diff options
| -rw-r--r-- | keystonemiddleware-moon/keystonemiddleware/authz.py | 65 | ||||
| -rw-r--r-- | moonclient/moonclient/tests/tests_empty_policy_nova.json | 1013 | ||||
| -rw-r--r-- | moonclient/moonclient/tests/tests_empty_policy_swift.json | 1168 |
3 files changed, 2228 insertions, 18 deletions
diff --git a/keystonemiddleware-moon/keystonemiddleware/authz.py b/keystonemiddleware-moon/keystonemiddleware/authz.py index 8dbb60e9..f5f19079 100644 --- a/keystonemiddleware-moon/keystonemiddleware/authz.py +++ b/keystonemiddleware-moon/keystonemiddleware/authz.py @@ -39,24 +39,25 @@ _OPTS = [ _AUTHZ_GROUP = 'keystone_authz' CONF = cfg.CONF CONF.register_opts(_OPTS, group=_AUTHZ_GROUP) +CONF.debug = True # auth.register_conf_options(CONF, _AUTHZ_GROUP) # from http://developer.openstack.org/api-ref-objectstorage-v1.html SWIFT_API = ( - ("^/v1/(?P<account>[\w-]+)$", "GET", "get_account_details"), - ("^/v1/(?P<account>[\w-]+)$", "POST", "modify_account"), - ("^/v1/(?P<account>[\w-]+)$", "HEAD", "get_account"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "GET", "get_container"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "PUT", "create_container"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "POST", "update_container_metadata"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "DELETE", "delete_container"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "HEAD", "get_container_metadata"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "GET", "get_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "PUT", "create_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "COPY", "copy_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "POST", "update_object_metadata"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "DELETE", "delete_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "HEAD", "get_object_metadata"), + ("^/v1/(?P<account>[\w_-]+)$", "GET", "get_account_details"), + ("^/v1/(?P<account>[\w_-]+)$", "POST", "modify_account"), + ("^/v1/(?P<account>[\w_-]+)$", "HEAD", "get_account"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "GET", "get_container"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "PUT", "create_container"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "POST", "update_container_metadata"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "DELETE", "delete_container"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "HEAD", "get_container_metadata"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "GET", "get_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "PUT", "create_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "COPY", "copy_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "POST", "update_object_metadata"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "DELETE", "delete_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "HEAD", "get_object_metadata"), ) @@ -269,6 +270,21 @@ class AuthZProtocol(object): for api in SWIFT_API: if re.match(api[0], path) and method == api[1]: action = api[2] + length = int(env.get('CONTENT_LENGTH', '0')) + # TODO (dthom): compute for Nova, Cinder, Neutron, ... + _action = "" + if length > 0: + try: + sub_action_object = env['wsgi.input'].read(length) + self.input = sub_action_object + _action = json.loads(sub_action_object).keys()[0] + body = StringIO(sub_action_object) + env['wsgi.input'] = body + self._LOG.debug("wsgi.input={}".format(_action)) + except ValueError: + self._LOG.error("Error in decoding sub-action") + except Exception as e: + self._LOG.error(str(e)) return action @staticmethod @@ -293,7 +309,7 @@ class AuthZProtocol(object): return elif component == "swift": # remove the "/v1/" part of the URL - return env.get("PATH_INFO").split("/", 2)[-1].replace("/", "-") + return env.get("PATH_INFO").split("/", 2)[-1].replace("/", "-").replace(".", "-") return "unknown" def __call__(self, env, start_response): @@ -306,25 +322,38 @@ class AuthZProtocol(object): # return self._app(env, start_response) subject_id = env.get("HTTP_X_USER_ID") + if not subject_id: + self._LOG.warning("No subject_id found for {}".format(env.get("PATH_INFO"))) + return self._app(env, start_response) tenant_id = env.get("HTTP_X_TENANT_ID") + if not tenant_id: + self._LOG.warning("No tenant_id found for {}".format(env.get("PATH_INFO"))) + return self._app(env, start_response) component = self._find_openstack_component(env) action_id = self._get_action(env, component) + self._LOG.debug("\033[1m\033[31mrequest={}\033[m".format(env["PATH_INFO"])) if action_id: object_id = self._get_object(env, component) if not object_id: object_id = "servers" + self._LOG.debug("object_id={}".format(object_id)) self.__set_token() resp = self._get_authz_from_moon(self.x_subject_token, tenant_id, subject_id, object_id, action_id) self.__unset_token() if resp.status_code == 200: answer = json.loads(resp.content) + self._LOG.debug("action_id={}/{}".format(component, action_id)) self._LOG.debug(answer) if "authz" in answer and answer["authz"]: return self._app(env, start_response) + self._LOG.error("You are not authorized to do that! ({})".format(unicode(answer["comment"]))) raise exception.Unauthorized(message="You are not authorized to do that! ({})".format(unicode(answer["comment"]))) - self._LOG.debug("No action_id found for {}".format(env.get("PATH_INFO"))) - # If action is not found, we can't raise an exception because a lots of action is missing - # in function self._get_action, it is not possible to get them all. + else: + self._LOG.error("Unable to request Moon ({}: {})".format(resp.status_code, resp.reason)) + else: + self._LOG.debug("No action_id found for {}".format(env.get("PATH_INFO"))) + # If action is not found, we can't raise an exception because a lots of action is missing + # in function self._get_action, it is not possible to get them all. return self._app(env, start_response) # raise exception.Unauthorized(message="You are not authorized to do that!") diff --git a/moonclient/moonclient/tests/tests_empty_policy_nova.json b/moonclient/moonclient/tests/tests_empty_policy_nova.json new file mode 100644 index 00000000..1320ecc9 --- /dev/null +++ b/moonclient/moonclient/tests/tests_empty_policy_nova.json @@ -0,0 +1,1013 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "nova image-list", + "external_command": "nova image-list", + "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros-0.3.4-x86_64-uec", + "description": "Get an Image ID" + }, + { + "name": "nova boot new server", + "external_command": "nova boot --flavor m1.micro --image $uuid_image test_moonclient", + "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros-0.3.4-x86_64-uec", + "description": "Get an Image ID" + }, + { + "name": "sleep", + "external_command": "sleep 5", + "result": "", + "description": "time for server to really boot" + }, + { + "name": "nova get new server", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Get the ID of the new server" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!demo)", + "description": "Check if tenant demo is used." + }, + { + "name": "add tenant demo", + "command": "tenant add demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+demo", + "description": "Check that tenant demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension add --policy_model policy_empty_authz empty_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject", + "command": "subject add admin --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", + "description": "Check that admin subject was added." + }, + { + "name": "add_subject", + "command": "subject add demo --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", + "description": "Check that demo subject was added." + }, + { + "name": "add_object", + "command": "object add servers", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_servers>\\w+)\\s+servers", + "description": "Check that servers subject was added." + }, + { + "name": "add_action", + "command": "action add pause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_pause>\\w+)\\s+pause", + "description": "Check that pause action was added." + }, + { + "name": "add_action", + "command": "action add unpause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", + "description": "Check that unpause action was added." + }, + { + "name": "add_action", + "command": "action add list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_list>\\w+)\\s+list", + "description": "Check that list action was added." + }, + { + "name": "add_action", + "command": "action add start", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_start>\\w+)\\s+start", + "description": "Check that start action was added." + }, + { + "name": "add_action", + "command": "action add stop", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_stop>\\w+)\\s+stop", + "description": "Check that stop action was added." + }, + { + "name": "add_action", + "command": "action add create", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_create>\\w+)\\s+create", + "description": "Check that create action was added." + }, + { + "name": "add_action", + "command": "action add upload", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_upload>\\w+)\\s+upload", + "description": "Check that upload action was added." + }, + { + "name": "add_action", + "command": "action add download", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_download>\\w+)\\s+download", + "description": "Check that download action was added." + }, + { + "name": "add_action", + "command": "action add post", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_post>\\w+)\\s+post", + "description": "Check that post action was added." + }, + { + "name": "add_action", + "command": "action add storage_list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", + "description": "Check that storage_list action was added." + }, + + { + "name": "add_subject_category", + "command": "subject category add subject_security_level", + "result": "", + "description": "Add the new subject category subject_security_level", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category>\\w+)\\s+subject_security_level", + "description": "Check that subject_security_level subject_category was added." + }, + { + "name": "add_object_category", + "command": "object category add object_security_level", + "result": "", + "description": "Add the new object category object_security_level", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category>\\w+)\\s+object_security_level", + "description": "Check that object_security_level object_category was added." + }, + { + "name": "add_action_category", + "command": "action category add resource_action", + "result": "", + "description": "Add the new action category resource_action", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "action category list", + "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", + "description": "Check that resource_action action_category was added." + }, + + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", + "result": "$uuid_subject_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", + "result": "$uuid_subject_scope_medium medium", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_servers $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_pause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_unpause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_start $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_stop $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_access vm_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_create $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_storage_list $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_download $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_upload $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_post $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check_submetarules", + "command": "submetarule show", + "result": "(?P<submetarule_uuid>\\w+)", + "description": "Get one submetarule ID", + "command_options": "-c id -f value" + }, + { + "name": "set_submetarule", + "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", + "result": "^$", + "description": "Set a new submetarule", + "command_options": "" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*subject_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"subject categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*object_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"object categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*resource_action", + "description": "Check the new submetarule", + "command_options": "-c id -c \"action categories\" -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm list", + "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", + "description": "Get aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set aggregation algorithm", + "command": "aggregation algorithm set $uuid_aggregation", + "result": "", + "description": "Set aggregation algorithm to one_true.", + "command_options": "" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm show", + "result": "$uuid_aggregation\\s+one_true", + "description": "Check aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "get submetarule algorithm", + "command": "submetarule algorithm list", + "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", + "description": "Get submetarule algorithm named inclusion.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set submetarule algorithm", + "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", + "result": "", + "description": "Set submetarule algorithm to inclusion.", + "command_options": "" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "(?!test_moonclient)", + "description": "Check that we cannot list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be impossible due to the current rules" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + + { + "name": "add_object", + "command": "object add $uuid_server", + "result": "", + "description": "Add the new nova server", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_nova_server>\\w+)\\s+$uuid_server", + "description": "Check that the new nova server was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to nova server", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_nova_server $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can now list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be possible now" + }, + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused", + "description": "Check that we can still list nova servers due to the current rules" + }, + { + "name": "reactivate nova instance", + "external_command": "nova unpause $uuid_server", + "result": "^$", + "description": "Unpausing the server for next tests" + }, + + { + "name": "del_assignment", + "command": "object assignment delete $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Delete the assignment 'low' to nova server", + "command_options": "" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_high", + "result": "^$", + "description": "Set the assignment 'high' to nova server", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_nova_server $uuid_object_category", + "result": "$uuid_object_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can now list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be not possible now" + }, + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can still list nova servers due to the current rules" + }, + + + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant demo", + "command_options": "" + }, + { + "name": "nova delete new server", + "external_command": "nova delete $uuid_server", + "result": "", + "description": "Delete the new server" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_empty_policy_swift.json b/moonclient/moonclient/tests/tests_empty_policy_swift.json new file mode 100644 index 00000000..e31e66c7 --- /dev/null +++ b/moonclient/moonclient/tests/tests_empty_policy_swift.json @@ -0,0 +1,1168 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "swift list", + "external_command": "swift list", + "result": "(?!moonclient_test)", + "description": "Check Swift command" + }, + { + "name": "add swift container", + "external_command": "swift post moonclient_test", + "result": "", + "description": "Add a new container" + }, + { + "name": "swift list", + "external_command": "swift list", + "result": "moonclient_test", + "description": "Check the added container" + }, + { + "name": "get accound ID", + "external_command": "swift stat", + "result": "Account: (?P<uuid_account>[\\w_]+)", + "description": "Check the added container" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!demo)", + "description": "Check if tenant demo is used." + }, + { + "name": "add tenant demo", + "command": "tenant add demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+demo", + "description": "Check that tenant demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension add --policy_model policy_empty_authz empty_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject", + "command": "subject add admin --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", + "description": "Check that admin subject was added." + }, + { + "name": "add_subject", + "command": "subject add demo --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", + "description": "Check that demo subject was added." + }, + { + "name": "add_object", + "command": "object add servers", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_servers>\\w+)\\s+servers", + "description": "Check that servers subject was added." + }, + { + "name": "add_action", + "command": "action add pause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_pause>\\w+)\\s+pause", + "description": "Check that pause action was added." + }, + { + "name": "add_action", + "command": "action add unpause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", + "description": "Check that unpause action was added." + }, + { + "name": "add_action", + "command": "action add list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_list>\\w+)\\s+list", + "description": "Check that list action was added." + }, + { + "name": "add_action", + "command": "action add start", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_start>\\w+)\\s+start", + "description": "Check that start action was added." + }, + { + "name": "add_action", + "command": "action add stop", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_stop>\\w+)\\s+stop", + "description": "Check that stop action was added." + }, + { + "name": "add_action", + "command": "action add create", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_create>\\w+)\\s+create", + "description": "Check that create action was added." + }, + { + "name": "add_action", + "command": "action add upload", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_upload>\\w+)\\s+upload", + "description": "Check that upload action was added." + }, + { + "name": "add_action", + "command": "action add download", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_download>\\w+)\\s+download", + "description": "Check that download action was added." + }, + { + "name": "add_action", + "command": "action add post", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_post>\\w+)\\s+post", + "description": "Check that post action was added." + }, + { + "name": "add_action", + "command": "action add storage_list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", + "description": "Check that storage_list action was added." + }, + + { + "name": "add_subject_category", + "command": "subject category add subject_security_level", + "result": "", + "description": "Add the new subject category subject_security_level", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category>\\w+)\\s+subject_security_level", + "description": "Check that subject_security_level subject_category was added." + }, + { + "name": "add_object_category", + "command": "object category add object_security_level", + "result": "", + "description": "Add the new object category object_security_level", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category>\\w+)\\s+object_security_level", + "description": "Check that object_security_level object_category was added." + }, + { + "name": "add_action_category", + "command": "action category add resource_action", + "result": "", + "description": "Add the new action category resource_action", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "action category list", + "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", + "description": "Check that resource_action action_category was added." + }, + + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", + "result": "$uuid_subject_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", + "result": "$uuid_subject_scope_medium medium", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_servers $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_pause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_unpause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_start $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_stop $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_access vm_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_create $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_storage_list $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_download $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_upload $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_post $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check_submetarules", + "command": "submetarule show", + "result": "(?P<submetarule_uuid>\\w+)", + "description": "Get one submetarule ID", + "command_options": "-c id -f value" + }, + { + "name": "set_submetarule", + "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", + "result": "^$", + "description": "Set a new submetarule", + "command_options": "" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*subject_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"subject categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*object_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"object categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*resource_action", + "description": "Check the new submetarule", + "command_options": "-c id -c \"action categories\" -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm list", + "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", + "description": "Get aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set aggregation algorithm", + "command": "aggregation algorithm set $uuid_aggregation", + "result": "", + "description": "Set aggregation algorithm to one_true.", + "command_options": "" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm show", + "result": "$uuid_aggregation\\s+one_true", + "description": "Check aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "get submetarule algorithm", + "command": "submetarule algorithm list", + "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", + "description": "Get submetarule algorithm named inclusion.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set submetarule algorithm", + "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", + "result": "", + "description": "Set submetarule algorithm to inclusion.", + "command_options": "" + }, + + { + "name": "swift list", + "external_command": "swift list", + "result": "(?!moonclient_test)", + "description": "Check Swift command, it must be impossible due to current rules" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + + { + "name": "add_object", + "command": "object add $uuid_account", + "result": "", + "description": "Add the new swift account", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_swift_account>\\w+)\\s+$uuid_account", + "description": "Check that the new swift account was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_swift_account $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to swift account", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_swift_account $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add get_account_details --description 'Swift action'", + "result": "", + "description": "Add the action get_account_details", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_get_account_details>\\w+)\\s+get_account_details", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_get_account_details $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_get_account_details $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "swift list", + "external_command": "swift list", + "result": "moonclient_test", + "description": "Check Swift command, it must be now possible due to current rules" + }, + { + "name": "create temp file", + "external_command": "touch /tmp/test.txt", + "result": "", + "description": "Create a temporary file to put in swift." + }, + { + "name": "swift post file", + "external_command": "swift upload moonclient_test /tmp/test.txt", + "result": "", + "description": "Try to put the test file in the container, impossible due to the absence of the object" + }, + { + "name": "swift list", + "external_command": "swift list moonclient_test", + "result": "(?!tmp/test.txt)", + "description": "Check that test file has not been uploaded." + }, + { + "name": "add_object", + "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", + "result": "", + "description": "Add the new swift container", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_swift_container>\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", + "description": "Check that the new swift container was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_swift_container $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to swift container", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_swift_container $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_object", + "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", + "result": "", + "description": "Add the new swift object", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_swift_object>\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", + "description": "Check that the new swift object was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_swift_object $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to swift object", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_swift_object $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add get_container --description 'Swift action'", + "result": "", + "description": "Add the action get_container", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_get_container>\\w+)\\s+get_container", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_get_container $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_get_container $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add get_object_metadata --description 'Swift action'", + "result": "", + "description": "Add the action get_object_metadata", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_get_object_metadata>\\w+)\\s+get_object_metadata", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_get_object_metadata $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_get_object_metadata $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add create_object --description 'Swift action'", + "result": "", + "description": "Add the action create_object", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_create_object>\\w+)\\s+create_object", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_create_object $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_create_object $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add create_container --description 'Swift action'", + "result": "", + "description": "Add the action create_container", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_create_container>\\w+)\\s+create_container", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_create_container $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_create_container $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "swift post file", + "external_command": "swift upload moonclient_test /tmp/test.txt", + "result": "", + "description": "Put the test file in the container" + }, + { + "name": "swift list", + "external_command": "swift list moonclient_test", + "result": "tmp/test.txt", + "description": "Check that test file has been uploaded." + }, + + + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant demo", + "command_options": "" + }, + { + "name": "swift delete new container", + "external_command": "swift delete moonclient_test", + "result": "", + "description": "Delete the new server" + } + ] + } +}
\ No newline at end of file |