diff options
47 files changed, 3109 insertions, 101 deletions
diff --git a/docs/2015-11-03.txt b/docs/2015-11-03.txt new file mode 100644 index 00000000..ea18a022 --- /dev/null +++ b/docs/2015-11-03.txt @@ -0,0 +1,190 @@ +(13:00:03) MaximeC left the room (quit: Client Quit).
+(13:00:22) MaximeC [c1f83226@gateway/web/freenode/ip.193.248.50.38] entered the room.
+(13:01:07) heruan: let's wait 5 mins before starting the meeting
+(13:01:36) asteroide: ok
+(13:01:54) Nir [c074be92@gateway/web/freenode/ip.192.116.190.146] entered the room.
+(13:03:13) alioune [c202ca51@gateway/web/freenode/ip.194.2.202.81] entered the room.
+(13:03:27) heruan: Hi all
+(13:03:45) heruan: Jamil will join the meeting later
+(13:04:24) heruan: in the chat room, there all the moon team from Orange, except Jamil
+(13:04:34) heruan: and Nir from Huawei
+(13:04:50) heruan: the ordre of today's meeting is:
+(13:05:16) heruan: - present opnfv-moon-core release2 and its main feature
+(13:05:16) heruan: - present opnfv-moonclient, a cmd line tool to administrate security
+(13:05:16) heruan: - present the DevOps environment for code continue integration
+(13:05:16) heruan: - present the progress moon-webview, a graphic interface for security management
+(13:05:16) heruan: - discussion about the roadmap: provide a demo next year? integration release C or D? which main features to be integrated?
+(13:05:16) heruan: - fix a monthly review meeting to follow its dev and establish an acting plan
+(13:05:30) heruan: do all of you agree on the schedule?
+(13:05:39) asteroide: yes
+(13:06:06) MaximeC: That's ok for me
+(13:06:17) Nir: me too
+(13:06:59) heruan: #present opnfv-moon-cre release2
+(13:07:08) Jamil [a16a0005@gateway/web/freenode/ip.161.106.0.5] entered the room.
+(13:07:33) heruan: we started the second release since the beginning of this year
+(13:08:16) heruan: the main idea is to refactor the code in order to conform OpenStack's criteria and build a stable policy engine
+(13:08:45) heruan: now the core part has almost finished, we on now on the test stage
+(13:09:12) heruan: @asteroide, can you talk a little about the ongoing test?
+(13:09:18) asteroide: yep
+(13:09:36) asteroide: all functionnal tests are OK
+(13:09:56) Jamil: What are the main features of this Rel ?
+(13:09:59) asteroide: those tests are located in the code of Keystone-moon
+(13:10:26) asteroide: and I am testing Moon with moonclient
+(13:10:41) asteroide: by adding a test feature inside moonclient
+(13:11:19) asteroide: the main feature is the policy engine written in pue python
+(13:11:26) asteroide: pure python
+(13:11:29) Jamil: waht do you mean by moonclient ?
+(13:11:57) heruan: @Jamil, the main features can be found in Jira: https://jira.opnfv.org/browse/MOON-2?jql=project%20%3D%20MOON%20AND%20resolution%20%3D%20Unresolved%20AND%20issuetype%20%3D%20Task%20ORDER%20BY%20priority%20DESChttps://jira.opnfv.org/browse/MOON-2?jql=project%20%3D%20MOON%20AND%20resolution%20%3D%20Unresolved%20AND%20issuetype%20%3D%20Task%20ORDER%20BY%20priority%20DESC
+(13:12:07) asteroide: moonclient is a console based client used to configure keystone-moon
+(13:12:18) asteroide: through moon API
+(13:12:29) alioune left the room (quit: Quit: Page closed).
+(13:12:44) heruan: yes, moon has 2 interfaces: moonclient (CLI) and moonwebview (GUI)
+(13:12:57) alioune [c202ca51@gateway/web/freenode/ip.194.2.202.81] entered the room.
+(13:13:14) asteroide: here is an example of moonclient usage : "moon tenant list" "moon subject add admin --password nomoresecrete", ...
+(13:13:37) asteroide: you can add subject object, action, categories rules and so on
+(13:13:48) asteroide: on a particular intraextension
+(13:14:03) asteroide: on a "selected" intraextension
+(13:14:30) heruan: PI: extension in moon is a security manager to protect one tenant
+(13:15:09) heruan: in conclusion, now to moon-core, it only lacks tests?
+(13:15:39) heruan: @asteroide?
+(13:16:06) asteroide: for me, tests in keystone moon are OK in core
+(13:16:14) asteroide: but not through moonclient
+(13:16:35) heruan: how much time it needs to finish all the tests?
+(13:16:45) asteroide: I need to add more test on nova
+(13:16:49) asteroide: on swift
+(13:17:06) asteroide: and tests with different users (not admin)
+(13:17:21) asteroide: all through moonclient
+(13:17:34) heruan: yes, the 3 sub-tasks we have listed in Jira
+(13:17:39) asteroide: nova tests will be OK at the end of this week
+(13:18:17) asteroide: I think that swift and users tests can be done at the end of the next week
+(13:18:25) heruan: ok
+(13:18:51) heruan: moon core release 2 will be finished in 2 weeks!
+(13:19:03) heruan: thank asteroide
+(13:19:09) asteroide: :)
+(13:19:26) heruan: next topic is about #moonclient
+(13:19:37) heruan: since we have already discussed about it
+(13:19:56) heruan: my understanding is that moonclient will be finished with moon-core?
+(13:20:17) asteroide: yes
+(13:20:35) heruan: ok, moonclient will also be finished in 2 weeks!!
+(13:20:54) heruan: the 3rd topic is about moonwebview (GUI)
+(13:21:01) heruan: @MaximeC?
+(13:21:06) MaximeC: Ok,
+(13:21:19) Jamil: what are next steps to integrate moon in OPNFV Rel x ?
+(13:21:41) heruan: this is the 5th topic
+(13:21:41) MaximeC: So, basically, MoonWebUI aims at providing a WebUI for Moon
+(13:21:58) Jamil: ok
+(13:22:06) MaximeC: to manage tenants, intra-extension & inter-etension
+(13:22:19) MaximeC: with an Authc based on Keystone
+(13:23:04) MaximeC: This interface is still in development as we refactore the code to be client-side, and independant from Horizon
+(13:23:24) MaximeC: This is the actual state of the code:
+(13:23:43) MaximeC: * Tenants Management is implemented
+(13:24:17) MaximeC: * Intra-etension management is in progress (70% of functionality are working)
+(13:24:39) MaximeC: * Inter-extension is not yet developped
+(13:24:51) MaximeC: * AuthC dev has just begun
+(13:24:51) heruan: inter-extension is not included in release 2
+(13:25:18) heruan: i think maxime needs asteroide's help for a server-side django module
+(13:25:34) asteroide: ok no problem
+(13:25:45) MaximeC: The WebUI is bound to MoonServer through REST API, so
+(13:26:21) MaximeC: even if there are major changes in moon server code, as logn as API will remain the same
+(13:26:44) MaximeC: no changes will be due in MoonWebview code
+(13:27:00) heruan: Maxime, do you have an idea about the delay?
+(13:27:35) MaximeC: To my mind, i think dev will last 1 month
+(13:27:58) heruan: ok, 4 weeks for the monwebview
+(13:28:00) asteroide: is there a plan to add a link to the log API inside the web client ?
+(13:28:14) heruan: not in release 2
+(13:28:28) asteroide: ok
+(13:28:50) heruan: the 4th topic is about the dev environment
+(13:29:57) heruan: @Nir, it's not so easy to install the whole dev env, so if someone in your team wants, ask him to directly contact us
+(13:30:22) heruan: we will try to remotely install all modules for him
+(13:31:13) heruan: we switch to the 5th topic
+(13:31:28) heruan: moon's roadmap
+(13:31:41) Nir: ok, i will inform them
+(13:31:46) heruan: @Jamil @Nir, what's your opinion?
+(13:32:19) Jamil: its good to have moon in Rel C
+(13:32:56) heruan: this depends on @alioune's work on OpenDaylight integration
+(13:33:22) Nir: agree, what are we missing to put it into Rel C?
+(13:33:56) heruan: we'd like to implement the identity federation use case through moon
+(13:34:15) Jamil: my undestanding integration with ODL ID
+(13:34:33) heruan: this means that moon at the same time, synchronizes and manages OpenStack's users and OpenDaylight's users
+(13:34:54) heruan: to demonstrate that moon is a unified security manager
+(13:35:05) Jamil: yes
+(13:35:09) heruan: @alioune works on the ODL integration
+(13:35:20) heruan: @aliounce, what's your progress?
+(13:35:57) heruan: he's maybe offlne
+(13:36:34) heruan: my understanding is that the integration will be difficulte to finished for the beginning of 2016
+(13:36:44) Jamil: do we need any support from ODL project ?
+(13:36:57) heruan: yes, of cause
+(13:37:11) heruan: if we can get some supplementary helps
+(13:37:17) Jamil: Rel C will be in Sept 2016
+(13:37:41) heruan: but we should provide a demo at the begining of 2016
+(13:37:46) Jamil: yes I can ask a support
+(13:37:51) Nir: I can check if we have someone in Huawei that can help
+(13:38:04) heruan: that's great!!
+(13:38:07) Nir: Do we have a target date for the demo
+(13:38:08) Nir: ?
+(13:38:44) heruan: let's fix the date to 15th Jan 2016
+(13:39:36) Nir: OK, I will check internally and update.
+(13:39:41) alioune: hi all, currently I am analysing ODL architecture and main used frameworks in the controller
+(13:39:43) heruan: thanks
+(13:40:28) heruan: so, the roadmap of moon is to push its code to Release C
+(13:40:38) Jamil: Jan 2016 will be one month before Rel B
+(13:40:52) heruan: we prepare the demo for Jan 2016
+(13:41:15) Jamil: I think Rel c will be discussed in March 2016
+(13:41:33) asteroide: the demo will be on release 2 of Moon or release 3 ?
+(13:41:52) heruan: ok, in this case we will have more time
+(13:42:04) heruan: the demo will be based on Moon release 2
+(13:42:13) Jamil: for OPNFV, the first integrated code for moon will be the Rel1 for moon
+(13:42:13) asteroide: ok
+(13:42:45) heruan: release 2 will be ready, son we can directly contribute with release 2
+(13:43:20) heruan: the second sub-topic is about next week's OPNFV summit
+(13:43:37) heruan: Jamil will chair a dedicated session on Moon
+(13:43:58) heruan: Nir, maybe you can help Jamil for the session?
+(13:44:07) Jamil: ODL will be integrated in moon Rel 3 ?
+(13:44:13) Nir: I will participate in a security panel presenting Moon in the first day
+(13:44:34) Nir: and i have a session about the moon in the theater at teh second day as well
+(13:44:41) Nir: :-)
+(13:44:46) heruan: great!!
+(13:45:11) heruan: @Jamil, ODL doesn't touch Moon-core
+(13:45:20) Nir: Unless you think otherwise i recommend to keep all of them so we can reach as many people and increase the community
+(13:45:39) Nir: altough we may have some overlap
+(13:45:54) heruan: the ecosystem for moon will be important
+(13:46:14) heruan: all contributors and commiters will be welcome
+(13:46:27) Nir: I am also planning to present moon to TI and Telefonica hoping to get them on board
+(13:46:34) asteroide: and all beta-testers also ;)
+(13:46:40) Nir: agree :-)
+(13:47:11) heruan: we will provide a public testbed of Moon by Descember 2015
+(13:47:35) heruan: based on moon-core release 2
+(13:47:42) Nir: as for our suggestions for Rel 3 I asked my team to analyze Rel 2 and update the offer we have presented on our last meeting
+(13:48:10) Jamil: moon session will be Thursday November 12, 2015 12:10pm - 12:30pm
+(13:48:25) heruan: yes, some of the issues you mentioned have been already implemented
+(13:49:00) heruan: @Jamil, can you annonce Moon's roadmap of OPNFV releaseC integration during your session?
+(13:49:29) Jamil: yes It will do
+(13:49:58) heruan: ok, i think we finished the fifth topic
+(13:49:58) Jamil: I will do
+(13:50:19) heruan: last one, I propose to have a monthly moon meeting
+(13:50:38) heruan: the last wensday of each month
+(13:50:51) heruan: it's ok for everyone?
+(13:50:52) Nir: agree
+(13:50:56) Jamil: ok
+(13:51:01) asteroide: agree
+(13:51:02) Jamil: same time ?
+(13:51:13) MaximeC: Ok for me
+(13:51:32) heruan: at 14h CEST? on hour later
+(13:51:38) alioune: ok
+(13:52:12) asteroide: ok for 14h CEST
+(13:52:30) heruan: @Nir?
+(13:52:37) Nir: ok with me
+(13:52:41) heruan: ok
+(13:52:50) heruan: we finished all the topics
+(13:53:03) heruan: do you have anything else to discuss?
+(13:53:47) asteroide: nothing to add
+(13:54:00) Nir: not on my side.
+(13:54:03) heruan: if you don't have anything else, we close today's meeting
+(13:54:26) Jamil: have a nice day
+(13:54:28) Nir: thanks, and gooddbye everyone
+(13:54:34) asteroide: bye!
+(13:54:39) heruan: I'll update the meeting report to moon's workspace
+(13:54:41) Nir left the room (quit: Quit: Page closed).
+(13:54:50) Jamil left the room (quit: Quit: Page closed).
+(13:55:03) MaximeC left the room.
+(13:55:09) asteroide left the room (quit: Quit: Page closed).
\ No newline at end of file diff --git a/docs/2015-11-meeting-repport.rst b/docs/2015-11-meeting-repport.rst new file mode 100644 index 00000000..13b520bf --- /dev/null +++ b/docs/2015-11-meeting-repport.rst @@ -0,0 +1,66 @@ +2015-11-03 meeting repport +========================== + +agenda +------ + +* present opnfv-moon-core release2 and its main feature + +* present opnfv-moonclient, a cmd line tool to administrate security + +* present the DevOps environment for code continue integration + +* present the progress moon-webview, a graphic interface for security management + +* discussion about the roadmap: provide a demo next year? integration release C or D? which main features to be integrated? + +* fix a monthly review meeting to follow its dev and establish an acting plan + + +moon core +--------- + +* functional tests will be finished in 2 weeks + + +moonclient +---------- + +* moonclient tests, together with functional tests will be finished in 2 weeks + + +moonwebview +----------- + +* 70% is finished + +* the total will be finished in 4 weeks + +* the log will not be integrated in release 2 + + +dev environment +--------------- + +* no documentation + +* for new committers, please contact ruan.he@orange.com + + +project roadmap +--------------- + +* integrate Moon code to release C + +* Jamil to ask for support from OpenDaylight + +* Nir to ask for support from Huawei + +* prepare Moon demostration with OpenStack/OpenDaylight 03/2016 + + +monthly dev meeting +------------------- + +* all the contributors agree to set up a monthly dev meeting the last Wensday of each month + diff --git a/docs/etc/conf.py b/docs/etc/conf.py new file mode 100644 index 00000000..18deb8b7 --- /dev/null +++ b/docs/etc/conf.py @@ -0,0 +1,34 @@ +import datetime
+import sys
+import os
+
+try:
+ __import__('imp').find_module('sphinx.ext.numfig')
+ extensions = ['sphinx.ext.numfig']
+except ImportError:
+ # 'pip install sphinx_numfig'
+ extensions = ['sphinx_numfig']
+
+# numfig:
+number_figures = True
+figure_caption_prefix = "Fig."
+
+source_suffix = '.rst'
+master_doc = 'index'
+pygments_style = 'sphinx'
+html_use_index = False
+
+pdf_documents = [('index', u'OPNFV', u'OPNFV Project', u'OPNFV')]
+pdf_fit_mode = "shrink"
+pdf_stylesheets = ['sphinx','kerning','a4']
+#latex_domain_indices = False
+#latex_use_modindex = False
+
+latex_elements = {
+ 'printindex': '',
+}
+
+project = u'OPNFV: Template documentation config'
+copyright = u'%s, OPNFV' % datetime.date.today().year
+version = u'1.0.0'
+release = u'1.0.0'
diff --git a/docs/etc/opnfv-logo.png b/docs/etc/opnfv-logo.png Binary files differnew file mode 100644 index 00000000..1519503e --- /dev/null +++ b/docs/etc/opnfv-logo.png diff --git a/docs/how-to-use-docs/documentation-example.rst b/docs/how-to-use-docs/documentation-example.rst new file mode 100644 index 00000000..81c9f026 --- /dev/null +++ b/docs/how-to-use-docs/documentation-example.rst @@ -0,0 +1,86 @@ +.. two dots create a comment. please leave this logo at the top of each of your rst files.
+.. image:: ../etc/opnfv-logo.png
+ :height: 40
+ :width: 200
+ :alt: OPNFV
+ :align: left
+.. these two pipes are to seperate the logo from the first title
+|
+|
+How to create documentation for your OPNFV project
+==================================================
+
+this is the directory structure of the docs/ directory that can be found in the root of your project directory
+
+.. code-block:: bash
+
+ ./etc
+ ./etc/opnfv-logo.png
+ ./etc/conf.py
+ ./how-to-use-docs
+ ./how-to-use-docs/documentation-example.rst
+ ./how-to-use-docs/index.rst
+
+To create your own documentation, Create any number of directories (depending on your need) and place in each of them an index.rst.
+This index file must refence your other rst files.
+
+* Here is an example index.rst
+
+.. code-block:: bash
+
+ Example Documentation table of contents
+ =======================================
+
+ Contents:
+
+ .. toctree::
+ :numbered:
+ :maxdepth: 4
+
+ documentation-example.rst
+
+ Indices and tables
+ ==================
+
+ * :ref:`search`
+
+ Revision: _sha1_
+
+ Build date: |today|
+
+
+The Sphinx Build
+================
+
+When you push documentation changes to gerrit a jenkins job will create html documentation.
+
+* Verify Jobs
+For verify jobs a link to the documentation will show up as a comment in gerrit for you to see the result.
+
+* Merge jobs
+
+Once you are happy with the look of your documentation you can submit the patchset the merge job will
+copy the output of each documentation directory to http://artifacts.opnfv.org/$project/docs/$name_of_your_folder/index.html
+
+Here are some quick examples of how to use rst markup
+
+This is a headline::
+
+ here is some code, note that it is indented
+
+links are easy to add: Here is a link to sphinx, the tool that we are using to generate documetation http://sphinx-doc.org/
+
+* Bulleted Items
+
+ **this will be bold**
+
+.. code-block:: bash
+
+ echo "Heres is a code block with bash syntax highlighting"
+
+
+Leave these at the bottom of each of your documents they are used internally
+
+Revision: _sha1_
+
+Build date: |today|
diff --git a/docs/how-to-use-docs/index.rst b/docs/how-to-use-docs/index.rst new file mode 100644 index 00000000..8af7427e --- /dev/null +++ b/docs/how-to-use-docs/index.rst @@ -0,0 +1,30 @@ +.. OPNFV Release Engineering documentation, created by
+ sphinx-quickstart on Tue Jun 9 19:12:31 2015.
+ You can adapt this file completely to your liking, but it should at least
+ contain the root `toctree` directive.
+
+.. image:: ../etc/opnfv-logo.png
+ :height: 40
+ :width: 200
+ :alt: OPNFV
+ :align: left
+
+Example Documentation table of contents
+=======================================
+
+Contents:
+
+.. toctree::
+ :numbered:
+ :maxdepth: 4
+
+ documentation-example.rst
+
+Indices and tables
+==================
+
+* :ref:`search`
+
+Revision: _sha1_
+
+Build date: |today|
diff --git a/keystone-moon/examples/moon/policies/policy_empty_admin/assignment.json b/keystone-moon/examples/moon/policies/policy_empty_admin/assignment.json new file mode 100644 index 00000000..24018a09 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_admin/assignment.json @@ -0,0 +1,7 @@ +{ + "subject_assignments": {}, + + "action_assignments": {}, + + "object_assignments": {} +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_admin/metadata.json b/keystone-moon/examples/moon/policies/policy_empty_admin/metadata.json new file mode 100644 index 00000000..3c9be2e5 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_admin/metadata.json @@ -0,0 +1,12 @@ +{ + "name": "Empty_Policy", + "model": "", + "genre": "admin", + "description": "Empty Policy", + + "subject_categories": [], + + "action_categories": [], + + "object_categories": [] +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_admin/metarule.json b/keystone-moon/examples/moon/policies/policy_empty_admin/metarule.json new file mode 100644 index 00000000..7acd8848 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_admin/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "mls_rule": { + "subject_categories": [], + "action_categories": [], + "object_categories": [], + "algorithm": "" + } + }, + "aggregation": "" +} + diff --git a/keystone-moon/examples/moon/policies/policy_empty_admin/perimeter.json b/keystone-moon/examples/moon/policies/policy_empty_admin/perimeter.json new file mode 100644 index 00000000..54dbfc31 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_admin/perimeter.json @@ -0,0 +1,39 @@ +{ + "subjects": [], + "actions": [ + "read", + "write" + ], + "objects": [ + "authz.subjects", + "authz.objects", + "authz.actions", + "authz.subject_categories", + "authz.object_categories", + "authz.action_categories", + "authz.subject_scopes", + "authz.object_scopes", + "authz.action_scopes", + "authz.subject_assignments", + "authz.object_assignments", + "authz.action_assignments", + "authz.aggregation_algorithm", + "authz.sub_meta_rules", + "authz.rules", + "admin.subjects", + "admin.objects", + "admin.actions", + "admin.subject_categories", + "admin.object_categories", + "admin.action_categories", + "admin.subject_scopes", + "admin.object_scopes", + "admin.action_scopes", + "admin.subject_assignments", + "admin.object_assignments", + "admin.action_assignments", + "admin.aggregation_algorithm", + "admin.sub_meta_rules", + "admin.rules" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_admin/rule.json b/keystone-moon/examples/moon/policies/policy_empty_admin/rule.json new file mode 100644 index 00000000..fe4fae5a --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_admin/rule.json @@ -0,0 +1,3 @@ +{ + "mls_rule":[] +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_admin/scope.json b/keystone-moon/examples/moon/policies/policy_empty_admin/scope.json new file mode 100644 index 00000000..1efebe6f --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_admin/scope.json @@ -0,0 +1,7 @@ +{ + "subject_scopes": {}, + + "action_scopes": {}, + + "object_scopes": {} +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_authz/assignment.json b/keystone-moon/examples/moon/policies/policy_empty_authz/assignment.json new file mode 100644 index 00000000..24018a09 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_authz/assignment.json @@ -0,0 +1,7 @@ +{ + "subject_assignments": {}, + + "action_assignments": {}, + + "object_assignments": {} +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_authz/metadata.json b/keystone-moon/examples/moon/policies/policy_empty_authz/metadata.json new file mode 100644 index 00000000..4f300d78 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_authz/metadata.json @@ -0,0 +1,12 @@ +{ + "name": "MLS_Policy", + "model": "MLS", + "genre": "authz", + "description": "Multi Level Security Policy", + + "subject_categories": [], + + "action_categories": [], + + "object_categories": [] +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_authz/metarule.json b/keystone-moon/examples/moon/policies/policy_empty_authz/metarule.json new file mode 100644 index 00000000..7acd8848 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_authz/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "mls_rule": { + "subject_categories": [], + "action_categories": [], + "object_categories": [], + "algorithm": "" + } + }, + "aggregation": "" +} + diff --git a/keystone-moon/examples/moon/policies/policy_empty_authz/perimeter.json b/keystone-moon/examples/moon/policies/policy_empty_authz/perimeter.json new file mode 100644 index 00000000..9da8a8c0 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_authz/perimeter.json @@ -0,0 +1,5 @@ +{ + "subjects": [], + "actions": [], + "objects": [] +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_authz/rule.json b/keystone-moon/examples/moon/policies/policy_empty_authz/rule.json new file mode 100644 index 00000000..fe4fae5a --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_authz/rule.json @@ -0,0 +1,3 @@ +{ + "mls_rule":[] +} diff --git a/keystone-moon/examples/moon/policies/policy_empty_authz/scope.json b/keystone-moon/examples/moon/policies/policy_empty_authz/scope.json new file mode 100644 index 00000000..1efebe6f --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_empty_authz/scope.json @@ -0,0 +1,7 @@ +{ + "subject_scopes": {}, + + "action_scopes": {}, + + "object_scopes": {} +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json index ed1950b0..f2378333 100644 --- a/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json +++ b/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json @@ -2,7 +2,7 @@ "subject_assignments": { "role": { "admin": ["root_role"], - "demo": ["dev"] + "demo": ["dev_role"] } }, "action_assignments": { diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 4f8074f7..6f9832e9 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -411,10 +411,13 @@ class TenantManager(manager.Manager): if 'id' not in tenant_dict: tenant_dict['id'] = None keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name']) - tenant_dict.update(keystone_tenant) + for att in keystone_tenant: + if keystone_tenant[att]: + tenant_dict[att] = keystone_tenant[att] # Sync users between intra_authz_extension and intra_admin_extension - if 'intra_admin_extension_id' in tenant_dict: - if 'intra_authz_extension_id' in tenant_dict: + self.moonlog_api.debug("add_tenant_dict {}".format(tenant_dict)) + if 'intra_admin_extension_id' in tenant_dict and tenant_dict['intra_admin_extension_id']: + if 'intra_authz_extension_id' in tenant_dict and tenant_dict['intra_authz_extension_id']: # authz_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_authz_extension_id']) # admin_subjects_dict = self.admin_api.get_subjects_dict(self.root_api.get_root_admin_id(), tenant_dict['intra_admin_extension_id']) # for _subject_id in authz_subjects_dict: @@ -1239,14 +1242,14 @@ class IntraExtensionManager(manager.Manager): def get_object_dict(self, user_id, intra_extension_id, object_id): objects_dict = self.driver.get_objects_dict(intra_extension_id) if object_id not in objects_dict: - raise ObjectUnknown("Unknown object name: {}".format(object_id)) + raise ObjectUnknown("Unknown object id: {}".format(object_id)) return objects_dict[object_id] @filter_input @enforce(("read", "write"), "objects") def del_object(self, user_id, intra_extension_id, object_id): if object_id not in self.driver.get_objects_dict(intra_extension_id): - raise ObjectUnknown("Unknown object name: {}".format(object_id)) + raise ObjectUnknown("Unknown object id: {}".format(object_id)) # Destroy assignments related to this category for object_category_id in self.driver.get_object_categories_dict(intra_extension_id): for _object_id in self.driver.get_objects_dict(intra_extension_id): @@ -1570,7 +1573,7 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "object_categories") def get_object_assignment_list(self, user_id, intra_extension_id, object_id, object_category_id): if object_id not in self.driver.get_objects_dict(intra_extension_id): - raise ObjectUnknown("Unknown object name: {}".format(object_id)) + raise ObjectUnknown("Unknown object id: {}".format(object_id)) if object_category_id not in self.driver.get_object_categories_dict(intra_extension_id): raise ObjectCategoryUnknown() return self.driver.get_object_assignment_list(intra_extension_id, object_id, object_category_id) @@ -1581,7 +1584,7 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "object_categories") def add_object_assignment_list(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id): if object_id not in self.driver.get_objects_dict(intra_extension_id): - raise ObjectUnknown("Unknown object name: {}".format(object_id)) + raise ObjectUnknown("Unknown object id: {}".format(object_id)) if object_category_id not in self.driver.get_object_categories_dict(intra_extension_id): raise ObjectCategoryUnknown() if object_scope_id not in self.driver.get_object_scopes_dict(intra_extension_id, object_category_id): @@ -1597,7 +1600,7 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "object_scopes") def del_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id): if object_id not in self.driver.get_objects_dict(intra_extension_id): - raise ObjectUnknown("Unknown object name: {}".format(object_id)) + raise ObjectUnknown("Unknown object id: {}".format(object_id)) if object_category_id not in self.driver.get_object_categories_dict(intra_extension_id): raise ObjectCategoryUnknown() if object_scope_id not in self.driver.get_object_scopes_dict(intra_extension_id, object_category_id): @@ -1820,7 +1823,9 @@ class IntraExtensionAuthzManager(IntraExtensionManager): tenants_dict = self.tenant_api.get_tenants_dict(self.root_api.get_root_admin_id()) if tenant_id not in tenants_dict: - raise TenantUnknown() + # raise TenantUnknown("Cannot authz because Tenant is unknown {}".format(tenant_id)) + LOG.warning("Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)) + return {'authz': True, 'comment': "Cannot authz because Tenant is not managed by Moon {}".format(tenant_id)} intra_extension_id = tenants_dict[tenant_id][genre] if not intra_extension_id: raise TenantNoIntraExtension() @@ -1831,7 +1836,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): subject_id = _subject_id break if not subject_id: - raise SubjectUnknown() + raise SubjectUnknown("Unknown subject id: {}".format(subject_k_id)) objects_dict = self.driver.get_objects_dict(intra_extension_id) object_id = None for _object_id in objects_dict: @@ -1839,7 +1844,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): object_id = _object_id break if not object_id: - raise ObjectUnknown("Unknown object name: {}".format(object_id)) + raise ObjectUnknown("Unknown object name: {}".format(object_name)) actions_dict = self.driver.get_actions_dict(intra_extension_id) action_id = None @@ -1848,7 +1853,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): action_id = _action_id break if not action_id: - raise ActionUnknown() + raise ActionUnknown("Unknown action name: {}".format(action_name)) return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id) def add_subject_dict(self, user_id, intra_extension_id, subject_dict): diff --git a/keystonemiddleware-moon/keystonemiddleware/authz.py b/keystonemiddleware-moon/keystonemiddleware/authz.py index 8dbb60e9..f5f19079 100644 --- a/keystonemiddleware-moon/keystonemiddleware/authz.py +++ b/keystonemiddleware-moon/keystonemiddleware/authz.py @@ -39,24 +39,25 @@ _OPTS = [ _AUTHZ_GROUP = 'keystone_authz' CONF = cfg.CONF CONF.register_opts(_OPTS, group=_AUTHZ_GROUP) +CONF.debug = True # auth.register_conf_options(CONF, _AUTHZ_GROUP) # from http://developer.openstack.org/api-ref-objectstorage-v1.html SWIFT_API = ( - ("^/v1/(?P<account>[\w-]+)$", "GET", "get_account_details"), - ("^/v1/(?P<account>[\w-]+)$", "POST", "modify_account"), - ("^/v1/(?P<account>[\w-]+)$", "HEAD", "get_account"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "GET", "get_container"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "PUT", "create_container"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "POST", "update_container_metadata"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "DELETE", "delete_container"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)$", "HEAD", "get_container_metadata"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "GET", "get_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "PUT", "create_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "COPY", "copy_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "POST", "update_object_metadata"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "DELETE", "delete_object"), - ("^/v1/(?P<account>[\w-]+)/(?P<container>[\w-]+)/(?P<object>[\w-]+)$", "HEAD", "get_object_metadata"), + ("^/v1/(?P<account>[\w_-]+)$", "GET", "get_account_details"), + ("^/v1/(?P<account>[\w_-]+)$", "POST", "modify_account"), + ("^/v1/(?P<account>[\w_-]+)$", "HEAD", "get_account"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "GET", "get_container"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "PUT", "create_container"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "POST", "update_container_metadata"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "DELETE", "delete_container"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)$", "HEAD", "get_container_metadata"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "GET", "get_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "PUT", "create_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "COPY", "copy_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "POST", "update_object_metadata"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "DELETE", "delete_object"), + ("^/v1/(?P<account>[\w_-]+)/(?P<container>[\w-]+)/(?P<object>.+)$", "HEAD", "get_object_metadata"), ) @@ -269,6 +270,21 @@ class AuthZProtocol(object): for api in SWIFT_API: if re.match(api[0], path) and method == api[1]: action = api[2] + length = int(env.get('CONTENT_LENGTH', '0')) + # TODO (dthom): compute for Nova, Cinder, Neutron, ... + _action = "" + if length > 0: + try: + sub_action_object = env['wsgi.input'].read(length) + self.input = sub_action_object + _action = json.loads(sub_action_object).keys()[0] + body = StringIO(sub_action_object) + env['wsgi.input'] = body + self._LOG.debug("wsgi.input={}".format(_action)) + except ValueError: + self._LOG.error("Error in decoding sub-action") + except Exception as e: + self._LOG.error(str(e)) return action @staticmethod @@ -293,7 +309,7 @@ class AuthZProtocol(object): return elif component == "swift": # remove the "/v1/" part of the URL - return env.get("PATH_INFO").split("/", 2)[-1].replace("/", "-") + return env.get("PATH_INFO").split("/", 2)[-1].replace("/", "-").replace(".", "-") return "unknown" def __call__(self, env, start_response): @@ -306,25 +322,38 @@ class AuthZProtocol(object): # return self._app(env, start_response) subject_id = env.get("HTTP_X_USER_ID") + if not subject_id: + self._LOG.warning("No subject_id found for {}".format(env.get("PATH_INFO"))) + return self._app(env, start_response) tenant_id = env.get("HTTP_X_TENANT_ID") + if not tenant_id: + self._LOG.warning("No tenant_id found for {}".format(env.get("PATH_INFO"))) + return self._app(env, start_response) component = self._find_openstack_component(env) action_id = self._get_action(env, component) + self._LOG.debug("\033[1m\033[31mrequest={}\033[m".format(env["PATH_INFO"])) if action_id: object_id = self._get_object(env, component) if not object_id: object_id = "servers" + self._LOG.debug("object_id={}".format(object_id)) self.__set_token() resp = self._get_authz_from_moon(self.x_subject_token, tenant_id, subject_id, object_id, action_id) self.__unset_token() if resp.status_code == 200: answer = json.loads(resp.content) + self._LOG.debug("action_id={}/{}".format(component, action_id)) self._LOG.debug(answer) if "authz" in answer and answer["authz"]: return self._app(env, start_response) + self._LOG.error("You are not authorized to do that! ({})".format(unicode(answer["comment"]))) raise exception.Unauthorized(message="You are not authorized to do that! ({})".format(unicode(answer["comment"]))) - self._LOG.debug("No action_id found for {}".format(env.get("PATH_INFO"))) - # If action is not found, we can't raise an exception because a lots of action is missing - # in function self._get_action, it is not possible to get them all. + else: + self._LOG.error("Unable to request Moon ({}: {})".format(resp.status_code, resp.reason)) + else: + self._LOG.debug("No action_id found for {}".format(env.get("PATH_INFO"))) + # If action is not found, we can't raise an exception because a lots of action is missing + # in function self._get_action, it is not possible to get them all. return self._app(env, start_response) # raise exception.Unauthorized(message="You are not authorized to do that!") diff --git a/moonclient/moonclient/metarules.py b/moonclient/moonclient/metarules.py index 9677c5f6..a980cd85 100644 --- a/moonclient/moonclient/metarules.py +++ b/moonclient/moonclient/metarules.py @@ -84,8 +84,8 @@ class AggregationAlgorithmSet(Command): authtoken=True) algorithm = self.__get_aggregation_algorithm_from_id(data['content']) return ( - ("id", "name", "description"), - ((data['content'], algorithm["name"], algorithm["description"]), ) + ("id",), + (algorithm,) ) diff --git a/moonclient/moonclient/shell.py b/moonclient/moonclient/shell.py index 60a5355f..49422a45 100644 --- a/moonclient/moonclient/shell.py +++ b/moonclient/moonclient/shell.py @@ -78,6 +78,18 @@ class MoonClient(App): self.host = creds["auth_url"].replace("https://", "").replace("http://", "").split("/")[0].split(":")[0] self.port = creds["auth_url"].replace("https://", "").replace("http://", "").split("/")[0].split(":")[1] self._tenant_name = creds["tenant_name"] + self.parser.add_argument( + '--username', + metavar='<username-str>', + help='Force OpenStack username', + default=None + ) + self.parser.add_argument( + '--tenant', + metavar='<tenantname-str>', + help='Force OpenStack tenant', + default=None + ) @property def tenant_id(self): @@ -142,9 +154,33 @@ class MoonClient(App): except ValueError: return {"content": content} + def auth_keystone(self, username=None, password=None, host=None, port=None): + """Send a new authentication request to Keystone + + :param username: user identification name + :return: + """ + if username: + self.post["auth"]["identity"]["password"]["user"]["name"] = username + if password: + self.post["auth"]["identity"]["password"]["user"]["password"] = password + if host: + self.host = host + if port: + self.port = port + data = self.get_url("/v3/auth/tokens", post_data=self.post) + if "token" not in data: + raise Exception("Authentication problem ({})".format(data)) + def initialize_app(self, argv): self.log.debug('initialize_app: {}'.format(argv)) - # TODO: get credentials from OS env + if self.options.username: + self.post["auth"]["identity"]["password"]["user"]["name"] = self.options.username + self.log.debug("change username {}".format(self.options.username)) + if self.options.tenant: + self.post["auth"]["scope"]["project"]["name"] = self.options.tenant + self._tenant_name = self.options.tenant + self.log.debug("change tenant {}".format(self.options.tenant)) data = self.get_url("/v3/auth/tokens", post_data=self.post) if "token" not in data: raise Exception("Authentication problem ({})".format(data)) diff --git a/moonclient/moonclient/tenants.py b/moonclient/moonclient/tenants.py index c1f99af6..b2e0aafa 100644 --- a/moonclient/moonclient/tenants.py +++ b/moonclient/moonclient/tenants.py @@ -123,6 +123,7 @@ class TenantSet(Command): log = logging.getLogger(__name__) + # TODO: could use a PATCH method also def get_parser(self, prog_name): parser = super(TenantSet, self).get_parser(prog_name) parser.add_argument( diff --git a/moonclient/moonclient/tests.py b/moonclient/moonclient/tests.py index 5badf4bc..ea722955 100644 --- a/moonclient/moonclient/tests.py +++ b/moonclient/moonclient/tests.py @@ -12,6 +12,7 @@ from cliff.command import Command from uuid import uuid4 import os import time +import subprocess class TestsLaunch(Lister): @@ -19,7 +20,8 @@ class TestsLaunch(Lister): log = logging.getLogger(__name__) result_vars = dict() - logfile = open("/tmp/moonclient_test_{}.log".format(time.strftime("%Y%m%d-%H%M%S")), "w") + logfile_name = "/tmp/moonclient_test_{}.log".format(time.strftime("%Y%m%d-%H%M%S")) + logfile = open(logfile_name, "w") def get_parser(self, prog_name): parser = super(TestsLaunch, self).get_parser(prog_name) @@ -31,9 +33,12 @@ class TestsLaunch(Lister): return parser def __replace_var_in_str(self, data_str): + self.log.debug("__replace_var_in_str " + data_str) for exp in re.findall("\$\w+", data_str): + self.log.debug("--->" + exp + str(self.result_vars)) if exp.replace("$", "") in self.result_vars: data_str = re.sub(exp.replace("$", "\$") + "(?!\w)", self.result_vars[exp.replace("$", "")], data_str) + self.log.debug("__replace_var_in_str " + data_str) return data_str def __compare_results(self, expected, observed): @@ -44,7 +49,7 @@ class TestsLaunch(Lister): return False def take_action(self, parsed_args): - self.log.info("Write tests output to {}".format(self.logfile)) + self.log.info("Write tests output to {}".format(self.logfile_name)) stdout_back = self.app.stdout if not parsed_args.testfile: self.log.error("You don't give a test filename.") @@ -56,37 +61,115 @@ class TestsLaunch(Lister): global_command_options = tests_dict["command_options"] data = list() for group_name, tests_list in tests_dict["tests_group"].iteritems(): + overall_result = True self.log.info("\n\033[1mgroup {}\033[0m".format(group_name)) self.logfile.write("{}:\n\n".format(group_name)) + test_count = len(tests_list) for test in tests_list: + result_str = "" + error_str = "" + if "auth_name" in test or "auth_password" in test or "auth_url" in test: + username = None + password = None + host = None + port = None + description = "" + if "auth_name" in test: + username = test["auth_name"] + if "auth_password" in test: + password = test["auth_password"] + if "auth_host" in test: + host = test["auth_host"] + if "auth_port" in test: + port = test["auth_port"] + if "description" in test: + description = test["description"] + self.app.auth_keystone(username, password, host, port) + title = "Change auth to " + if username: + title += username + if host: + title += "@" + host + if port: + title += ":" + port + title += "\n" + self.logfile.write(title) + self.log.info(title) + data_tmp = list() + data_tmp.append("") + data_tmp.append(title.strip()) + data_tmp.append("\033[32mOK\033[m") + data_tmp.append(description.strip()) + data.append(data_tmp) + continue data_tmp = list() tmp_filename = os.path.join("/tmp", uuid4().hex) tmp_filename_fd = open(tmp_filename, "w") self.log.debug("test={}".format(test)) - if "command_options" in test: - command = test["command"] + " " + test["command_options"] - else: - command = test["command"] + " " + global_command_options - command = self.__replace_var_in_str(command) - self.logfile.write("-----> {}\n".format(command)) - self.log.info(" \\-executing {}".format(command)) - self.app.stdout = tmp_filename_fd - result_id = self.app.run_subcommand(shlex.split(command)) - tmp_filename_fd.close() - self.app.stdout = stdout_back - result_str = open(tmp_filename, "r").read() - self.logfile.write("{}".format(result_str)) + if "command" not in test: + if "external_command" in test: + ext_command = test["external_command"] + else: + ext_command = test["shell_command"] + ext_command = self.__replace_var_in_str(ext_command) + self.logfile.write("-----> {}\n".format(ext_command)) + self.log.info(" \\-executing external \"{}\"".format(ext_command)) + if "external_command" in test: + pipe = subprocess.Popen(shlex.split(ext_command), stdout=subprocess.PIPE, stderr=subprocess.PIPE) + else: + # Note (asteroide): security hazard! Must reduce the possible commands here. + pipe = subprocess.Popen(ext_command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + com = pipe.communicate() + result_str = com[0] + error_str = com[1] + self.logfile.write("stdout: {}\n".format(result_str)) + self.logfile.write("stderr: {}\n".format(error_str)) + if "command" in test: + if "command_options" in test: + command = test["command"] + " " + test["command_options"] + else: + command = test["command"] + " " + global_command_options + command = self.__replace_var_in_str(command) + self.logfile.write("-----> {}\n".format(command)) + self.log.info(" \\-executing {}".format(command)) + self.app.stdout = tmp_filename_fd + result_id = self.app.run_subcommand(shlex.split(command)) + tmp_filename_fd.close() + self.app.stdout = stdout_back + result_str = open(tmp_filename, "r").read() + self.logfile.write("{}".format(result_str)) data_tmp.append(group_name) data_tmp.append(test["name"]) compare = self.__compare_results(self.__replace_var_in_str(test["result"]), result_str) self.logfile.write("----->{} ({})\n\n".format(compare, self.__replace_var_in_str(test["result"]))) - if compare: - compare = "\033[32mTrue\033[m" + if error_str: + if compare: + compare = "\033[33mTrue\033[m" + overall_result = overall_result and True + else: + compare = "\033[1m\033[31mFalse\033[m" + overall_result = overall_result and False else: - compare = "\033[1m\033[31mFalse\033[m" + overall_result = overall_result and compare + if compare: + if overall_result: + compare = "\033[32mTrue\033[m" + else: + compare = "\033[mTrue\033[m" + else: + compare = "\033[1m\033[31mFalse\033[m" data_tmp.append(compare) data_tmp.append(test["description"]) data.append(data_tmp) + data_tmp = list() + data_tmp.append("\033[1m" + group_name + "\033[m") + data_tmp.append("\033[1mOverall results ({})\033[m".format(test_count)) + if overall_result: + data_tmp.append("\033[1m\033[32mTrue\033[m") + else: + data_tmp.append("\033[1m\033[31mFalse\033[m") + data_tmp.append(self.logfile_name) + data.append(data_tmp) return ( ("group_name", "test_name", "result", "description"), diff --git a/moonclient/moonclient/tests/functional_tests.sh b/moonclient/moonclient/tests/functional_tests.sh index 789b9161..505980cc 100644 --- a/moonclient/moonclient/tests/functional_tests.sh +++ b/moonclient/moonclient/tests/functional_tests.sh @@ -23,7 +23,7 @@ function test_cmd { } test_cmd "intraextension list" -test_cmd "intraextension create --policy_model policy_rbac func_test" +test_cmd "intraextension add --policy_model policy_rbac func_test" uuid=$(cat /tmp/_ | cut -d " " -f 3) test_cmd "intraextension tenant set $uuid $OS_TENANT_NAME" test_cmd "intraextension show $uuid" diff --git a/moonclient/moonclient/tests/tests_action_assignments.json b/moonclient/moonclient/tests/tests_action_assignments.json index 27027fae..dc9cb27e 100644 --- a/moonclient/moonclient/tests/tests_action_assignments.json +++ b/moonclient/moonclient/tests/tests_action_assignments.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -183,7 +183,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -196,7 +196,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_action_categories.json b/moonclient/moonclient/tests/tests_action_categories.json index dfd4be62..bf6a72ca 100644 --- a/moonclient/moonclient/tests/tests_action_categories.json +++ b/moonclient/moonclient/tests/tests_action_categories.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -118,7 +118,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -131,7 +131,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_action_scopes.json b/moonclient/moonclient/tests/tests_action_scopes.json index 5cba922b..437c8e6f 100644 --- a/moonclient/moonclient/tests/tests_action_scopes.json +++ b/moonclient/moonclient/tests/tests_action_scopes.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -127,7 +127,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -140,7 +140,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_actions.json b/moonclient/moonclient/tests/tests_actions.json index 17fd886f..f565ccad 100644 --- a/moonclient/moonclient/tests/tests_actions.json +++ b/moonclient/moonclient/tests/tests_actions.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -118,7 +118,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -131,7 +131,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_change_auth.json b/moonclient/moonclient/tests/tests_change_auth.json new file mode 100644 index 00000000..38d1d134 --- /dev/null +++ b/moonclient/moonclient/tests/tests_change_auth.json @@ -0,0 +1,32 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + + { + "auth_name": "demo", + "description": "Change user to demo" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "^$", + "description": "Check if user demo cannot read the list of all tenants." + }, + + { + "auth_name": "admin", + "description": "Change user to admin" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "admin", + "description": "Check if user admin can read the list of all tenants." + } + + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_configuration.json b/moonclient/moonclient/tests/tests_configuration.json index c470cc1c..83b9fd64 100644 --- a/moonclient/moonclient/tests/tests_configuration.json +++ b/moonclient/moonclient/tests/tests_configuration.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -115,7 +115,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -128,7 +128,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_empty_policy_nova.json b/moonclient/moonclient/tests/tests_empty_policy_nova.json new file mode 100644 index 00000000..1320ecc9 --- /dev/null +++ b/moonclient/moonclient/tests/tests_empty_policy_nova.json @@ -0,0 +1,1013 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "nova image-list", + "external_command": "nova image-list", + "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros-0.3.4-x86_64-uec", + "description": "Get an Image ID" + }, + { + "name": "nova boot new server", + "external_command": "nova boot --flavor m1.micro --image $uuid_image test_moonclient", + "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros-0.3.4-x86_64-uec", + "description": "Get an Image ID" + }, + { + "name": "sleep", + "external_command": "sleep 5", + "result": "", + "description": "time for server to really boot" + }, + { + "name": "nova get new server", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Get the ID of the new server" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!demo)", + "description": "Check if tenant demo is used." + }, + { + "name": "add tenant demo", + "command": "tenant add demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+demo", + "description": "Check that tenant demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension add --policy_model policy_empty_authz empty_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject", + "command": "subject add admin --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", + "description": "Check that admin subject was added." + }, + { + "name": "add_subject", + "command": "subject add demo --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", + "description": "Check that demo subject was added." + }, + { + "name": "add_object", + "command": "object add servers", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_servers>\\w+)\\s+servers", + "description": "Check that servers subject was added." + }, + { + "name": "add_action", + "command": "action add pause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_pause>\\w+)\\s+pause", + "description": "Check that pause action was added." + }, + { + "name": "add_action", + "command": "action add unpause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", + "description": "Check that unpause action was added." + }, + { + "name": "add_action", + "command": "action add list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_list>\\w+)\\s+list", + "description": "Check that list action was added." + }, + { + "name": "add_action", + "command": "action add start", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_start>\\w+)\\s+start", + "description": "Check that start action was added." + }, + { + "name": "add_action", + "command": "action add stop", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_stop>\\w+)\\s+stop", + "description": "Check that stop action was added." + }, + { + "name": "add_action", + "command": "action add create", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_create>\\w+)\\s+create", + "description": "Check that create action was added." + }, + { + "name": "add_action", + "command": "action add upload", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_upload>\\w+)\\s+upload", + "description": "Check that upload action was added." + }, + { + "name": "add_action", + "command": "action add download", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_download>\\w+)\\s+download", + "description": "Check that download action was added." + }, + { + "name": "add_action", + "command": "action add post", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_post>\\w+)\\s+post", + "description": "Check that post action was added." + }, + { + "name": "add_action", + "command": "action add storage_list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", + "description": "Check that storage_list action was added." + }, + + { + "name": "add_subject_category", + "command": "subject category add subject_security_level", + "result": "", + "description": "Add the new subject category subject_security_level", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category>\\w+)\\s+subject_security_level", + "description": "Check that subject_security_level subject_category was added." + }, + { + "name": "add_object_category", + "command": "object category add object_security_level", + "result": "", + "description": "Add the new object category object_security_level", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category>\\w+)\\s+object_security_level", + "description": "Check that object_security_level object_category was added." + }, + { + "name": "add_action_category", + "command": "action category add resource_action", + "result": "", + "description": "Add the new action category resource_action", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "action category list", + "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", + "description": "Check that resource_action action_category was added." + }, + + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", + "result": "$uuid_subject_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", + "result": "$uuid_subject_scope_medium medium", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_servers $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_pause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_unpause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_start $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_stop $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_access vm_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_create $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_storage_list $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_download $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_upload $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_post $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check_submetarules", + "command": "submetarule show", + "result": "(?P<submetarule_uuid>\\w+)", + "description": "Get one submetarule ID", + "command_options": "-c id -f value" + }, + { + "name": "set_submetarule", + "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", + "result": "^$", + "description": "Set a new submetarule", + "command_options": "" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*subject_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"subject categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*object_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"object categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*resource_action", + "description": "Check the new submetarule", + "command_options": "-c id -c \"action categories\" -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm list", + "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", + "description": "Get aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set aggregation algorithm", + "command": "aggregation algorithm set $uuid_aggregation", + "result": "", + "description": "Set aggregation algorithm to one_true.", + "command_options": "" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm show", + "result": "$uuid_aggregation\\s+one_true", + "description": "Check aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "get submetarule algorithm", + "command": "submetarule algorithm list", + "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", + "description": "Get submetarule algorithm named inclusion.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set submetarule algorithm", + "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", + "result": "", + "description": "Set submetarule algorithm to inclusion.", + "command_options": "" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "(?!test_moonclient)", + "description": "Check that we cannot list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be impossible due to the current rules" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + + { + "name": "add_object", + "command": "object add $uuid_server", + "result": "", + "description": "Add the new nova server", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_nova_server>\\w+)\\s+$uuid_server", + "description": "Check that the new nova server was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to nova server", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_nova_server $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can now list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be possible now" + }, + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused", + "description": "Check that we can still list nova servers due to the current rules" + }, + { + "name": "reactivate nova instance", + "external_command": "nova unpause $uuid_server", + "result": "^$", + "description": "Unpausing the server for next tests" + }, + + { + "name": "del_assignment", + "command": "object assignment delete $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Delete the assignment 'low' to nova server", + "command_options": "" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_high", + "result": "^$", + "description": "Set the assignment 'high' to nova server", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_nova_server $uuid_object_category", + "result": "$uuid_object_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can now list nova servers due to the current rules" + }, + { + "name": "try to pause nova instance", + "external_command": "nova pause $uuid_server", + "result": "^$", + "description": "Pausing the server must be not possible now" + }, + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that we can still list nova servers due to the current rules" + }, + + + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant demo", + "command_options": "" + }, + { + "name": "nova delete new server", + "external_command": "nova delete $uuid_server", + "result": "", + "description": "Delete the new server" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_empty_policy_swift.json b/moonclient/moonclient/tests/tests_empty_policy_swift.json new file mode 100644 index 00000000..e31e66c7 --- /dev/null +++ b/moonclient/moonclient/tests/tests_empty_policy_swift.json @@ -0,0 +1,1168 @@ +{ + "command_options": "-f value", + "tests_group": { + "authz": [ + { + "name": "swift list", + "external_command": "swift list", + "result": "(?!moonclient_test)", + "description": "Check Swift command" + }, + { + "name": "add swift container", + "external_command": "swift post moonclient_test", + "result": "", + "description": "Add a new container" + }, + { + "name": "swift list", + "external_command": "swift list", + "result": "moonclient_test", + "description": "Check the added container" + }, + { + "name": "get accound ID", + "external_command": "swift stat", + "result": "Account: (?P<uuid_account>[\\w_]+)", + "description": "Check the added container" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!demo)", + "description": "Check if tenant demo is used." + }, + { + "name": "add tenant demo", + "command": "tenant add demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+demo", + "description": "Check that tenant demo has been correctly added" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension add --policy_model policy_empty_authz empty_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + { + "name": "select_authz_ie", + "command": "intraextension select $uuid_authz", + "result": "Select $uuid_authz IntraExtension.", + "description": "Select the authz IntraExtension", + "command_options": "" + }, + { + "name": "check_select_authz_ie", + "command": "intraextension show selected", + "result": "$uuid_authz", + "description": "Check the selected authz IntraExtension", + "command_options": "-c id -f value" + }, + { + "name": "add_subject", + "command": "subject add admin --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", + "description": "Check that admin subject was added." + }, + { + "name": "add_subject", + "command": "subject add demo --password nomoresecrete", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_subject", + "command": "subject list", + "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", + "description": "Check that demo subject was added." + }, + { + "name": "add_object", + "command": "object add servers", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_servers>\\w+)\\s+servers", + "description": "Check that servers subject was added." + }, + { + "name": "add_action", + "command": "action add pause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_pause>\\w+)\\s+pause", + "description": "Check that pause action was added." + }, + { + "name": "add_action", + "command": "action add unpause", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", + "description": "Check that unpause action was added." + }, + { + "name": "add_action", + "command": "action add list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_list>\\w+)\\s+list", + "description": "Check that list action was added." + }, + { + "name": "add_action", + "command": "action add start", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_start>\\w+)\\s+start", + "description": "Check that start action was added." + }, + { + "name": "add_action", + "command": "action add stop", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_stop>\\w+)\\s+stop", + "description": "Check that stop action was added." + }, + { + "name": "add_action", + "command": "action add create", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_create>\\w+)\\s+create", + "description": "Check that create action was added." + }, + { + "name": "add_action", + "command": "action add upload", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_upload>\\w+)\\s+upload", + "description": "Check that upload action was added." + }, + { + "name": "add_action", + "command": "action add download", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_download>\\w+)\\s+download", + "description": "Check that download action was added." + }, + { + "name": "add_action", + "command": "action add post", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_post>\\w+)\\s+post", + "description": "Check that post action was added." + }, + { + "name": "add_action", + "command": "action add storage_list", + "result": "", + "description": "", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", + "description": "Check that storage_list action was added." + }, + + { + "name": "add_subject_category", + "command": "subject category add subject_security_level", + "result": "", + "description": "Add the new subject category subject_security_level", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "subject category list", + "result": "(?P<uuid_subject_category>\\w+)\\s+subject_security_level", + "description": "Check that subject_security_level subject_category was added." + }, + { + "name": "add_object_category", + "command": "object category add object_security_level", + "result": "", + "description": "Add the new object category object_security_level", + "command_options": "" + }, + { + "name": "list_object_category", + "command": "object category list", + "result": "(?P<uuid_object_category>\\w+)\\s+object_security_level", + "description": "Check that object_security_level object_category was added." + }, + { + "name": "add_action_category", + "command": "action category add resource_action", + "result": "", + "description": "Add the new action category resource_action", + "command_options": "" + }, + { + "name": "list_subject_category", + "command": "action category list", + "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", + "description": "Check that resource_action action_category was added." + }, + + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "subject scope add $uuid_subject_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to subject category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "subject scope list $uuid_subject_category", + "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category high --description \"high\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category medium --description \"medium\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "object scope add $uuid_object_category low --description \"low\"", + "result": "^$", + "description": "Add one scope to object category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "object scope list $uuid_object_category", + "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + { + "name": "add_scope", + "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", + "result": "^$", + "description": "Add one scope to action category role", + "command_options": "" + }, + { + "name": "check_added_scope", + "command": "action scope list $uuid_action_category", + "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", + "description": "Check added scope.", + "command_options": "-c id -c name -c description -f value" + }, + + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", + "result": "$uuid_subject_scope_high high", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", + "result": "$uuid_subject_scope_medium medium", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_servers $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_pause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_unpause $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_start $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_stop $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_list $uuid_action_category", + "result": "$uuid_action_scope_vm_access vm_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_create $uuid_action_category", + "result": "$uuid_action_scope_vm_admin vm_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_storage_list $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_download $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_upload $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Add a new assignment", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_post $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "check_submetarules", + "command": "submetarule show", + "result": "(?P<submetarule_uuid>\\w+)", + "description": "Get one submetarule ID", + "command_options": "-c id -f value" + }, + { + "name": "set_submetarule", + "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", + "result": "^$", + "description": "Set a new submetarule", + "command_options": "" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*subject_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"subject categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*object_security_level", + "description": "Check the new submetarule", + "command_options": "-c id -c \"object categories\" -f value" + }, + { + "name": "check_submetarule", + "command": "submetarule show", + "result": "$submetarule_uuid \\s*resource_action", + "description": "Check the new submetarule", + "command_options": "-c id -c \"action categories\" -f value" + }, + + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"high,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "add_a_new_rule", + "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", + "result": "^$", + "description": "Add a new rule.", + "command_options": "" + }, + { + "name": "check_added_rule", + "command": "rule list $submetarule_uuid", + "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", + "description": "Check that the rule was correctly added.", + "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm list", + "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", + "description": "Get aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set aggregation algorithm", + "command": "aggregation algorithm set $uuid_aggregation", + "result": "", + "description": "Set aggregation algorithm to one_true.", + "command_options": "" + }, + { + "name": "get aggregation algorithm", + "command": "aggregation algorithm show", + "result": "$uuid_aggregation\\s+one_true", + "description": "Check aggregation algorithm.", + "command_options": "-c id -c name -f value" + }, + { + "name": "get submetarule algorithm", + "command": "submetarule algorithm list", + "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", + "description": "Get submetarule algorithm named inclusion.", + "command_options": "-c id -c name -f value" + }, + { + "name": "set submetarule algorithm", + "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", + "result": "", + "description": "Set submetarule algorithm to inclusion.", + "command_options": "" + }, + + { + "name": "swift list", + "external_command": "swift list", + "result": "(?!moonclient_test)", + "description": "Check Swift command, it must be impossible due to current rules" + }, + + { + "name": "list tenant", + "command": "tenant list", + "result": "demo", + "description": "Check if tenant demo is used." + }, + + { + "name": "add_object", + "command": "object add $uuid_account", + "result": "", + "description": "Add the new swift account", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_swift_account>\\w+)\\s+$uuid_account", + "description": "Check that the new swift account was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_swift_account $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to swift account", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_swift_account $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add get_account_details --description 'Swift action'", + "result": "", + "description": "Add the action get_account_details", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_get_account_details>\\w+)\\s+get_account_details", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_get_account_details $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_get_account_details $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + + { + "name": "swift list", + "external_command": "swift list", + "result": "moonclient_test", + "description": "Check Swift command, it must be now possible due to current rules" + }, + { + "name": "create temp file", + "external_command": "touch /tmp/test.txt", + "result": "", + "description": "Create a temporary file to put in swift." + }, + { + "name": "swift post file", + "external_command": "swift upload moonclient_test /tmp/test.txt", + "result": "", + "description": "Try to put the test file in the container, impossible due to the absence of the object" + }, + { + "name": "swift list", + "external_command": "swift list moonclient_test", + "result": "(?!tmp/test.txt)", + "description": "Check that test file has not been uploaded." + }, + { + "name": "add_object", + "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", + "result": "", + "description": "Add the new swift container", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_swift_container>\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", + "description": "Check that the new swift container was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_swift_container $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to swift container", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_swift_container $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_object", + "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", + "result": "", + "description": "Add the new swift object", + "command_options": "" + }, + { + "name": "list_object", + "command": "object list", + "result": "(?P<uuid_object_swift_object>\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", + "description": "Check that the new swift object was added." + }, + { + "name": "add_assignment", + "command": "object assignment add $uuid_object_swift_object $uuid_object_category $uuid_object_scope_low", + "result": "^$", + "description": "Set the assignment 'low' to swift object", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "object assignment list $uuid_object_swift_object $uuid_object_category", + "result": "$uuid_object_scope_low low", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add get_container --description 'Swift action'", + "result": "", + "description": "Add the action get_container", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_get_container>\\w+)\\s+get_container", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_get_container $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_get_container $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add get_object_metadata --description 'Swift action'", + "result": "", + "description": "Add the action get_object_metadata", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_get_object_metadata>\\w+)\\s+get_object_metadata", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_get_object_metadata $uuid_action_category $uuid_action_scope_storage_access", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_get_object_metadata $uuid_action_category", + "result": "$uuid_action_scope_storage_access storage_access", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add create_object --description 'Swift action'", + "result": "", + "description": "Add the action create_object", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_create_object>\\w+)\\s+create_object", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_create_object $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_create_object $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "add_action", + "command": "action add create_container --description 'Swift action'", + "result": "", + "description": "Add the action create_container", + "command_options": "" + }, + { + "name": "list_action", + "command": "action list", + "result": "(?P<uuid_action_swift_create_container>\\w+)\\s+create_container", + "description": "Check that the new swift action was added." + }, + { + "name": "add_assignment", + "command": "action assignment add $uuid_action_swift_create_container $uuid_action_category $uuid_action_scope_storage_admin", + "result": "^$", + "description": "Set the assignment 'storage_access' to swift action", + "command_options": "" + }, + { + "name": "check_added_assignment", + "command": "action assignment list $uuid_action_swift_create_container $uuid_action_category", + "result": "$uuid_action_scope_storage_admin storage_admin", + "description": "Check added assignment.", + "command_options": "-c id -c name -f value" + }, + { + "name": "swift post file", + "external_command": "swift upload moonclient_test /tmp/test.txt", + "result": "", + "description": "Put the test file in the container" + }, + { + "name": "swift list", + "external_command": "swift list moonclient_test", + "result": "tmp/test.txt", + "description": "Check that test file has been uploaded." + }, + + + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant demo", + "command_options": "" + }, + { + "name": "swift delete new container", + "external_command": "swift delete moonclient_test", + "result": "", + "description": "Delete the new server" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_external_commands.json b/moonclient/moonclient/tests/tests_external_commands.json new file mode 100644 index 00000000..0aa6f704 --- /dev/null +++ b/moonclient/moonclient/tests/tests_external_commands.json @@ -0,0 +1,109 @@ +{ + "command_options": "-f value", + "tests_group": { + "main": [ + { + "name": "list tenant", + "command": "tenant list", + "result": "(?!demo)", + "description": "List all tenants (must be empty)" + }, + { + "name": "add tenant demo", + "command": "tenant add demo", + "result": "^$", + "description": "Add a new tenant", + "command_options": "" + }, + { + "name": "check tenant demo", + "command": "tenant list", + "result": "(?P<uuid>\\w+)\\s+demo", + "description": "Check that tenant demo has been correctly added" + }, + { + "name": "create_intraextension_admin", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", + "result": "IntraExtension created: (?P<uuid_admin>\\w+)", + "description": "Create an admin intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_admin", + "command": "intraextension list", + "result": "$uuid_admin", + "description": "Check the existence of that admin intra extension" + }, + { + "name": "create_intraextension_authz", + "command": "intraextension add --policy_model policy_authz authz_test", + "result": "IntraExtension created: (?P<uuid_authz>\\w+)", + "description": "Create an authz intra extension", + "command_options": "" + }, + { + "name": "list_intraextension_authz", + "command": "intraextension list", + "result": "$uuid_authz", + "description": "Check the existence of that authz intra extension" + }, + { + "name": "set_tenant_authz", + "command": "tenant set --authz $uuid_authz $uuid", + "result": "", + "description": "Connect the authz intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "check authz ie for tenant demo", + "command": "tenant list", + "result": "demo $uuid_authz", + "description": "Check that authz ie has been correctly added for tenant demo ", + "command_options": "-c name -c intra_authz_extension_id -f value" + }, + { + "name": "set_tenant_admin", + "command": "tenant set --admin $uuid_admin $uuid", + "result": "", + "description": "Connect the admin intra extension to the tenant demo", + "command_options": "" + }, + { + "name": "check admin ie for tenant demo", + "command": "tenant list", + "result": "demo $uuid_admin", + "description": "Check that admin ie has been correctly added for tenant demo ", + "command_options": "-c name -c intra_admin_extension_id -f value" + }, + + { + "name": "check nova command", + "external_command": "nova list", + "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| (?P<name_server>\\w+)\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", + "description": "Check that nova is running and get the ID of one running server" + }, + + { + "name": "delete_admin_intra_extension", + "command": "intraextension delete $uuid_admin", + "result": "", + "description": "Delete the admin intra extension", + "command_options": "" + }, + { + "name": "delete_authz_intra_extension", + "command": "intraextension delete $uuid_authz", + "result": "", + "description": "Delete the authz intra extension", + "command_options": "" + }, + { + "name": "delete_tenant", + "command": "tenant delete $uuid", + "result": "", + "description": "Delete the tenant demo", + "command_options": "" + } + ] + } +}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_assignments.json b/moonclient/moonclient/tests/tests_object_assignments.json index 450066a4..35fd34ab 100644 --- a/moonclient/moonclient/tests/tests_object_assignments.json +++ b/moonclient/moonclient/tests/tests_object_assignments.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -183,7 +183,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -196,7 +196,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_object_categories.json b/moonclient/moonclient/tests/tests_object_categories.json index cd7ad01a..a6464641 100644 --- a/moonclient/moonclient/tests/tests_object_categories.json +++ b/moonclient/moonclient/tests/tests_object_categories.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -118,7 +118,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -131,7 +131,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_object_scopes.json b/moonclient/moonclient/tests/tests_object_scopes.json index f298fa12..c9f832e5 100644 --- a/moonclient/moonclient/tests/tests_object_scopes.json +++ b/moonclient/moonclient/tests/tests_object_scopes.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -127,7 +127,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -140,7 +140,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_objects.json b/moonclient/moonclient/tests/tests_objects.json index cb4e766a..c3a70f4e 100644 --- a/moonclient/moonclient/tests/tests_objects.json +++ b/moonclient/moonclient/tests/tests_objects.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -118,7 +118,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -131,7 +131,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_rules.json b/moonclient/moonclient/tests/tests_rules.json index cfbedecb..5d3229b1 100644 --- a/moonclient/moonclient/tests/tests_rules.json +++ b/moonclient/moonclient/tests/tests_rules.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -190,7 +190,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -203,7 +203,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_subject_assignments.json b/moonclient/moonclient/tests/tests_subject_assignments.json index 3a9d93b5..7eb1e82c 100644 --- a/moonclient/moonclient/tests/tests_subject_assignments.json +++ b/moonclient/moonclient/tests/tests_subject_assignments.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -183,7 +183,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -196,7 +196,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_subject_categories.json b/moonclient/moonclient/tests/tests_subject_categories.json index 644d78b5..63bd349c 100644 --- a/moonclient/moonclient/tests/tests_subject_categories.json +++ b/moonclient/moonclient/tests/tests_subject_categories.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -118,7 +118,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -131,7 +131,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_subject_scopes.json b/moonclient/moonclient/tests/tests_subject_scopes.json index 7b16f42b..c6f7f309 100644 --- a/moonclient/moonclient/tests/tests_subject_scopes.json +++ b/moonclient/moonclient/tests/tests_subject_scopes.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -127,7 +127,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -140,7 +140,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_subjects.json b/moonclient/moonclient/tests/tests_subjects.json index 7453c6a7..7001e227 100644 --- a/moonclient/moonclient/tests/tests_subjects.json +++ b/moonclient/moonclient/tests/tests_subjects.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -118,7 +118,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -131,7 +131,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_submetarules.json b/moonclient/moonclient/tests/tests_submetarules.json index 64ca86ff..955f628d 100644 --- a/moonclient/moonclient/tests/tests_submetarules.json +++ b/moonclient/moonclient/tests/tests_submetarules.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -148,7 +148,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" @@ -161,7 +161,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" diff --git a/moonclient/moonclient/tests/tests_tenants.json b/moonclient/moonclient/tests/tests_tenants.json index 2f24a295..02b20754 100644 --- a/moonclient/moonclient/tests/tests_tenants.json +++ b/moonclient/moonclient/tests/tests_tenants.json @@ -23,7 +23,7 @@ }, { "name": "create_intraextension_admin", - "command": "intraextension create --policy_model policy_admin admin_test", + "command": "intraextension add --policy_model policy_rbac_admin admin_test", "result": "IntraExtension created: (?P<uuid_admin>\\w+)", "description": "Create an admin intra extension", "command_options": "" @@ -36,7 +36,7 @@ }, { "name": "create_intraextension_authz", - "command": "intraextension create --policy_model policy_authz authz_test", + "command": "intraextension add --policy_model policy_authz authz_test", "result": "IntraExtension created: (?P<uuid_authz>\\w+)", "description": "Create an authz intra extension", "command_options": "" diff --git a/moonclient/setup.py b/moonclient/setup.py index 44d89a9d..e048bf97 100644 --- a/moonclient/setup.py +++ b/moonclient/setup.py @@ -69,7 +69,7 @@ setup( 'tenant_delete = moonclient.tenants:TenantDelete', 'intraextension_select = moonclient.intraextension:IntraExtensionSelect', - 'intraextension_create = moonclient.intraextension:IntraExtensionCreate', + 'intraextension_add = moonclient.intraextension:IntraExtensionCreate', 'intraextension_list = moonclient.intraextension:IntraExtensionList', 'intraextension_delete = moonclient.intraextension:IntraExtensionDelete', 'intraextension_show = moonclient.intraextension:IntraExtensionShow', |
