model(db): assert isinstance(models, dict) assert models # assert model is not empty assert len(models) is 1 - + delete_all_models() def test_add_model(db): # act @@ -70,15 +81,17 @@ def test_add_model(db): assert isinstance(model, dict) assert model # assert model is not empty assert len(model) is 1 + delete_all_models() def test_add_same_model_twice(db): # prepare add_model(model_id="model_1") # add model twice # act - with pytest.raises(Exception) as exception_info: + with pytest.raises(ModelExisting) as exception_info: add_model(model_id="model_1") - assert str(exception_info.value) == '409: Model Error' + delete_all_models() + #assert str(exception_info.value) == '409: Model Error' def test_add_model_generate_new_uuid(db): @@ -97,6 +110,7 @@ def test_add_model_generate_new_uuid(db): model2 = add_model(value=model_value2) assert list(model1)[0] != list(model2)[0] + delete_all_models() def test_add_models(db): @@ -113,6 +127,7 @@ def test_add_models(db): for key in ("name", "meta_rules", "description"): assert key in models[model_id] assert models[model_id][key] == model_value1[key] + delete_all_models() def test_delete_models(db): @@ -135,6 +150,7 @@ def test_delete_models(db): # assert models = get_models() assert id not in models + delete_all_models() def test_update_model(db): @@ -147,7 +163,7 @@ def test_update_model(db): model = add_model(value=model_value) model_id = list(model)[0] new_model_value = { - "name": "MLS", + "name": "MLS2", "description": "test", "meta_rules": "meta_rule_mls_2" } @@ -158,4 +174,5 @@ def test_update_model(db): for key in ("name", "meta_rules", "description"): assert key in model[model_id] - assert model[model_id][key] == new_model_value[key]
\ No newline at end of file + assert model[model_id][key] == new_model_value[key] + delete_all_models()
\ No newline at end of file diff --git a/python_moondb/tests/unit_python/policies/mock_data.py b/python_moondb/tests/unit_python/policies/mock_data.py index 23eeef64..3e9bea93 100644 --- a/python_moondb/tests/unit_python/policies/mock_data.py +++ b/python_moondb/tests/unit_python/policies/mock_data.py @@ -1,18 +1,18 @@ -def create_meta_rule(): +def create_meta_rule(meta_rule_name="meta_rule1", category_prefix=""): meta_rule_value = { - "name": "meta_rule1", + "name": meta_rule_name, "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] + "subject_categories": [category_prefix + "subject_category_id1", + category_prefix + "subject_category_id2"], + "object_categories": [category_prefix +"object_category_id1"], + "action_categories": [category_prefix +"action_category_id1"] } return meta_rule_value -def create_model(meta_rule_id): +def create_model(meta_rule_id, model_name="test_model"): value = { - "name": "test_model", + "name": model_name, "description": "test", "meta_rules": [meta_rule_id] @@ -20,9 +20,9 @@ def create_model(meta_rule_id): return value -def create_policy(model_id): +def create_policy(model_id, policy_name="policy_1"): value = { - "name": "policy_1", + "name": policy_name, "model_id": model_id, "genre": "authz", "description": "test", @@ -40,15 +40,15 @@ def create_pdp(pdp_ids): return value -def get_policy_id(): +def get_policy_id(model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1", category_prefix=""): import policies.test_policies as test_policies import models.test_models as test_models import models.test_meta_rules as test_meta_rules - meta_rule = test_meta_rules.add_meta_rule(value=create_meta_rule()) + meta_rule = test_meta_rules.add_meta_rule(value=create_meta_rule(meta_rule_name, category_prefix)) meta_rule_id = list(meta_rule.keys())[0] - model = test_models.add_model(value=create_model(meta_rule_id)) + model = test_models.add_model(value=create_model(meta_rule_id, model_name)) model_id = list(model.keys())[0] - value = create_policy(model_id) + value = create_policy(model_id, policy_name) policy = test_policies.add_policies(value=value) assert policy policy_id = list(policy.keys())[0] diff --git a/python_moondb/tests/unit_python/policies/test_assignments.py b/python_moondb/tests/unit_python/policies/test_assignments.py index 707632b0..1ca140e6 100755 --- a/python_moondb/tests/unit_python/policies/test_assignments.py +++ b/python_moondb/tests/unit_python/policies/test_assignments.py @@ -1,5 +1,6 @@ import policies.mock_data as mock_data - +from python_moonutilities.exceptions import * +import pytest def get_action_assignments(policy_id, action_id=None, category_id=None): from python_moondb.core import PolicyManager @@ -93,11 +94,13 @@ def test_add_action_assignments(db): assert len(action_assignments[action_id_1].get("assignments")) == 1 assert data_id in action_assignments[action_id_1].get("assignments") + with pytest.raises(ActionAssignmentExisting) as exception_info: + add_action_assignment(policy_id, action_id, category_id, data_id) def test_delete_action_assignment(db): policy_id = mock_data.get_policy_id() add_action_assignment(policy_id, "", "", "") - policy_id = mock_data.get_policy_id() + policy_id = mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_") action_id = "action_id_2" category_id = "category_id_2" data_id = "data_id_2" @@ -161,6 +164,9 @@ def test_add_object_assignments(db): assert len(object_assignments[object_id_1].get("assignments")) == 1 assert data_id in object_assignments[object_id_1].get("assignments") + with pytest.raises(ObjectAssignmentExisting): + add_object_assignment(policy_id, object_id, category_id, data_id) + def test_delete_object_assignment(db): policy_id = mock_data.get_policy_id() @@ -228,6 +234,9 @@ def test_add_subject_assignments(db): assert len(subject_assignments[subject_id_1].get("assignments")) == 1 assert data_id in subject_assignments[subject_id_1].get("assignments") + with pytest.raises(SubjectAssignmentExisting): + add_subject_assignment(policy_id, subject_id, category_id, data_id) + def test_delete_subject_assignment(db): policy_id = mock_data.get_policy_id() diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py index 67fa44fb..6a57130e 100755 --- a/python_moondb/tests/unit_python/policies/test_data.py +++ b/python_moondb/tests/unit_python/policies/test_data.py @@ -1,5 +1,9 @@ import policies.mock_data as mock_data import pytest +import logging +from python_moonutilities.exceptions import * + +logger = logging.getLogger("python_moondb.tests.api.test_data") def get_action_data(policy_id, data_id=None, category_id=None): @@ -142,6 +146,9 @@ def test_add_action_data(db): action_data_id = list(action_data.keys())[0] assert action_data[action_data_id].get('policy_id') == policy_id + with pytest.raises(ActionScopeExisting) as exception_info: + add_action_data(policy_id, category_id=category_id, value=value).get('data') + def test_add_action_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() @@ -214,6 +221,9 @@ def test_add_object_data(db): object_data_id = list(object_data.keys())[0] assert object_data[object_data_id].get('policy_id') == policy_id + with pytest.raises(ObjectScopeExisting) as exception_info: + add_object_data(policy_id, category_id=category_id, value=value).get('data') + def test_add_object_data_with_invalid_category_id(db): policy_id = mock_data.get_policy_id() @@ -285,6 +295,8 @@ def test_add_subject_data(db): assert subject_data subject_data_id = list(subject_data.keys())[0] assert subject_data[subject_data_id].get('policy_id') == policy_id + with pytest.raises(SubjectScopeExisting): + add_subject_data(policy_id, category_id=category_id, value=value).get('data') def test_add_subject_data_with_no_category_id(db): @@ -340,6 +352,9 @@ def test_add_action(db): action_id = list(action.keys())[0] assert len(action[action_id].get('policy_list')) == 1 + with pytest.raises(ActionExisting): + add_action(policy_id=policy_id, value=value) + def test_add_action_multiple_times(db): policy_id = mock_data.get_policy_id() @@ -348,6 +363,7 @@ def test_add_action_multiple_times(db): "description": "test", } action = add_action(policy_id=policy_id, value=value) + logger.info("action : {}".format(action)) action_id = list(action.keys())[0] perimeter_id = action[action_id].get('id') assert action @@ -356,7 +372,8 @@ def test_add_action_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - action = add_action(mock_data.get_policy_id(), perimeter_id, value) + action = add_action(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value) + logger.info("action : {}".format(action)) assert action action_id = list(action.keys())[0] assert len(action[action_id].get('policy_list')) == 2 @@ -408,6 +425,9 @@ def test_add_object(db): object_id = list(added_object.keys())[0] assert len(added_object[object_id].get('policy_list')) == 1 + with pytest.raises(ObjectExisting): + add_object(policy_id=policy_id, value=value) + def test_add_objects_multiple_times(db): policy_id = mock_data.get_policy_id() @@ -424,7 +444,7 @@ def test_add_objects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - added_object = add_object(mock_data.get_policy_id(), perimeter_id, value) + added_object = add_object(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value) assert added_object object_id = list(added_object.keys())[0] assert len(added_object[object_id].get('policy_list')) == 2 @@ -476,6 +496,9 @@ def test_add_subject(db): subject_id = list(subject.keys())[0] assert len(subject[subject_id].get('policy_list')) == 1 + with pytest.raises(SubjectExisting): + add_subject(policy_id=policy_id, value=value) + def test_add_subjects_multiple_times(db): policy_id = mock_data.get_policy_id() @@ -492,7 +515,7 @@ def test_add_subjects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - subject = add_subject(mock_data.get_policy_id(), perimeter_id, value) + subject = add_subject(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value) assert subject subject_id = list(subject.keys())[0] assert len(subject[subject_id].get('policy_list')) == 2 diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py index 148034ef..f81f0d39 100755 --- a/python_moondb/tests/unit_python/policies/test_policies.py +++ b/python_moondb/tests/unit_python/policies/test_policies.py @@ -5,7 +5,7 @@ import pytest import policies.mock_data as mock_data - +from python_moonutilities.exceptions import * def get_policies(): from python_moondb.core import PolicyManager @@ -97,9 +97,9 @@ def test_add_policies_twice_with_same_id(db): "description": "test", } add_policies(policy_id, value) - with pytest.raises(Exception) as exception_info: + with pytest.raises(PolicyExisting) as exception_info: add_policies(policy_id, value) - assert str(exception_info.value) == '409: Policy Error' + #assert str(exception_info.value) == '409: Policy Error' def test_delete_policies(db): @@ -127,9 +127,9 @@ def test_delete_policies(db): def test_delete_policies_with_invalid_id(db): policy_id = 'policy_id_1' - with pytest.raises(Exception) as exception_info: + with pytest.raises(PolicyUnknown) as exception_info: delete_policies(policy_id) - assert str(exception_info.value) == '400: Policy Unknown' + #assert str(exception_info.value) == '400: Policy Unknown' def test_update_policy(db): @@ -156,9 +156,9 @@ def test_update_policy_with_invalid_id(db): "genre": "authz", "description": "test-3", } - with pytest.raises(Exception) as exception_info: + with pytest.raises(PolicyUnknown) as exception_info: update_policy(policy_id, value) - assert str(exception_info.value) == '400: Policy Unknown' + #assert str(exception_info.value) == '400: Policy Unknown' def test_get_policy_from_meta_rules(db): @@ -271,6 +271,9 @@ def test_add_rule(db): assert key in rules[rule_id] assert rules[rule_id][key] == value[key] + with pytest.raises(RuleExisting): + add_rule(policy_id, meta_rule_id, value) + def test_delete_rule(db): value = { diff --git a/python_moonutilities/Changelog b/python_moonutilities/Changelog index 4c08f10c..e6ab2f6e 100644 --- a/python_moonutilities/Changelog +++ b/python_moonutilities/Changelog @@ -85,4 +85,8 @@ CHANGES 1.4.7 ----- -- Delete the auth.py file to remove some code duplication
\ No newline at end of file +- Delete the auth.py file to remove some code duplication + +1.4.8 +----- +- Add SubjectScopeExisting, ObjectScopeExisting, ActionScopeExisting exceptions
\ No newline at end of file diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py index 43f8645f..cabb4c52 100644 --- a/python_moonutilities/python_moonutilities/__init__.py +++ b/python_moonutilities/python_moonutilities/__init__.py @@ -3,6 +3,6 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.4.7" +__version__ = "1.4.8" diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index f3763428..f1dcd31e 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -282,6 +282,26 @@ class ActionUnknown(AdminPerimeter): logger = "ERROR" +class SubjectExisting(AdminPerimeter): + description = _("The given subject is existing.") + code = 409 + title = 'Subject Existing' + logger = "ERROR" + + +class ObjectExisting(AdminPerimeter): + description = _("The given object is existing.") + code = 409 + title = 'Object Existing' + logger = "ERROR" + + +class ActionExisting(AdminPerimeter): + description = _("The given action is existing.") + code = 409 + title = 'Action Existing' + logger = "ERROR" + class SubjectNameExisting(AdminPerimeter): description = _("The given subject name is existing.") code = 400 @@ -338,6 +358,27 @@ class ActionScopeUnknown(AdminScope): logger = "ERROR" +class SubjectScopeExisting(AdminScope): + description = _("The given subject scope is existing.") + code = 409 + title = 'Subject Scope Existing' + logger = "ERROR" + + +class ObjectScopeExisting(AdminScope): + description = _("The given object scope is existing.") + code = 409 + title = 'Object Scope Existing' + logger = "ERROR" + + +class ActionScopeExisting(AdminScope): + description = _("The given action scope is existing.") + code = 409 + title = 'Action Scope Existing' + logger = "ERROR" + + class SubjectScopeNameExisting(AdminScope): description = _("The given subject scope name is existing.") code = 400 diff --git a/tools/moon_kubernetes/init_k8s_moon.sh b/tools/moon_kubernetes/init_k8s_moon.sh index 00c1b443..0617de86 100644 --- a/tools/moon_kubernetes/init_k8s_moon.sh +++ b/tools/moon_kubernetes/init_k8s_moon.sh @@ -108,7 +108,7 @@ function wait_for_moon_forming() { function wait_for_moon_manager() { echo "Waiting for moon (manager) ..." kube_namespace="moon" - declare -a kube_pods=("manager # 3") + declare -a kube_pods=("manager # 1") check_pods_running "$kube_namespace" "${kube_pods[@]}" } |