diff options
| -rw-r--r-- | README.md | 76 | ||||
| -rw-r--r-- | python_moonutilities/python_moonutilities/exceptions.py | 16 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/conftest.py | 9 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/mock_cache.py | 321 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/mock_components.py | 27 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/mock_keystone.py | 23 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/mock_repo/__init__.py | 38 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/mock_repo/components_utilities.py (renamed from python_moonutilities/tests/unit_python/utilities.py) | 2 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/mock_repo/data.py | 215 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/mock_repo/urls.py | 147 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/test_cache.py | 189 | ||||
| -rw-r--r-- | python_moonutilities/tests/unit_python/test_configuration.py | 53 | ||||
| -rw-r--r-- | tests/performance/README.md | 121 | ||||
| -rw-r--r-- | tools/moon_kubernetes/README.md | 4 |
14 files changed, 751 insertions, 490 deletions
@@ -52,38 +52,8 @@ curl http://$MOON_HOST:30001 curl http://$MOON_HOST:30001/pdp curl http://$MOON_HOST:30001/policies ``` - -If you configured the authentication in the Moon platform: -```bash -curl -i \ - -H "Content-Type: application/json" \ - -d ' -{ "auth": { - "identity": { - "methods": ["password"], - "password": { - "user": { - "name": "admin", - "domain": { "id": "default" }, - "password": "<set_your_password_here>" - } - } - }, - "scope": { - "project": { - "name": "admin", - "domain": { "id": "default" } - } - } - } -}' \ - "http://moon_hostname:30006/v3/auth/tokens" ; echo - -curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001 -curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp -curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies -``` - + +### Consul Check Check the Consul service for - *Components/Manager*, e.g. ```json @@ -114,10 +84,44 @@ Check the Consul service for } ``` +### Tests Launch functional [test scenario](tests/functional/scenario_enabled) : ```bash -cd $MOON_HOME/tests/functional/scenario_enabled -docker run -ti -v $(pwd):/data wukongsun/moon_forming:latest /bin/bash -moon_populate_values --consul-host=$MOON_HOST --consul-port=30005 -v /data/rbac_large.py -moon_send_authz --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$MOON_HOST --authz-port=31002 -v /data/rbac_large.py +sudo pip install python_moonclient --upgrade +cd $MOON_HOME/tests/functional/scenario_tests +moon_populate_values --consul-host=$MOON_HOST --consul-port=30005 -v rbac_large.py +moon_send_authz --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$AUTHZ_HOST --authz-port=$AUTHZ_PORT -v rbac_large.py ``` + +## Annexe +### Authentication +If you configured the authentication in the Moon platform: +```bash +curl -i \ + -H "Content-Type: application/json" \ + -d ' +{ "auth": { + "identity": { + "methods": ["password"], + "password": { + "user": { + "name": "admin", + "domain": { "id": "default" }, + "password": "<set_your_password_here>" + } + } + }, + "scope": { + "project": { + "name": "admin", + "domain": { "id": "default" } + } + } + } +}' \ + "http://moon_hostname:30006/v3/auth/tokens" ; echo + +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001 +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies +```
\ No newline at end of file diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index 5bbab2be..dab398cf 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -14,7 +14,7 @@ class MoonErrorMetaClass(type): def __init__(cls, name, bases, dct): super(MoonErrorMetaClass, cls).__init__(name, bases, dct) - cls.hierarchy += "/"+str(name) + cls.hierarchy += "/" + str(name) class MoonError(HTTPException): @@ -109,6 +109,7 @@ class TenantNoIntraAuthzExtension(TenantNoIntraExtension): title = 'Tenant No Intra_Admin_Extension' logger = "ERROR" + # Exceptions for IntraExtension @@ -520,3 +521,16 @@ class ContainerMissing(DockerError): title = 'Container missing' logger = "ERROR" + +class PdpUnknown(MoonError): + description = _("The pdp is unknown.") + code = 400 + title = 'Pdp Unknown' + logger = "Error" + + +class PdpExisting(MoonError): + description = _("The pdp already exists.") + code = 409 + title = 'Pdp Error' + logger = "Error" diff --git a/python_moonutilities/tests/unit_python/conftest.py b/python_moonutilities/tests/unit_python/conftest.py index 7217586a..34e5c272 100644 --- a/python_moonutilities/tests/unit_python/conftest.py +++ b/python_moonutilities/tests/unit_python/conftest.py @@ -1,8 +1,6 @@ import pytest import requests_mock -import mock_components -import mock_keystone -import mock_cache +import mock_repo @pytest.fixture(autouse=True) @@ -10,8 +8,7 @@ def no_requests(monkeypatch): """ Modify the response from Requests module """ with requests_mock.Mocker(real_http=True) as m: - mock_components.register_components(m) - mock_keystone.register_keystone(m) - mock_cache.register_cache(m) + mock_repo.register_cache(m) + print("End registering URI") yield m
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_cache.py b/python_moonutilities/tests/unit_python/mock_cache.py deleted file mode 100644 index b2b287a9..00000000 --- a/python_moonutilities/tests/unit_python/mock_cache.py +++ /dev/null @@ -1,321 +0,0 @@ -from utilities import CONF - -pdp_mock = { - "pdp_id1": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - }, - "pdp_id12": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } -} - -meta_rules_mock = { - "meta_rule_id1": { - "name": "meta_rule1", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - "meta_rule_id2": { - "name": "name of the meta rules2", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } -} - -policies_mock = { - "policy_id_1": { - "name": "test_policy1", - "model_id": "model_id_1", - "genre": "authz", - "description": "test", - }, - "policy_id_2": { - "name": "test_policy2", - "model_id": "model_id_2", - "genre": "authz", - "description": "test", - } -} - -subject_mock = { - "policy_id_1": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - }, - "policy_id_2": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - } -} - -subject_assignment_mock = { - "subject_id": { - "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", - "assignments": [], - } -} - -object_mock = { - "policy_id_1": { - "object_id": { - "name": "object_name", - "description": "a description" - } - }, - "policy_id_2": { - "object_id": { - "name": "object_name", - "description": "a description" - } - } -} - -object_assignment_mock = { - "object_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the object", - "category_id": "ID of the category", - "assignments": [], - } -} - -action_mock = { - "policy_id_1": { - "action_id": { - "name": "action_name", - "description": "a description" - } - }, - "policy_id_2": { - "action_id": { - "name": "action_name", - "description": "a description" - } - } -} - -action_assignment_mock = { - "action_id": { - "policy_id": "ID of the policy", - "action_id": "ID of the action", - "category_id": "ID of the category", - "assignments": [], - } -} - -models_mock = { - "model_id_1": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id1"] - }, - "model_id_2": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id2"] - }, -} - -rules_mock = { - "rules": { - "meta_rule_id": "meta_rule_id1", - "rule_id1": { - "rule": ["subject_data_id1", - "object_data_id1", - "action_data_id1"], - "instructions": ( - {"decision": "grant"}, - # "grant" to immediately exit, - # "continue" to wait for the result of next policy - # "deny" to deny the request - ) - }, - "rule_id2": { - "rule": ["subject_data_id2", - "object_data_id2", - "action_data_id2"], - "instructions": ( - { - "update": { - "operation": "add", - # operations may be "add" or "delete" - "target": "rbac:role:admin" - # add the role admin to the current user - } - }, - {"chain": {"name": "rbac"}} - # chain with the policy named rbac - ) - } - } -} - - -def register_cache(m): - """ Modify the response from Requests module - """ - register_pdp(m) - register_meta_rules(m) - register_policies(m) - register_models(m) - register_policy_subject(m, "policy_id_1") - register_policy_subject(m, "policy_id_2") - register_policy_object(m, "policy_id_1") - register_policy_object(m, "policy_id_2") - register_policy_action(m, "policy_id_1") - register_policy_action(m, "policy_id_2") - register_policy_subject_assignment(m, "policy_id_1", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_1") - register_policy_subject_assignment(m, "policy_id_2", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_2") - register_policy_object_assignment(m, "policy_id_1", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_1") - register_policy_object_assignment(m, "policy_id_2", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_2") - register_policy_action_assignment(m, "policy_id_1", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_1") - register_policy_action_assignment(m, "policy_id_2", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_2") - register_rules(m, "policy_id1") - - -def register_pdp(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'pdp'), - json={'pdps': pdp_mock} - ) - - -def register_meta_rules(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'meta_rules'), - json={'meta_rules': meta_rules_mock} - ) - - -def register_policies(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies'), - json={'policies': policies_mock} - ) - - -def register_models(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'models'), - json={'models': models_mock} - ) - - -def register_policy_subject(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subjects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'subjects': subject_mock[policy_id]} - ) - - -def register_policy_object(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/objects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'objects': object_mock[policy_id]} - ) - - -def register_policy_action(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/actions'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'actions': action_mock[policy_id]} - ) - - -def register_policy_subject_assignment(m, policy_id, subj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - subj_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_subject_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_object_assignment(m, policy_id, obj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - obj_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_object_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_action_assignment(m, policy_id, action_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - action_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_policy_action_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_rules(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, 'rules'), - json={'rules': rules_mock} - )
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_components.py b/python_moonutilities/tests/unit_python/mock_components.py deleted file mode 100644 index a0319e1a..00000000 --- a/python_moonutilities/tests/unit_python/mock_components.py +++ /dev/null @@ -1,27 +0,0 @@ -import utilities - -COMPONENTS = ( - "logging", - "openstack/keystone", - "database", - "slave", - "components/manager", - "components/orchestrator", - "components/interface", -) - - -def register_components(m): - for component in COMPONENTS: - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/{}'.format(component), - json=[{'Key': component, 'Value': utilities.get_b64_conf(component)}] - ) - - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/components?recurse=true', - json=[ - {"Key": key, "Value": utilities.get_b64_conf(key)} for key in COMPONENTS - ], - # json={'Key': "components", 'Value': get_b64_conf("components")} - )
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_keystone.py b/python_moonutilities/tests/unit_python/mock_keystone.py deleted file mode 100644 index c0b26b88..00000000 --- a/python_moonutilities/tests/unit_python/mock_keystone.py +++ /dev/null @@ -1,23 +0,0 @@ -def register_keystone(m): - m.register_uri( - 'POST', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'DELETE', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users/', - json={"users": [{ - "id": "1111111111111" - }]} - )
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_repo/__init__.py b/python_moonutilities/tests/unit_python/mock_repo/__init__.py new file mode 100644 index 00000000..60dfbc3b --- /dev/null +++ b/python_moonutilities/tests/unit_python/mock_repo/__init__.py @@ -0,0 +1,38 @@ +import mock_repo.urls as register_urls +import mock_repo.data as data_mock + + +def register_cache(m): + """ Modify the response from Requests module + """ + register_urls.register_components(m) + register_urls.register_keystone(m) + + register_urls.register_pdp(m) + register_urls.register_meta_rules(m) + register_urls.register_policies(m) + register_urls.register_models(m) + + register_urls.register_policy_subject(m, data_mock.shared_ids["policy"]["policy_id_1"]) + register_urls.register_policy_subject_invalid_response(m, data_mock.shared_ids["policy"]["policy_id_invalid_response"]) + register_urls.register_policy_object(m, data_mock.shared_ids["policy"]["policy_id_1"]) + register_urls.register_policy_action(m, data_mock.shared_ids["policy"]["policy_id_1"]) + + register_urls.register_policy_subject_assignment(m, data_mock.shared_ids["policy"]["policy_id_1"], data_mock.shared_ids["perimeter"]["perimeter_id_1"]) + + register_urls.register_policy_subject_assignment_list(m, data_mock.shared_ids["policy"]["policy_id_2"]) + + register_urls.register_policy_object_assignment(m, data_mock.shared_ids["policy"]["policy_id_1"], data_mock.shared_ids["perimeter"]["perimeter_id_2"]) + + register_urls.register_policy_object_assignment_list(m, data_mock.shared_ids["policy"]["policy_id_2"]) + + register_urls.register_policy_action_assignment(m, data_mock.shared_ids["policy"]["policy_id_1"], data_mock.shared_ids["perimeter"]["perimeter_id_3"]) + + register_urls.register_policy_action_assignment_list(m, data_mock.shared_ids["policy"]["policy_id_2"]) + # register_urls.register_pods(m) + + # register_urls.register_policy_action_assignment(m, "policy_id_2", "perimeter_id_2") + # register_urls.register_policy_action_assignment(m, "policy_id_2", "perimeter_id_2") + # register_urls.register_policy_action_assignment(m, "policy_id_2", "perimeter_id_2") + + register_urls.register_rules(m, "policy_id1") diff --git a/python_moonutilities/tests/unit_python/utilities.py b/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py index 1d79d890..72956f3a 100644 --- a/python_moonutilities/tests/unit_python/utilities.py +++ b/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py @@ -55,7 +55,7 @@ CONF = { "logging": { "handlers": { "file": { - "filename": "/tmp/moon.log", + "filename": "C:/moon.log", "class": "logging.handlers.RotatingFileHandler", "level": "DEBUG", "formatter": "custom", diff --git a/python_moonutilities/tests/unit_python/mock_repo/data.py b/python_moonutilities/tests/unit_python/mock_repo/data.py new file mode 100644 index 00000000..736d4704 --- /dev/null +++ b/python_moonutilities/tests/unit_python/mock_repo/data.py @@ -0,0 +1,215 @@ +components = ( + "logging", + "openstack/keystone", + "database", + "slave", + "components/manager", + "components/orchestrator", + "components/interface", + "components/port_start" +) + +shared_ids = { + "policy": { + "policy_id_1": "policy_id_1", + "policy_id_2": "policy_id_2", + "policy_id_3": "policy_id_3", + "policy_id_invalid_response": "policy_id_invalid_response" + }, + "category": { + "category_id_1": "category_id_1", + "invalid_category_id_1": " invalid_category_id_1" + }, + "perimeter": { + "perimeter_id_1": "subject_id_1", + "perimeter_id_2": "object_id_1", + "perimeter_id_3": "action_id_1" + }, + "meta_rule": { + "meta_rule_id_1": "meta_rule_id_1", + "meta_rule_id_2": "meta_rule_id_2" + }, + "rule": { + "rule_id_1": "rule_id_2", + "rule_id_2": "rule_id_2" + }, + "model": { + "model_id_1": "model_id_1" + } +} + +pdp_mock = { + "pdp_id1": { + "name": "...", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } +} + +meta_rules_mock = { + shared_ids["meta_rule"]["meta_rule_id_1"]: { + "name": "meta_rule1", + "algorithm": "name of the meta rule algorithm", + "subject_categories": ["subject_category_id1", + "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + }, + shared_ids["meta_rule"]["meta_rule_id_2"]: { + "name": "name of the meta rules2", + "algorithm": "name of the meta rule algorithm", + "subject_categories": ["subject_category_id1", + "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } +} + +policies_mock = { + shared_ids["policy"]["policy_id_1"]: { + "name": "test_policy1", + "model_id": shared_ids["model"]["model_id_1"], + "genre": "authz", + "description": "test", + } +} + +subject_mock = { + shared_ids["policy"]["policy_id_1"]: { + "subject_id": { + "name": "subject_name", + "keystone_id": "keystone_project_id1", + "description": "a description" + } + }, + shared_ids["policy"]["policy_id_invalid_response"]: { + "subject_id": { + "name": "subject_name", + "keystone_id": "keystone_project_id1", + "description": "a description" + } + } + +} + +subject_assignment_mock = { + "subject_id_1": { + "policy_id": shared_ids["policy"]["policy_id_1"], + "subject_id": "subject_id_1", + "category_id": shared_ids["category"]["category_id_1"], + "assignments": ["data_id_1, data_id_2"], + } +} + +object_mock = { + shared_ids["policy"]["policy_id_1"]: { + "object_id": { + "name": "object_name", + "description": "a description" + } + } +} + +object_assignment_mock = { + "object_id_1": { + "policy_id": shared_ids["policy"]["policy_id_1"], + "object_id": "object_id_1", + "category_id": shared_ids["category"]["category_id_1"], + "assignments": ["data_id_1, data_id_2"], + } +} + +action_mock = { + shared_ids["policy"]["policy_id_1"]: { + "action_id": { + "name": "action_name", + "description": "a description" + } + } +} + +action_assignment_mock = { + "action_id_1": { + "policy_id": shared_ids["policy"]["policy_id_1"], + "action_id": "action_id_1", + "category_id": shared_ids["category"]["category_id_1"], + "assignments": ["data_id_1, data_id_2"], + } +} + +models_mock = { + shared_ids["model"]["model_id_1"]: { + "name": "test_model", + "description": "test", + "meta_rules": [shared_ids["meta_rule"]["meta_rule_id_1"]] + } +} + +rules_mock = { + "rules": { + "meta_rule_id": shared_ids["meta_rule"]["meta_rule_id_1"], + shared_ids["rule"]["rule_id_1"]: { + "rule": ["subject_data_id1", + "object_data_id1", + "action_data_id1"], + "instructions": ( + {"decision": "grant"}, + # "grant" to immediately exit, + # "continue" to wait for the result of next policy + # "deny" to deny the request + ) + }, + shared_ids["rule"]["rule_id_2"]: { + "rule": ["subject_data_id2", + "object_data_id2", + "action_data_id2"], + "instructions": ( + { + "update": { + "operation": "add", + # operations may be "add" or "delete" + "target": "rbac:role:admin" + # add the role admin to the current user + } + }, + {"chain": {"name": "rbac"}} + # chain with the policy named rbac + ) + } + } +} + +# pods_mock = { +# # "name": "pod_id1", +# # "hostname": "pod_host", +# # "port": { +# # "PrivatePort": "8998", +# # "Type": "tcp", +# # "IP": "0.0.0.0", +# # "PublicPort": "8080" +# # }, +# # "keystone_project_id": "keystone_project_id1", +# # "pdp_id": "", +# # "meta_rule_id": "meta_rule_id1", +# # "container_name": "container_name1", +# # "plugin_name": "plugin_name1", +# # "container_id": "container_id" +# "pod_id1": { +# "name": "pod_id1", +# "hostname": "pod_host", +# "port": { +# "PrivatePort": "8998", +# "Type": "tcp", +# "IP": "0.0.0.0", +# "PublicPort": "8080" +# }, +# "keystone_project_id": [1], +# "pdp_id": "", +# "meta_rule_id": "meta_rule_id1", +# "container_name": "container_name1", +# "plugin_name": "plugin_name1", +# "container_id": "container_id" +# }, +# +# } diff --git a/python_moonutilities/tests/unit_python/mock_repo/urls.py b/python_moonutilities/tests/unit_python/mock_repo/urls.py new file mode 100644 index 00000000..a5b1e63b --- /dev/null +++ b/python_moonutilities/tests/unit_python/mock_repo/urls.py @@ -0,0 +1,147 @@ +import mock_repo.components_utilities as comp_util +import mock_repo.data as data_mock + + +def register_components(m): + for component in data_mock.components: + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/{}'.format(component), + json=[{'Key': component, 'Value': comp_util.get_b64_conf(component)}] + ) + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/components_port_start', + json=[{'Key': 'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")}] + ) + m.register_uri( + 'PUT', 'http://consul:8500/v1/kv/components_port_start', + json=[] + ) + + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/components?recurse=true', + json=[ + {"Key": key, "Value": comp_util.get_b64_conf(key)} for key in data_mock.components + ], + # json={'Key': "components", 'Value': get_b64_comp_util.CONF("components")} + ) + + +def register_keystone(m): + m.register_uri( + 'POST', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'DELETE', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users/', + json={"users": [{ + "id": "1111111111111" + }]} + ) + +def register_model_any(m, module_name, mocked_data, key=None): + if key is None: + key = module_name + m.register_uri( + 'GET', 'http://{}:{}/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], module_name), + + json={key: mocked_data} + ) + +def register_policy_any(m, policy_id, module_name, mocked_data, key=None): + if key is None: + key = module_name + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], 'policies', + policy_id, module_name), + json={key: mocked_data} + ) + +def register_pdp(m): + register_model_any(m, 'pdp', data_mock.pdp_mock,'pdps') + +def register_meta_rules(m): + register_model_any(m, 'meta_rules',data_mock.meta_rules_mock) + +def register_policies(m): + register_model_any(m, 'policies', data_mock.policies_mock) + + +def register_models(m): + register_model_any(m, 'models', data_mock.models_mock) + +def register_policy_subject(m, policy_id): + register_policy_any(m, policy_id, 'subjects', data_mock.subject_mock[policy_id]) + + +def register_policy_subject_invalid_response(m, policy_id): + register_policy_any(m, policy_id, 'subjects', data_mock.subject_mock[policy_id],'subjects_invalid_key') + +def register_policy_object(m, policy_id): + register_policy_any(m, policy_id, 'objects', data_mock.object_mock[policy_id]) + +def register_policy_action(m, policy_id): + register_policy_any(m, policy_id, 'actions', data_mock.action_mock[policy_id]) + +def register_policy_subject_assignment_list(m, policy_id): + register_policy_any(m, policy_id, 'subject_assignments', data_mock.subject_assignment_mock) + +def register_policy_object_assignment_list(m, policy_id): + register_policy_any(m, policy_id, 'object_assignments', data_mock.object_assignment_mock) + + +def register_policy_action_assignment_list(m, policy_id): + register_policy_any(m, policy_id, 'action_assignments', data_mock.action_assignment_mock) + +def register_policy_subject_assignment(m, policy_id, perimeter_id): + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], + 'policies', + policy_id, + perimeter_id), + json={'subject_assignments': data_mock.subject_assignment_mock} + ) + +def register_policy_object_assignment(m, policy_id, perimeter_id): + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], + 'policies', + policy_id, + perimeter_id), + json={'object_assignments': data_mock.object_assignment_mock} + ) + +def register_policy_action_assignment(m, policy_id, perimeter_id): + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], + 'policies', + policy_id, + perimeter_id), + json={'action_assignments': data_mock.action_assignment_mock} + ) + +def register_rules(m, policy_id): + register_policy_any(m, policy_id, 'rules', data_mock.rules_mock) + +# def register_pods(m): +# m.register_uri( +# 'GET', 'http://{}:{}/pods'.format(comp_util.CONF['components']['orchestrator']['hostname'], +# comp_util.CONF['components']['orchestrator']['port']), +# json={'pods': data_mock.pods_mock} +# ) diff --git a/python_moonutilities/tests/unit_python/test_cache.py b/python_moonutilities/tests/unit_python/test_cache.py index c479395b..db1e3ae7 100644 --- a/python_moonutilities/tests/unit_python/test_cache.py +++ b/python_moonutilities/tests/unit_python/test_cache.py @@ -1,4 +1,5 @@ import pytest +import mock_repo.data as data_mock def test_authz_request(): @@ -7,63 +8,219 @@ def test_authz_request(): assert isinstance(c.authz_requests, dict) +# tests for get (subject, object, action) in cache +# ================================================ def test_get_subject_success(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'subject_name' - subject_id = cache_obj.get_subject(policy_id, name) + subject_id = cache_obj.get_subject(data_mock.shared_ids["policy"]["policy_id_1"], name) assert subject_id is not None -def test_get_subject_failure(): +def test_get_subject_not_found(): from python_moonutilities import cache - cache_obj = cache.Cache() - policy_id = 'policy_id_1' + cache_obj2 = cache.Cache() name = 'invalid name' with pytest.raises(Exception) as exception_info: - cache_obj.get_subject(policy_id, name) + cache_obj2.get_subject(data_mock.shared_ids["policy"]["policy_id_1"], name) assert str(exception_info.value) == '400: Subject Unknown' +# [TODO] this test used to test the invalid response +# it should be un commented and run after refactoring the related part +def test_get_subject_invalid_response(): + from python_moonutilities import cache + cache_obj2 = cache.Cache() + # policy_id = 'policy_id_invalid_response' + name = 'invalid name' + + +# with pytest.raises(Exception) as exception_info: +# cache_obj2.get_subject(data_mock.shared_ids["policy"]["policy_id_invalid_response"], name) +# assert str(exception_info.value) == '400: Subject Unknown' + + def test_get_object_success(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'object_name' - object_id = cache_obj.get_object(policy_id, name) + object_id = cache_obj.get_object(data_mock.shared_ids["policy"]["policy_id_1"], name) assert object_id is not None def test_get_object_failure(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'invalid name' with pytest.raises(Exception) as exception_info: - cache_obj.get_object(policy_id, name) + cache_obj.get_object(data_mock.shared_ids["policy"]["policy_id_1"], name) assert str(exception_info.value) == '400: Subject Unknown' def test_get_action_success(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'action_name' - action_id = cache_obj.get_action(policy_id, name) + action_id = cache_obj.get_action(data_mock.shared_ids["policy"]["policy_id_1"], name) assert action_id is not None def test_get_action_failure(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'invalid name' with pytest.raises(Exception) as exception_info: - cache_obj.get_action(policy_id, name) + cache_obj.get_action(data_mock.shared_ids["policy"]["policy_id_1"], name) assert str(exception_info.value) == '400: Subject Unknown' +# ==================================================================================================== + +# tests for get (subject_assignment, object_assignment, action_assignment) in cache +# ================================================================================= + +def test_get_subject_assignment_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + subject_assignments = cache_obj.get_subject_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["category_id_1"]) + assert subject_assignments is not None + + +def test_get_subject_assignment_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + subject_assignments = cache_obj.get_subject_assignments(data_mock.shared_ids["policy"]["policy_id_2"], + '', + data_mock.shared_ids["category"]["category_id_1"]) + assert len(subject_assignments) == 0 + + +def test_get_subject_assignment_invalid_category_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + subject_assignments = cache_obj.get_subject_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["invalid_category_id_1"]) + assert len(subject_assignments) == 0 + + +def test_get_object_assignment_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + object_assignments = cache_obj.get_object_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_2"], + data_mock.shared_ids["category"]["category_id_1"]) + assert object_assignments is not None + + +def test_get_object_assignment_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + object_assignments = cache_obj.get_object_assignments(data_mock.shared_ids["policy"]["policy_id_2"], + '', + data_mock.shared_ids["category"]["category_id_1"]) + assert len(object_assignments) == 0 + + +def test_get_object_assignment_invalid_category_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + object_assignments = cache_obj.get_object_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["invalid_category_id_1"]) + assert len(object_assignments) == 0 + + +def test_get_action_assignment_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + action_assignments = cache_obj.get_action_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_3"], + data_mock.shared_ids["category"]["category_id_1"]) + assert action_assignments is not None + + +def test_get_action_assignment_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + action_assignments = cache_obj.get_action_assignments(data_mock.shared_ids["policy"]["policy_id_2"], + '', + data_mock.shared_ids["category"]["category_id_1"]) + assert len(action_assignments) == 0 + + +def test_get_action_assignment_invalid_category_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + action_assignments = cache_obj.get_action_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["invalid_category_id_1"]) + assert len(action_assignments) == 0 + + +# ==================================================================================================== + +# tests for helper function in cache +# ================================== +def test_get_policy_from_meta_rules_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + policy_id = cache_obj.get_policy_from_meta_rules(data_mock.shared_ids["meta_rule"]["meta_rule_id_1"]) + assert policy_id is not None + + +# def test_get_policy_from_meta_rules_failure(): +# from python_moonutilities import cache +# cache_obj = cache.Cache() +# meta_rule_id = 'meta_rule_id3' +# policy_id = cache_obj.get_policy_from_meta_rules(meta_rule_id) +# assert policy_id is None + + +def test_get_pdp_from_keystone_project_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + keystone_project_id = 'keystone_project_id1' + pdp_key = cache_obj.get_pdp_from_keystone_project(keystone_project_id) + assert pdp_key is not None + + +def test_get_pdp_from_keystone_project_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + keystone_project_id = 'keystone_project_id2' + pdp_key = cache_obj.get_pdp_from_keystone_project(keystone_project_id) + assert pdp_key is None + + +def test_get_keystone_project_id_from_policy_id_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + keystone_project_id = cache_obj.get_keystone_project_id_from_policy_id( + data_mock.shared_ids["policy"]["policy_id_1"]) + assert keystone_project_id is not None + + +def test_get_keystone_project_id_from_policy_id_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + policy_id = 'policy_id_3' + keystone_project_id = cache_obj.get_keystone_project_id_from_policy_id(policy_id) + assert keystone_project_id is None + + +# def test_get_containers_from_keystone_project_id_success(): +# from python_moonutilities import cache +# cache_obj = cache.Cache() +# keystone_project_id = 1 +# meta_rule_id = 'meta_rule_id1' +# container_id, container_value = cache_obj.get_containers_from_keystone_project_id(keystone_project_id, meta_rule_id) +# assert container_id, container_value is not None + + def test_cache_manager(): from python_moonutilities import cache cache_obj = cache.Cache() @@ -71,5 +228,5 @@ def test_cache_manager(): assert cache_obj.meta_rules is not None assert len(cache_obj.meta_rules) == 2 assert cache_obj.policies is not None - assert len(cache_obj.policies) == 2 - assert cache_obj.models is not None
\ No newline at end of file + assert len(cache_obj.policies) == 1 + assert cache_obj.models is not None diff --git a/python_moonutilities/tests/unit_python/test_configuration.py b/python_moonutilities/tests/unit_python/test_configuration.py index 48699062..fe01c7e2 100644 --- a/python_moonutilities/tests/unit_python/test_configuration.py +++ b/python_moonutilities/tests/unit_python/test_configuration.py @@ -1,5 +1,54 @@ +import mock_repo.components_utilities as comp_util +import pytest +import requests_mock -def test_get_components(): + + +def test_get_configuration_success(): + from python_moonutilities import configuration + assert configuration.get_configuration("components/port_start")["components/port_start"] == comp_util.CONF["components"]["port_start"] + +@requests_mock.Mocker(kw='mock') +def test_get_configuration_not_found(**kwargs): + from python_moonutilities import configuration + + kwargs['mock'].get('http://consul:8500/v1/kv/components/port_start_wrong', json=[ + ], status_code=500) + with pytest.raises(Exception) as exception_info: + configuration.get_configuration("components/port_start_wrong") + assert str(exception_info.value) == '500: Consul error' + +# [TODO] this test used to test the invalid response +# it should be un commented and run after refactoring the related part +@requests_mock.Mocker(kw='mock') +def test_get_configuration_invalid_response(**kwargs): from python_moonutilities import configuration - assert isinstance(configuration.get_components(), dict) + kwargs['mock'].get('http://consul:8500/v1/kv/components_port_start', json=[ + {"components_port_start":'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")} + ]) + # with pytest.raises(Exception) as exception_info: + # configuration.get_configuration("components_port_start") + # assert str(exception_info.value) == '500: Consul error' + +@requests_mock.Mocker(kw='mock') +def test_put_increment_port_failure(**kwargs): + from python_moonutilities import configuration + kwargs['mock'].put('http://consul:8500/v1/kv/components_port_start', json=[], status_code=400) + kwargs['mock'].get('http://consul:8500/v1/kv/components_port_start', json=[ + {'Key': 'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")} + ], status_code=200) + with pytest.raises(Exception) as exception_info: + configuration.increment_port() + assert str(exception_info.value) == '400: Consul error' + +def test_increment_port_success(): + from python_moonutilities import configuration + cur_port = comp_util.CONF["components"]["port_start"] + incremented_port = configuration.increment_port() + assert incremented_port == cur_port + 1 + + +def test_get_components(): + from python_moonutilities import configuration + assert isinstance(configuration.get_components(), dict)
\ No newline at end of file diff --git a/tests/performance/README.md b/tests/performance/README.md index 52613d2c..fcb80589 100644 --- a/tests/performance/README.md +++ b/tests/performance/README.md @@ -1,69 +1,80 @@ -# Moon Yardstick and Bottlenecks Performance Tests +# Moon Yardstick/Bottlenecks Performance Tests The main objective of this document is to describe the performance tests for the Moon project/module. -Moon is a security managment platform which provides a set of security functions to project the underlying OPNFV infrastructure and/or VNFs. -Moon is consisted of 2 parts: a master and a set of slaves. The master holds all security-related information and each slave only fetches and holds -related informations for its local usage from master. +Moon is a security management platform which provides a set of security functions to project the underlying OPNFV infrastructure and/or VNFs. +It is consisted of 2 parts: a master and a set of slaves. The master holds all security-related information and each slave only fetches and holds +related information for its local usage from master. -## Moon Master Performance Tests -In this test, we should: +## Master Performance Tests +### Pre-requisite - setup a Moon master service on a physical server -- create a tenant/scope through the Moon master service -- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant +- create a project in OpenStack/Keystone +- create a MSL PDP with a model of 4 subject security levels and 4 object security levels, the MLS policy will be defined later -- increase N to find the limit of the security policy (implemented in format of a Docker) - - create N users and N resources (VMs in our case) in this tenant - - simulate 2 operation requests per user per second to Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, determine the capacity limit for one Docker +### Policy Size Test +Increase the number of users and resources N to find the limit of the security policy +- create N users and N resources (VMs in our case) in this MLS security policy +- sends 5 authz requests/second +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal number of N to support 5 requests/second -- setup 20 user and 20 resources (VMs in our case) for one tenant - - increase the number of tenants to test the maximal number of tenants on the server +### PDP Number Test +- setup 20 user and 20 resources (VMs in our case) for each MLS PDP +- sends 5 authz requests/second for each MLS PDP +- increase the number of PDP to test the maximal number of PDP on the master -- setup 5 tenants of N users and N resources (VMs in our case) in each tenant - - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server +### Policy Size Test for 5 PDPs +- setup 5 PDPs of N users and N resources (VMs in our case) +- sends 5 authz requests/second for each MLS PDP +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal user/resource number of these 5 PDPs -- setup 10 tenants of N users and N resources (VMs in our case) in each tenant - - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server +### Policy Size Test for 10 PDPs +- setup 10 PDPs of N users and N resources (VMs in our case) +- sends 5 authz requests/second for each MLS PDP +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal user/resource number of these 10 PDPs -- setup 20 tenants of N users and N resources (VMs in our case) in each tenant - - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server - -## Moon Slave Performace Tests -In this test, we should: -- setup a Moon master service on a physical server -- setup a Moon slave service on a physical server -- create a tenant/scope through the Moon master service -- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant through the Moon master service +### Policy Size Test for 20 PDPs +- setup 20 PDPs of N users and N resources (VMs in our case) +- sends 5 authz requests/second for each MLS PDP +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal user/resource number of these 20 PDPs -- increase N to find the limit of the security policy (implemented in format of a Docker) - - create N users and N resources (VMs in our case) in this tenant - - simulate 2 operation requests per user per second to Moon slave's authorizatoin endpoint - - gather performance metrics like CPU, memory, network usages of Moon slave - - throught the iteration, dermine the capacity limit for one Docker of Moon slave - -- setup 20 user and 20 resources (VMs in our case) for one tenant through the Moon slave service - - increate the number of tenants to test the maximal number of tenants on the server of the Moon slave - -- setup 5 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service - - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint - - gather performance metrics like CPU, memory, network usages of both Moon master and Moon slave - - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server of Moon slave -- setup 10 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service - - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint - - gather performance metrics like CPU, memory, network usages of both Moon master and slave - - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server of the Moon slave +## Master-Slave Performance Tests +### Pre-requisite +- setup a Moon master on a physical server +- setup a Moon slave on a physical server +- create a project in OpenStack/Keystone +- create a MSL PDP with a model of 4 subject security levels and 4 object security levels, the MLS policy will be defined later on the master + +### Slave Policy Size Test +Increase the number of users and resources N to find the limit of the security policy +- create N users and N resources (VMs in our case) in this MLS security policy on the master +- sends 5 authz requests/second to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal number of N to support 5 requests/second of the slave + +### Slave PDP Number Test +- setup 20 user and 20 resources (VMs in our case) for each MLS PDP on the master +- sends 5 authz requests/second for each MLS PDP to the slave +Through the iteration, determine the maximal number of PDP to support 5 requests/second of the slave -- setup 20 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service - - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint - - gather performance metrics like CPU, memory, network usages of both Moon master and slave - - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server of the Moon slave +### Slave Policy Size Test for 5 PDPs +- setup 5 PDPs of N users and N resources (VMs in our case) on the master +- sends 5 authz requests/second for each MLS PDP to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal user/resource number of these 5 PDPs +### Slave Policy Size Test for 10 PDPs +- setup 10 PDPs of N users and N resources (VMs in our case) on the master +- sends 5 authz requests/second for each MLS PDP to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal user/resource number of these 10 PDPs +### Slave Policy Size Test for 20 PDPs +- setup 20 PDPs of N users and N resources (VMs in our case) on the master +- sends 5 authz requests/second for each MLS PDP to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal user/resource number of these 20 PDPs diff --git a/tools/moon_kubernetes/README.md b/tools/moon_kubernetes/README.md index b47bbfaf..73d342fa 100644 --- a/tools/moon_kubernetes/README.md +++ b/tools/moon_kubernetes/README.md @@ -31,7 +31,7 @@ apt-get install -y kubelet kubeadm kubectl ### Initiate K8S ```bash cd $MOON_HOME -bash tools/moon_kubernes/init_k8s.sh +bash tools/moon_kubernetes/init_k8s.sh ``` Wait until all the kubeadm containers are in the `running` state: @@ -57,7 +57,7 @@ You must see something like this: ### Deploy Moon ```bash cd $MOON_HOME -sudo bash tools/moon_kubernes/start_moon.sh +sudo bash tools/moon_kubernetes/start_moon.sh ``` Wait until all the Moon containers are in the `running` state: |