diff options
134 files changed, 2095 insertions, 16277 deletions
@@ -3,283 +3,59 @@ __Version 4.3__ This directory contains all the modules for running the Moon platform. -## Installation -### kubeadm -You must follow those explanations to install `kubeadm`: -> https://kubernetes.io/docs/setup/independent/install-kubeadm/ - -To summarize, you must install `docker`: -```bash -apt update -apt install -y docker.io -``` - -And then, install `kubeadm`: -```bash -apt update && apt install -y apt-transport-https -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -cat <<EOF >/etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial main -EOF -apt update -apt install -y kubelet kubeadm kubectl -``` - -### Moon -The Moon code is not necessary to start the platform but you need -Kubernetes configuration files from the GIT repository. - -The easy way is to clone the Moon code: -```bash -git clone https://git.opnfv.org/moon -cd moon/moonv4 -export MOON=$(pwd) -``` - -### OpenStack -You must have the following OpenStack components installed somewhere: -- nova, see [Nova install](https://docs.openstack.org/mitaka/install-guide-ubuntu/nova-controller-install.html) -- glance, see [Glance install](https://docs.openstack.org/glance/pike/install/) - -A Keystone component is automatically installed and configured in the Moon platform. -After the Moon platform installation, the Keystone server will be available -at: `http://localhost:30005 or http://\<servername\>:30005` - -You can also use your own Keystone server if you want. - -## Initialisation -### kubeadm -The `kubeadm` platform can be initialized with the following shell script: -```bash -sh kubernetes/init_k8s.sh -``` - -Wait until all the kubeadm containers are in the `running` state: -```bash -watch kubectl get po --namespace=kube-system -``` - -You must see something like this: - - $ kubectl get po --namespace=kube-system - NAME READY STATUS RESTARTS AGE - calico-etcd-7qgjb 1/1 Running 0 1h - calico-node-f8zvm 2/2 Running 1 1h - calico-policy-controller-59fc4f7888-ns9kv 1/1 Running 0 1h - etcd-varuna 1/1 Running 0 1h - kube-apiserver-varuna 1/1 Running 0 1h - kube-controller-manager-varuna 1/1 Running 0 1h - kube-dns-bfbb49cd7-rgqxn 3/3 Running 0 1h - kube-proxy-x88wg 1/1 Running 0 1h - kube-scheduler-varuna 1/1 Running 0 1h - -### Moon -The Moon platform is composed on the following components: -* `consul`: a Consul configuration server -* `db`: a MySQL database server -* `keystone`: a Keystone authentication server -* `gui`: a Moon web interface -* `manager`: the Moon manager for the database -* `orchestrator`: the Moon component that manage pods in te K8S platform -* `wrapper`: the Moon endpoint where OpenStack component connect to. - -At this point, you must choose one of the following options: -* Specific configuration -* Generic configuration - -#### Specific Configuration -Why using a specific configuration: -1. The `db` and `keystone` can be installed by yourself but you must configure the -Moon platform to use them. -2. You want to change the default passwords in the Moon platform - -Use the following commands: `TODO` - -#### Generic Configuration -Why using a specific configuration: -1. You just want to test the platform -2. You want to develop on the Moon platform - -The `Moon` platform can be initialized with the following shell script: -```bash -sh kubernetes/start_moon.sh -``` - -Wait until all the Moon containers are in the `running` state: -```bash -watch kubectl get po --namespace=moon -``` - -You must see something like this: - - $ kubectl get po --namespace=moon - NAME READY STATUS RESTARTS AGE - consul-57b6d66975-9qnfx 1/1 Running 0 52m - db-867f9c6666-bq8cf 1/1 Running 0 52m - gui-bc9878b58-q288x 1/1 Running 0 51m - keystone-7d9cdbb69f-bl6ln 1/1 Running 0 52m - manager-5bfbb96988-2nvhd 1/1 Running 0 51m - manager-5bfbb96988-fg8vj 1/1 Running 0 51m - manager-5bfbb96988-w9wnk 1/1 Running 0 51m - orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m - wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m - -## Configuration -### Moon -#### Introduction -The Moon platform is already configured after the installation. -If you want to see or modify the configuration, go with a web browser -to the following page: - -> http://localhost:30006 - -This is a consul server, you can update the configuration in the `KEY/VALUE` tab. -There are some configuration items, lots of them are only read when a new K8S pod is started -and not during its life cycle. - -**WARNING: some confidential information are put here in clear text. -This is a known security issue.** - -#### Keystone -If you have your own Keystone server, you can point Moon to your server in the -`openstack/keystone` element or through the link: -> http://localhost:30005/ui/#/dc1/kv/openstack/keystone/edit - -This configuration element is read every time Moon need it, specially when adding users. - -#### Database -The database can also be modified here: -> http://varuna:30005/ui/#/dc1/kv/database/edit - -**WARNING: the password is in clear text, this is a known security issue.** - -If you want to use your own database server, change the configuration: - - {"url": "mysql+pymysql://my_user:my_secret_password@my_server/moon", "driver": "sql"} - -Then you have to rebuild the database before using it. -This can be done with the following commands: - - cd $MOON - kubectl delete -f kubernetes/templates/moon_configuration.yaml - kubectl create -f kubernetes/templates/moon_configuration.yaml - - -### OpenStack -Before updating the configuration of the OpenStack platform, check that the platform -is working without Moon, use the following commands: -```bash -# set authentication -openstack endpoint list -openstack user list -openstack server list -``` - -In order to connect the OpenStack platform with the Moon platform, you must update some -configuration files in Nova and Glance: -* `/etc/nova/policy.json` -* `/etc/glance/policy.json` - -In some installed platform, the `/etc/nova/policy.json` can be absent so you have -to create one. You can find example files in those directory: -> ${MOON}/moonv4/templates/nova/policy.json -> ${MOON}/moonv4/templates/glance/policy.json - -Each line is mapped to an OpenStack API interface, for example, the following line -allows the user to get details for every virtual machines in the cloud -(the corresponding shell command is `openstack server list`): - - "os_compute_api:servers:detail": "", - -This lines indicates that there is no special authorisation to use this API, -every users can use it. If you want that the Moon platform handles that authorisation, -update this line with: - - "os_compute_api:servers:detail": "http://my_hostname:31001/authz" - -1) by replacing `my_hostname` with the hostname (od the IP address) of the Moon platform. -2) by updating the TCP port (default: 31001) with the good one. - -To find this TCP port, use the following command: - - $ kubectl get services -n moon | grep wrapper | cut -d ":" -f 2 | cut -d " " -f 1 - 31002/TCP - -### Moon +## Platform Setup +- [Docker installation](tools/moon_kubernetes/README.md) +- [kubeadm installation](tools/moon_kubernetes/README.md) +- [Moon deployment](tools/moon_kubernetes/README.md) +- [OpenStack deployment](tools/openstack/README.md) + + +## Micro-service Architecture +The Moon platform is composed on the following components/containers: +- *consul*: a Consul configuration server +- *db*: a MySQL database server +- *keystone*: a Keystone authentication server +- [gui](moon_gui/README.md): a Moon web interface +- [manager](moon_manager/README.md): the Moon manager for the database +- [orchestrator](moon_orchestrator/README.md): the Moon component that manage pods in te K8S platform +- [wrapper](moon_wrapper/README.md): the Moon endpoint where OpenStack component connect to. + + +## Manipulation +### moon_gui The Moon platform comes with a graphical user interface which can be used with -a web browser at this URL: -> http://$MOON_HOST:30002 +a web browser at this URL `http://$MOON_HOST:30002` You will be asked to put a login and password. Those elements are the login and password of the Keystone server, if you didn't modify the Keystone server, you will find the -login and password here: -> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit +login and password here `http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit` **WARNING: the password is in clear text, this is a known security issue.** -The Moon platform can also be requested through its API: -> http://$MOON_HOST:30001 +### moon_manager +The Moon platform can also be requested through its API `http://$MOON_HOST:30001` **WARNING: By default, no login/password will be needed because of the configuration which is in DEV mode.** If you want more security, you have to update the configuration of the Keystone server here: -> http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit - +`http://$MOON_HOST:30005/ui/#/dc1/kv/openstack/keystone/edit` by modifying the `check_token` argument to `yes`. If you write this modification, your requests to Moon API must always include a valid token taken from the Keystone server. This token must be place in the header of the request (`X-Auth-Token`). -## usage -### tests the platform -In order to know if the platform is healthy, here are some commands you can use. -1) Check that all the K8S pods in the Moon namespace are in running state: -`kubectl get pods -n moon` - -2) Check if the Manager API is running: +### End-to-end Functional Test +Check if the Manager API is running: ```bash curl http://$MOON_HOST:30001 curl http://$MOON_HOST:30001/pdp curl http://$MOON_HOST:30001/policies ``` - -If you configured the authentication in the Moon platform: -```bash -curl -i \ - -H "Content-Type: application/json" \ - -d ' -{ "auth": { - "identity": { - "methods": ["password"], - "password": { - "user": { - "name": "admin", - "domain": { "id": "default" }, - "password": "<set_your_password_here>" - } - } - }, - "scope": { - "project": { - "name": "admin", - "domain": { "id": "default" } - } - } - } -}' \ - "http://moon_hostname:30006/v3/auth/tokens" ; echo - -curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001 -curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp -curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies -``` - -3) Use a web browser to navigate to the GUI and enter the login and password of the keystone service: -`firefox http://$MOON_HOST:30002` -4) Use tests Python Scripts -check firstly the Consul service for *Components/Manager*, e.g. +### Consul Check +Check the Consul service for +- *Components/Manager*, e.g. ```json { "port": 8082, @@ -292,7 +68,7 @@ check firstly the Consul service for *Components/Manager*, e.g. } } ``` -*OpenStack/Keystone*: e.g. +- *OpenStack/Keystone*: e.g. ```json { "url": "http://keystone:5000/v3", @@ -308,74 +84,44 @@ check firstly the Consul service for *Components/Manager*, e.g. } ``` +### Tests +Launch functional [test scenario](tests/functional/scenario_enabled) : ```bash -python3 populate_default_values.py --consul-host=$MOON_HOST --consul-port=30005 -v scenario/rbac_large.py -python3 send_authz.py --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$MOON_HOST --authz-port=31002 -v scenario/rbac_large.py +sudo pip install python_moonclient --upgrade +cd $MOON_HOME/tests/functional/scenario_tests +moon_populate_values --consul-host=$MOON_HOST --consul-port=30005 -v rbac_large.py +moon_send_authz --consul-host=$MOON_HOST --consul-port=30005 --authz-host=$AUTHZ_HOST --authz-port=$AUTHZ_PORT -v rbac_large.py ``` - -### GUI usage -After authentication, you will see 4 tabs: Project, Models, Policies, PDP: - -* *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point) -* *Models*: configure templates of policies (for example RBAC or MLS) -* *Policies*: applied models or instantiated models ; -on one policy, you map a authorisation model and set subject, objects and action that will -rely on that model -* *PDP*: Policy Decision Point, this is the link between Policies and Keystone Project - -In the following paragraphs, we will add a new user in OpenStack and allow her to list -all VM on the OpenStack platform. - -First, add a new user and a new project in the OpenStack platform: - - openstack user create --password-prompt demo_user - openstack project create demo - DEMO_USER=$(openstack user list | grep demo_user | cut -d " " -f 2) - DEMO_PROJECT=$(openstack project list | grep demo | cut -d " " -f 2) - openstack role add --user $DEMO_USER --project $DEMO_PROJECT admin - -You have to add the same user in the Moon interface: - -1. go to the `Projects` tab in the Moon interface -1. go to the line corresponding to the new project and click to the `Map to a PDP` link -1. select in the combobox the MLS PDP and click `OK` -1. in the Moon interface, go to the `Policy` tab -1. go to the line corresponding to the MLS policy and click on the `actions->edit` button -1. scroll to the `Perimeters` line and click on the `show` link to show the perimeter configuration -1. go to the `Add a subject` line and click on `Add a new perimeter` -1. set the name of that subject to `demo_user` (*the name must be strictly identical*) -1. in the combobox named `Policy list` select the `MLS` policy and click on the `+` button -1. click on the yellow `Add Perimeter` button -1. go to the `Assignment` line and click on the `show` button -1. under the `Add a Assignments Subject` select the MLS policy, -the new user (`demo_user`), the category `subject_category_level` -1. in the `Select a Data` line, choose the `High` scope and click on the `+` link -1. click on the yellow `Create Assignments` button -1. if you go to the OpenStack platform, the `demo_user` is now allow to connect -to the Nova component (test with `openstack server list` connected with the `demo_user`) - - -## Annexes - -### connect to the OpenStack platform - -Here is a shell script to authenticate to the OpenStack platform as `admin`: - - export OS_USERNAME=admin - export OS_PASSWORD=p4ssw0rd - export OS_REGION_NAME=Orange - export OS_TENANT_NAME=admin - export OS_AUTH_URL=http://moon_hostname:30006/v3 - export OS_DOMAIN_NAME=Default - export OS_IDENTITY_API_VERSION=3 - -For the `demo_user`, use: - - export OS_USERNAME=demo_user - export OS_PASSWORD=your_secret_password - export OS_REGION_NAME=Orange - export OS_TENANT_NAME=demo - export OS_AUTH_URL=http://moon_hostname:30006/v3 - export OS_DOMAIN_NAME=Default - export OS_IDENTITY_API_VERSION=3 +## Annexe +### Authentication +If you configured the authentication in the Moon platform: +```bash +curl -i \ + -H "Content-Type: application/json" \ + -d ' +{ "auth": { + "identity": { + "methods": ["password"], + "password": { + "user": { + "name": "admin", + "domain": { "id": "default" }, + "password": "<set_your_password_here>" + } + } + }, + "scope": { + "project": { + "name": "admin", + "domain": { "id": "default" } + } + } + } +}' \ + "http://moon_hostname:30006/v3/auth/tokens" ; echo + +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001 +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/pdp +curl --header "X-Auth-Token: <token_retrieve_from_keystone>" http://moon_hostname:30001/policies +```
\ No newline at end of file diff --git a/kubernetes/README.md b/kubernetes/README.md deleted file mode 100644 index b5320dd6..00000000 --- a/kubernetes/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# Moon Platform Setup -## K8S Installation -Choose the right K8S platform -### Minikube -```bash -curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -chmod +x ./kubectl -sudo mv ./kubectl /usr/local/bin/kubectl -curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.21.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ -``` - -### Kubeadm -see: https://kubernetes.io/docs/setup/independent/install-kubeadm/ -```bash -apt-get update && apt-get install -y apt-transport-https -curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -cat <<EOF >/etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial main -EOF -apt-get update -apt-get install -y kubelet kubeadm kubectl -``` - -## Moon Deployment -### Creation -Execute the script : init_k8s.sh -```bash -sudo bash init_k8s.sh -watch kubectl get po --namespace=kube-system -``` -Wait until all pods are in "Running" state (crtl-c to stop the watch command) - -### Execution -Execute the script : start_moon.sh -```bash -sudo bash start_moon.sh -watch kubectl get po --namespace=moon -``` - diff --git a/kubernetes/conf/ports.conf b/kubernetes/conf/ports.conf deleted file mode 100644 index 487945c0..00000000 --- a/kubernetes/conf/ports.conf +++ /dev/null @@ -1,24 +0,0 @@ -manager: - port: 8082 - kport: 30001 -gui: - port: 3000 - kport: 30002 -orchestrator: - port: 8083 - kport: 30003 - -consul: - port: 8500 - kport: 30005 -keystone: - port: 5000 - kport: 30006 - -wrapper: - port: 8080 - kport: 30010 -interface: - port: 8080 -authz: - port: 8081 diff --git a/kubernetes/start_moon.sh b/kubernetes/start_moon.sh deleted file mode 100644 index 8121e319..00000000 --- a/kubernetes/start_moon.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash - -set -x - -kubectl create namespace moon -kubectl create configmap moon-config --from-file conf/moon.conf -n moon -kubectl create configmap config --from-file ~/.kube/config -n moon -kubectl create secret generic mysql-root-pass --from-file=kubernetes/conf/password_root.txt -n moon -kubectl create secret generic mysql-pass --from-file=kubernetes/conf/password_moon.txt -n moon - -kubectl create -n moon -f kubernetes/templates/consul.yaml -kubectl create -n moon -f kubernetes/templates/db.yaml -kubectl create -n moon -f kubernetes/templates/keystone.yaml - -echo ========================================= -kubectl get pods -n moon -echo ========================================= - -sleep 10 -kubectl create -n moon -f kubernetes/templates/moon_configuration.yaml - -echo Waiting for jobs moonforming -sleep 5 -kubectl get jobs -n moon -kubectl logs -n moon jobs/moonforming - -sleep 5 - -kubectl create -n moon -f kubernetes/templates/moon_manager.yaml - -sleep 2 - -kubectl create -n moon -f kubernetes/templates/moon_orchestrator.yaml - -kubectl create -n moon -f kubernetes/templates/moon_gui.yaml - - diff --git a/templates/moon_forming/Dockerfile b/moon_forming/Dockerfile index fe48eee0..bc6b699e 100644 --- a/templates/moon_forming/Dockerfile +++ b/moon_forming/Dockerfile @@ -1,6 +1,6 @@ FROM python:3 WORKDIR /usr/src/app -RUN pip install --no-cache-dir --upgrade requests pyyaml python_moonutilities python_moondb +RUN pip install --no-cache-dir --upgrade requests pyyaml python_moonutilities python_moondb python_moonclient ENV POPULATE_ARGS "-v" diff --git a/moon_forming/README.md b/moon_forming/README.md new file mode 100644 index 00000000..cc08f676 --- /dev/null +++ b/moon_forming/README.md @@ -0,0 +1,44 @@ +# Moon Forming +moon_forming is a container to automatize the configuration of the Moon platform + +## Run +```bash +docker run wukongsun/moon_forming:latest +``` + +## Consul +The Moon platform is already configured after the installation. +If you want to see or modify the configuration, go with a web browser +to the following page: `http://localhost:30006`. + +With the consul server, you can update the configuration in the `KEY/VALUE` tab. +There are some configuration items, lots of them are only read when a new K8S pod is started +and not during its life cycle. + +**WARNING: some confidential information are put here in clear text. +This is a known security issue.** + +### Keystone +If you have your own Keystone server, you can point Moon to your Keystone in the +`openstack/keystone` element: `http://localhost:30005/ui/#/dc1/kv/openstack/keystone/edit`. +This configuration element is read every time Moon need it, specially when adding users. + +### Database +The database can also be modified through: `http://localhost:30005/ui/#/dc1/kv/database/edit`. + +**WARNING: the password is in clear text, this is a known security issue.** + +If you want to use your own database server, change the configuration: + + {"url": "mysql+pymysql://my_user:my_secret_password@my_server/moon", "driver": "sql"} + +Then you have to rebuild the database before using it. +This can be done with the following commands: +```bash +kubectl delete -f $MOON_HOME/tools/moon_kubernetes/templates/moon_forming.yaml +kubectl create -f $MOON_HOME/tools/moon_kubernetes/templates/moon_forming.yaml +``` + + + + diff --git a/templates/moon_forming/conf2consul.py b/moon_forming/conf2consul.py index 46c99d5c..46c99d5c 100644 --- a/templates/moon_forming/conf2consul.py +++ b/moon_forming/conf2consul.py diff --git a/templates/moon_forming/run.sh b/moon_forming/run.sh index 71543f9e..6cf90f56 100644 --- a/templates/moon_forming/run.sh +++ b/moon_forming/run.sh @@ -5,9 +5,9 @@ populate_args=$* echo "Waiting for Consul (http://consul:8500)" while ! python -c "import requests; req = requests.get('http://consul:8500')" 2>/dev/null ; do sleep 5 ; - echo "." + echo -n "." done - +echo "." echo "Consul (http://consul:8500) is up." python3 /root/conf2consul.py /etc/moon/moon.conf @@ -15,9 +15,9 @@ python3 /root/conf2consul.py /etc/moon/moon.conf echo "Waiting for DB (tcp://db:3306)" while ! python -c "import socket, sys; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect(('db', 3306)); sys.exit(0)" 2>/dev/null ; do sleep 5 ; - echo "." + echo -n "." done - +echo "." echo "Database (http://db:3306) is up." moon_db_manager upgrade @@ -25,20 +25,19 @@ moon_db_manager upgrade echo "Waiting for Keystone (http://keystone:5000)" while ! python -c "import requests; req = requests.get('http://keystone:5000')" 2>/dev/null ; do sleep 5 ; - echo "." + echo -n "." done - +echo "." echo "Keystone (http://keystone:5000) is up." echo "Waiting for Manager (http://manager:8082)" while ! python -c "import requests; req = requests.get('http://manager:8082')" 2>/dev/null ; do sleep 5 ; - echo "." + echo -n "." done - +echo "." echo "Manager (http://manager:8082) is up." -cd /root - -python3 populate_default_values.py $populate_args /root/conf/rbac.py -python3 populate_default_values.py $populate_args /root/conf/mls.py +for i in /data/*.py ; do + moon_populate_values $populate_args --consul-host=consul --consul-port=8500 $i +done diff --git a/moon_gui/README.md b/moon_gui/README.md index ff6e5a97..ea46b079 100644 --- a/moon_gui/README.md +++ b/moon_gui/README.md @@ -1,63 +1,71 @@ - -GUI for the Moon project -================================ - +# GUI for the Moon project This directory contains all the code for the Moon project It is designed to provide a running GUI of the Moon platform instance. - ## Usage - -### Prerequist -- `sudo apt-get install nodejs nodejs-legacy` -- `sudo npm install --global gulp-cli` - - -### Install all packages -- `cd $MOON_HOME/moon_gui` -- `sudo npm install` - -### Run the GUI -- `gulp webServerDelivery` -- Open your web browser - +- Prerequist + - `sudo apt-get install nodejs nodejs-legacy` + - `sudo npm install --global gulp-cli` +- Install all packages + - `cd $MOON_HOME/moon_gui` + - `sudo npm install` +- Run the GUI + - `gulp webServerDelivery` + - Open your web browser ## Configuration +- build the delivery package: `gulp delivery` +- launch the Web Server: `gulp webServerDelivery` -### Build the delivery package -- `gulp delivery` -### Launch the Web Server -- `gulp webServerDelivery` - -### Development - -During the development it is possible to use following commands : -- `gulp build` -Launch a Web Server -- `gulp webServer` +## Development +- during the development it is possible to use following commands: `gulp build` +- launch a Web Server: `gulp webServer` - Gulp webServer will refresh the browser when a file related to the application changed - - -### Constants -It is possible to change some constants (API endpoints) -- $MOON_HOME/moon_gui/static/app/moon.constants.js - - -### CORS +- it is possible to change some constants (API endpoints): `$MOON_HOME/moon_gui/static/app/moon.constants.js` +## CORS The GUI need to connect itself to Keystone and Moon. Opening CORS to the GUI WebServer is required. - -In order to modify Keystone : - -`cd $pathtoVmSpace/docker/keystone` - -Concerned file is run.sh - -In order to modify Moon : - -`cd $MOON_HOME/moon_interface/interface` - -Concerned file is http_server.py - +- modify Keystone: `$MOON_HOME/tools/moon_keystone/run.sh` +- modify Moon: `$MOON_HOME/moon_interface/interface/http_server.py` +## Usage +After authentication, you will see 4 tabs: Project, Models, Policies, PDP: + +* *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point) +* *Models*: configure templates of policies (for example RBAC or MLS) +* *Policies*: applied models or instantiated models ; +on one policy, you map a authorisation model and set subject, objects and action that will +rely on that model +* *PDP*: Policy Decision Point, this is the link between Policies and Keystone Project + +In the following paragraphs, we will add a new user in OpenStack and allow her to list +all VM on the OpenStack platform. + +First, add a new user and a new project in the OpenStack platform: + + openstack user create --password-prompt demo_user + openstack project create demo + DEMO_USER=$(openstack user list | grep demo_user | cut -d " " -f 2) + DEMO_PROJECT=$(openstack project list | grep demo | cut -d " " -f 2) + openstack role add --user $DEMO_USER --project $DEMO_PROJECT admin + +You have to add the same user in the Moon interface: + +1. go to the `Projects` tab in the Moon interface +1. go to the line corresponding to the new project and click to the `Map to a PDP` link +1. select in the combobox the MLS PDP and click `OK` +1. in the Moon interface, go to the `Policy` tab +1. go to the line corresponding to the MLS policy and click on the `actions->edit` button +1. scroll to the `Perimeters` line and click on the `show` link to show the perimeter configuration +1. go to the `Add a subject` line and click on `Add a new perimeter` +1. set the name of that subject to `demo_user` (*the name must be strictly identical*) +1. in the combobox named `Policy list` select the `MLS` policy and click on the `+` button +1. click on the yellow `Add Perimeter` button +1. go to the `Assignment` line and click on the `show` button +1. under the `Add a Assignments Subject` select the MLS policy, +the new user (`demo_user`), the category `subject_category_level` +1. in the `Select a Data` line, choose the `High` scope and click on the `+` link +1. click on the yellow `Create Assignments` button +1. if you go to the OpenStack platform, the `demo_user` is now allow to connect +to the Nova component (test with `openstack server list` connected with the `demo_user`)
\ No newline at end of file diff --git a/templates/moon_pythonunittest/Dockerfile b/moon_pythonunittest/Dockerfile index b8fb5151..b8fb5151 100644 --- a/templates/moon_pythonunittest/Dockerfile +++ b/moon_pythonunittest/Dockerfile diff --git a/templates/moon_pythonunittest/README.md b/moon_pythonunittest/README.md index 45d3a988..45d3a988 100644 --- a/templates/moon_pythonunittest/README.md +++ b/moon_pythonunittest/README.md diff --git a/templates/moon_pythonunittest/requirements.txt b/moon_pythonunittest/requirements.txt index b611b008..b611b008 100644 --- a/templates/moon_pythonunittest/requirements.txt +++ b/moon_pythonunittest/requirements.txt diff --git a/templates/moon_pythonunittest/run_tests.sh b/moon_pythonunittest/run_tests.sh index 6c586f87..6c586f87 100644 --- a/templates/moon_pythonunittest/run_tests.sh +++ b/moon_pythonunittest/run_tests.sh diff --git a/moonclient/Changelog b/moonclient/Changelog deleted file mode 100644 index 1326511a..00000000 --- a/moonclient/Changelog +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -CHANGES -======= - -0.4.0 ------ - -* Add an argument to force the name of the logfile for test command. - -0.3.0 ------ - -* Return code matches now the number of error occurred during tests - -0.2.0 ------ - -* Update tests command by adding a "--self" attribute - - -0.1.0 ------ - -* Initialization of Moon Client
\ No newline at end of file diff --git a/moonclient/LICENSE b/moonclient/LICENSE deleted file mode 100644 index 68c771a0..00000000 --- a/moonclient/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/moonclient/MANIFEST.in b/moonclient/MANIFEST.in deleted file mode 100644 index ef125662..00000000 --- a/moonclient/MANIFEST.in +++ /dev/null @@ -1,5 +0,0 @@ -include README.rst -include Changelog -include LICENSE -include requirements.txt -graft moonclient/tests diff --git a/moonclient/README.rst b/moonclient/README.rst deleted file mode 100644 index 1263f187..00000000 --- a/moonclient/README.rst +++ /dev/null @@ -1,17 +0,0 @@ -Moon Client -=========== - -Installation ------------- - -* `sudo python setup.py install` - -* `cd ~/devstack || source openrc admin` - - -Manipulation ------------- - -* `moon tenant list` - - diff --git a/moonclient/moonclient/__init__.py b/moonclient/moonclient/__init__.py deleted file mode 100644 index 6a9beea8..00000000 --- a/moonclient/moonclient/__init__.py +++ /dev/null @@ -1 +0,0 @@ -__version__ = "0.4.0" diff --git a/moonclient/moonclient/action_assignments.py b/moonclient/moonclient/action_assignments.py deleted file mode 100644 index 5625a2f2..00000000 --- a/moonclient/moonclient/action_assignments.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionAssignmentsList(Lister): - """List all action assignments.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionAssignmentsList, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='<action-uuid>', - help='Action UUID', - ) - parser.add_argument( - 'action_category_id', - metavar='<action-category-uuid>', - help='Action category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, action_category_id, action_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - intraextension_id, action_category_id), - authtoken=True) - if action_scope_id in data: - return data[action_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_assignments/{}/{}".format( - parsed_args.intraextension, parsed_args.action_id, parsed_args.action_category_id), - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.action_category_id, - _id)['name']) for _id in data) - ) - - -class ActionAssignmentsAdd(Command): - """Add a new action assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionAssignmentsAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='<action-uuid>', - help='Action UUID', - ) - parser.add_argument( - 'action_category_id', - metavar='<action-category-uuid>', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_id', - metavar='<action-scope-uuid>', - help='Action scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, action_category_id, action_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - intraextension_id, action_category_id), - authtoken=True) - if action_scope_id in data: - return data[action_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_assignments".format(parsed_args.intraextension), - post_data={ - "action_id": parsed_args.action_id, - "action_category_id": parsed_args.action_category_id, - "action_scope_id": parsed_args.action_scope_id}, - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.action_category_id, - _id)['name']) for _id in data) - ) - - -class ActionAssignmentsDelete(Command): - """Delete an action assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionAssignmentsDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='<action-uuid>', - help='Action UUID', - ) - parser.add_argument( - 'action_category_id', - metavar='<action-category-uuid>', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_id', - metavar='<action-scope-uuid>', - help='Action scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_assignments/{}/{}/{}".format( - parsed_args.intraextension, - parsed_args.action_id, - parsed_args.action_category_id, - parsed_args.action_scope_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/action_categories.py b/moonclient/moonclient/action_categories.py deleted file mode 100644 index bf7cb7e1..00000000 --- a/moonclient/moonclient/action_categories.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionCategoriesList(Lister): - """List all action categories.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionCategoriesList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ActionCategoriesAdd(Command): - """Add a new action category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionCategoriesAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_category_name', - metavar='<action_category-name>', - help='Action category name', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Action category description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(parsed_args.intraextension), - post_data={ - "action_category_name": parsed_args.action_category_name, - "action_category_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ActionCategoriesDelete(Command): - """Delete an action category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionCategoriesDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='<action_category-uuid>', - help='Action category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories/{}".format( - parsed_args.intraextension, - parsed_args.action_category_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/action_scopes.py b/moonclient/moonclient/action_scopes.py deleted file mode 100644 index 9ddf8d4e..00000000 --- a/moonclient/moonclient/action_scopes.py +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionScopesList(Lister): - """List all action scopes.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionScopesList, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='<action-category-uuid>', - help='Action category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - parsed_args.intraextension, parsed_args.action_category_id), - authtoken=True) - self.log.debug(data) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ActionScopesAdd(Command): - """Add a new action scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionScopesAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='<action-category-uuid>', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_name', - metavar='<action-scope-name>', - help='Action scope name', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Description', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format( - parsed_args.intraextension, parsed_args.action_category_id), - post_data={ - "action_scope_name": parsed_args.action_scope_name, - "action_scope_description": parsed_args.description, - }, - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ActionScopesDelete(Command): - """Delete an action scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionScopesDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_category_id', - metavar='<action-category-uuid>', - help='Action category UUID', - ) - parser.add_argument( - 'action_scope_id', - metavar='<action-scope-uuid>', - help='Action scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}/{}".format( - parsed_args.intraextension, - parsed_args.action_category_id, - parsed_args.action_scope_id - ), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/actions.py b/moonclient/moonclient/actions.py deleted file mode 100644 index 9fbad13a..00000000 --- a/moonclient/moonclient/actions.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ActionsList(Lister): - """List all actions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/actions".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]['name'], data[_uuid]['description']) for _uuid in data) - ) - - -class ActionsAdd(Command): - """Add a new action.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionsAdd, self).get_parser(prog_name) - parser.add_argument( - 'action_name', - metavar='<action-name>', - help='Action name', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Action description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/actions".format(parsed_args.intraextension), # TODO: check method POST? - post_data={ - "action_name": parsed_args.action_name, - "action_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]['name'], data[_uuid]['description']) for _uuid in data) - ) - - -class ActionsDelete(Command): - """Delete an action.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ActionsDelete, self).get_parser(prog_name) - parser.add_argument( - 'action_id', - metavar='<action-uuid>', - help='Action UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/actions/{}".format( - parsed_args.intraextension, - parsed_args.action_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/configuration.py b/moonclient/moonclient/configuration.py deleted file mode 100644 index a05d7151..00000000 --- a/moonclient/moonclient/configuration.py +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister - - -class TemplatesList(Lister): - """List all policy templates.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TemplatesList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - templates = self.app.get_url(self.app.url_prefix+"/configuration/templates", authtoken=True) - return ( - ("id", "name", "description"), - ((template_id, templates[template_id]["name"], templates[template_id]["description"]) - for template_id in templates) - ) - - -class AggregationAlgorithmsList(Lister): - """List all aggregation algorithms.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(AggregationAlgorithmsList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - templates = self.app.get_url(self.app.url_prefix+"/configuration/aggregation_algorithms", authtoken=True) - return ( - ("id", "name", "description"), - ((template_id, templates[template_id]["name"], templates[template_id]["description"]) - for template_id in templates) - ) - - -class SubMetaRuleAlgorithmsList(Lister): - """List all sub meta rule algorithms.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubMetaRuleAlgorithmsList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - templates = self.app.get_url(self.app.url_prefix+"/configuration/sub_meta_rule_algorithms", authtoken=True) - return ( - ("id", "name", "description"), - ((template_id, templates[template_id]["name"], templates[template_id]["description"]) - for template_id in templates) - ) - - diff --git a/moonclient/moonclient/intraextension.py b/moonclient/moonclient/intraextension.py deleted file mode 100644 index f66aabbc..00000000 --- a/moonclient/moonclient/intraextension.py +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.command import Command -from cliff.lister import Lister -from cliff.show import ShowOne -import os - - -class IntraExtensionSelect(Command): - """Select an Intra_Extension to work with.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionSelect, self).get_parser(prog_name) - parser.add_argument( - 'id', - metavar='<intraextension-id>', - help='IntraExtension UUID to select', - ) - return parser - - def take_action(self, parsed_args): - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions", authtoken=True) - if parsed_args.id in ie.keys(): - self.app.intraextension = parsed_args.id - self.app.stdout.write("Select {} IntraExtension.\n".format(self.app.intraextension)) - else: - self.app.stdout.write("IntraExtension {} unknown.\n".format(parsed_args.id)) - return - - -class IntraExtensionCreate(Command): - """Create a new Intra_Extension.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionCreate, self).get_parser(prog_name) - parser.add_argument( - 'name', - metavar='<intraextension-name>', - help='New IntraExtension name', - ) - parser.add_argument( - '--policy_model', - metavar='<policymodel-name>', - help='Policy model name (Template for the new IntraExtension)', - ) - parser.add_argument( - '--description', - metavar='<intraextension-description>', - help='New IntraExtension description', - default="" - ) - return parser - - def take_action(self, parsed_args): - post_data = { - "intra_extension_name": parsed_args.name, - "intra_extension_model": parsed_args.policy_model, - "intra_extension_description": parsed_args.description - } - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions", post_data=post_data, authtoken=True) - if "id" not in ie: - raise Exception("Error in command {}".format(ie)) - self.app.stdout.write("IntraExtension created: {}\n".format(ie["id"])) - return - - -class IntraExtensionList(Lister): - """List all Intra_Extensions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions", authtoken=True) - return ( - ("id", "name", "model"), - ((_id, ie[_id]["name"], ie[_id]["model"]) for _id in ie.keys()) - ) - - -class IntraExtensionDelete(Command): - """Delete an Intra_Extension.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionDelete, self).get_parser(prog_name) - parser.add_argument( - 'uuid', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}".format(parsed_args.uuid), - method="DELETE", - authtoken=True) - - -class IntraExtensionInit(Command): - """Initialize the root Intra_Extension (if needed).""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionInit, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - self.app.get_url(self.app.url_prefix+"/intra_extensions/init", - method="GET", - authtoken=True) - - -class IntraExtensionShow(ShowOne): - """Show detail about one Intra_Extension.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(IntraExtensionShow, self).get_parser(prog_name) - parser.add_argument( - 'uuid', - metavar='<intraextension-uuid>', - help='IntraExtension UUID (put "selected" if you want to show the selected IntraExtension)', - default="selected" - ) - return parser - - def take_action(self, parsed_args): - intra_extension_id = parsed_args.uuid - if parsed_args.uuid == "selected": - intra_extension_id = self.app.intraextension - self.log.debug("self.app.intraextension={}".format(intra_extension_id)) - ie = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}".format(intra_extension_id), authtoken=True) - self.log.debug("ie={}".format(ie)) - if "id" not in ie: - self.log.error("Unknown intraextension {}".format(intra_extension_id)) - raise Exception() - try: - columns = ( - "id", - "name", - "description", - "model", - "genre" - ) - data = ( - ie["id"], - ie["name"], - ie["description"], - ie["model"], - ie["genre"] - ) - return columns, data - except Exception as e: - self.app.stdout.write(str(e)) diff --git a/moonclient/moonclient/logs.py b/moonclient/moonclient/logs.py deleted file mode 100644 index e65a530d..00000000 --- a/moonclient/moonclient/logs.py +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -from cliff.show import ShowOne - - -class LogsList(Lister): - """List all logs.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(LogsList, self).get_parser(prog_name) - parser.add_argument( - '--filter', - metavar='<filter-str>', - help='Filter strings (example: "OK" or "authz")', - ) - parser.add_argument( - '--fromdate', - metavar='<from-date-str>', - help='Filter logs by date (example: "2015-04-15-13:45:20")', - ) - parser.add_argument( - '--todate', - metavar='<to-date-str>', - help='Filter logs by date (example: "2015-04-15-13:45:20")', - ) - parser.add_argument( - '--number', - metavar='<number-int>', - help='Show only <number-int> logs', - ) - return parser - - @staticmethod - def split_into_line(line, max_char=60): - """ Split a long line into multiple lines - - :param line: the line to split - :param max_char: maximal characters to have on one line - :return: a string with new lines - """ - words = line.split(" ") - return_line = "" - prev_modulo = 0 - while True: - try: - modulo = len(return_line) % max_char - if modulo < prev_modulo: - return_line += "\n" + words.pop(0) + " " - else: - return_line += words.pop(0) + " " - prev_modulo = modulo - except IndexError: - return return_line - - def split_time_message(self, line): - """Split a log string into a table (date, message) - - :param line: the line to split - :return: a table (date, message) - """ - _time, _blank, _message = line.split(" ", 2) - return _time, self.split_into_line(_message) - - def take_action(self, parsed_args): - filter_str = parsed_args.filter - from_date = parsed_args.fromdate - to_date = parsed_args.todate - number = parsed_args.number - options = list() - if filter_str: - options.append("filter={}".format(filter_str)) - if from_date: - options.append("from={}".format(from_date)) - if to_date: - options.append("to={}".format(to_date)) - if number: - options.append("event_number={}".format(number)) - if len(options) > 0: - url = self.app.url_prefix+"/logs/{}".format(",".join(options)) - else: - url = self.app.url_prefix+"/logs" - data = self.app.get_url(url, authtoken=True) - return ( - ("Time", "Message",), - (self.split_time_message(log) for log in data) - ) - diff --git a/moonclient/moonclient/metarules.py b/moonclient/moonclient/metarules.py deleted file mode 100644 index 6727711e..00000000 --- a/moonclient/moonclient/metarules.py +++ /dev/null @@ -1,214 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -from cliff.show import ShowOne - - -class AggregationAlgorithmsList(Lister): - """List all aggregation algorithms.""" - - log = logging.getLogger(__name__) - - def __get_aggregation_algorithm_from_id(self, algorithm_id): - algorithms = self.app.get_url(self.app.url_prefix+"/configuration/aggregation_algorithms", authtoken=True) - if algorithm_id in algorithms: - return algorithms[algorithm_id] - return dict() - - def get_parser(self, prog_name): - parser = super(AggregationAlgorithmsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/aggregation_algorithm".format( - parsed_args.intraextension), - authtoken=True) - algorithm = self.__get_aggregation_algorithm_from_id(data['aggregation_algorithm']) - return ( - ("id", "name", "description"), - ((data['aggregation_algorithm'], algorithm["name"], algorithm["description"]), ) - ) - - -class AggregationAlgorithmSet(Command): - """Set the current aggregation algorithm.""" - - log = logging.getLogger(__name__) - - def __get_aggregation_algorithm_from_id(self, algorithm_id): - algorithms = self.app.get_url(self.app.url_prefix+"/configuration/aggregation_algorithms", authtoken=True) - if algorithm_id in algorithms: - return algorithms[algorithm_id] - return dict() - - def get_parser(self, prog_name): - parser = super(AggregationAlgorithmSet, self).get_parser(prog_name) - parser.add_argument( - 'aggregation_algorithm_id', - metavar='<aggregation-algorithm-uuid>', - help='Aggregation algorithm UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Action description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/aggregation_algorithm".format( - parsed_args.intraextension), - post_data={ - "aggregation_algorithm_id": parsed_args.aggregation_algorithm_id, - "aggregation_algorithm_description": parsed_args.description}, - authtoken=True) - algorithm = self.__get_aggregation_algorithm_from_id(data['aggregation_algorithm']) - return ( - ("id",), - (algorithm,) - ) - - -class SubMetaRuleShow(Lister): - """Show the current sub meta rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubMetaRuleShow, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_subject_category_name(self, intraextension, subject_category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(intraextension), - authtoken=True) - if subject_category_id in data: - return data[subject_category_id]["name"] - - def __get_object_category_name(self, intraextension, object_category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(intraextension), - authtoken=True) - if object_category_id in data: - return data[object_category_id]["name"] - - def __get_action_category_name(self, intraextension, action_category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(intraextension), - authtoken=True) - if action_category_id in data: - return data[action_category_id]["name"] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "algorithm", "subject categories", "object categories", "action categories"), - (( - key, - value["name"], - value["algorithm"], - ", ".join([self.__get_subject_category_name(parsed_args.intraextension, cat) for cat in value["subject_categories"]]), - ", ".join([self.__get_object_category_name(parsed_args.intraextension, cat) for cat in value["object_categories"]]), - ", ".join([self.__get_action_category_name(parsed_args.intraextension, cat) for cat in value["action_categories"]]), - ) for key, value in data.iteritems()) - ) - - -class SubMetaRuleSet(Command): - """Set the current sub meta rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubMetaRuleSet, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='<sub-meta-rule-uuid>', - help='Sub Meta Rule UUID (example: "12346")', - ) - parser.add_argument( - '--algorithm_name', - metavar='<algorithm-str>', - help='algorithm to use (example: "inclusion")', - ) - parser.add_argument( - '--name', - metavar='<name-str>', - help='name to set (example: "my new sub meta rule")', - ) - parser.add_argument( - '--subject_category_id', - metavar='<subject-category-uuid>', - help='subject category UUID (example: "12346,")', - ) - parser.add_argument( - '--object_category_id', - metavar='<object-category-uuid>', - help='object category UUID (example: "12346")', - ) - parser.add_argument( - '--action_category_id', - metavar='<action-category-uuid>', - help='action category UUID (example: "12346,0987654")', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - subject_category_id = parsed_args.subject_category_id - if not subject_category_id: - subject_category_id = "" - object_category_id = parsed_args.object_category_id - if not object_category_id: - object_category_id = "" - action_category_id = parsed_args.action_category_id - if not action_category_id: - action_category_id = "" - subject_category_id = map(lambda x: x.strip(), subject_category_id.split(',')) - action_category_id = map(lambda x: x.strip(), action_category_id.split(',')) - object_category_id = map(lambda x: x.strip(), object_category_id.split(',')) - sub_meta_rule_id = parsed_args.submetarule_id - post_data = dict() - post_data["sub_meta_rule_name"] = parsed_args.name - post_data["sub_meta_rule_algorithm"] = parsed_args.algorithm_name - post_data["sub_meta_rule_subject_categories"] = filter(lambda x: x, subject_category_id) - post_data["sub_meta_rule_object_categories"] = filter(lambda x: x, object_category_id) - post_data["sub_meta_rule_action_categories"] = filter(lambda x: x, action_category_id) - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules/{}".format(parsed_args.intraextension, - sub_meta_rule_id), - post_data=post_data, - method="POST", - authtoken=True) - - diff --git a/moonclient/moonclient/object_assignments.py b/moonclient/moonclient/object_assignments.py deleted file mode 100644 index 0942aa6f..00000000 --- a/moonclient/moonclient/object_assignments.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectAssignmentsList(Lister): - """List all object assignments.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectAssignmentsList, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='<object-uuid>', - help='Object UUID', - ) - parser.add_argument( - 'object_category_id', - metavar='<object-category-uuid>', - help='Object category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, object_category_id, object_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - intraextension_id, object_category_id), - authtoken=True) - if object_scope_id in data: - return data[object_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_assignments/{}/{}".format( - parsed_args.intraextension, parsed_args.object_id, parsed_args.object_category_id), - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.object_category_id, - _id)['name']) for _id in data) - ) - - -class ObjectAssignmentsAdd(Command): - """Add a new object assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectAssignmentsAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='<object-uuid>', - help='Object UUID', - ) - parser.add_argument( - 'object_category_id', - metavar='<object-category-uuid>', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_id', - metavar='<object-scope-uuid>', - help='Object scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, object_category_id, object_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - intraextension_id, object_category_id), - authtoken=True) - if object_scope_id in data: - return data[object_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_assignments".format(parsed_args.intraextension), - post_data={ - "object_id": parsed_args.object_id, - "object_category_id": parsed_args.object_category_id, - "object_scope_id": parsed_args.object_scope_id}, - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.object_category_id, - _id)['name']) for _id in data) - ) - - -class ObjectAssignmentsDelete(Command): - """Delete an object assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectAssignmentsDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='<object-uuid>', - help='Object UUID', - ) - parser.add_argument( - 'object_category_id', - metavar='<object-category-id>', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_id', - metavar='<object-scope-id>', - help='Object scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_assignments/{}/{}/{}".format( - parsed_args.intraextension, - parsed_args.object_id, - parsed_args.object_category_id, - parsed_args.object_scope_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/object_categories.py b/moonclient/moonclient/object_categories.py deleted file mode 100644 index 5641f4bf..00000000 --- a/moonclient/moonclient/object_categories.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectCategoriesList(Lister): - """List all Intra_Extensions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectCategoriesList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectCategoriesAdd(Command): - """Add a new object category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectCategoriesAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_category_name', - metavar='<object_category-name>', - help='Object category name', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Object category description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(parsed_args.intraextension), - post_data={ - "object_category_name": parsed_args.object_category_name, - "object_category_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectCategoriesDelete(Command): - """Delete an object category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectCategoriesDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='<object_category-uuid>', - help='Object category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories/{}".format( - parsed_args.intraextension, - parsed_args.object_category_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/object_scopes.py b/moonclient/moonclient/object_scopes.py deleted file mode 100644 index 41b9aef6..00000000 --- a/moonclient/moonclient/object_scopes.py +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectScopesList(Lister): - """List all object scopes.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectScopesList, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='<object-category-uuid>', - help='Object category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - parsed_args.intraextension, parsed_args.object_category_id), - authtoken=True) - self.log.debug(data) # TODO: why log here? - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ObjectScopesAdd(Command): - """Add a new object scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectScopesAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='<object-category-uuid>', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_name', - metavar='<object-scope-str>', - help='Object scope name', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format( - parsed_args.intraextension, parsed_args.object_category_id), - post_data={ - "object_scope_name": parsed_args.object_scope_name, - "object_scope_description": parsed_args.description, - }, - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class ObjectScopesDelete(Command): - """Delete an object scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectScopesDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_category_id', - metavar='<object-category-uuid>', - help='Object category UUID', - ) - parser.add_argument( - 'object_scope_id', - metavar='<object-scope-uuid>', - help='Object scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}/{}".format( - parsed_args.intraextension, - parsed_args.object_category_id, - parsed_args.object_scope_id - ), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/objects.py b/moonclient/moonclient/objects.py deleted file mode 100644 index 0fc04ab8..00000000 --- a/moonclient/moonclient/objects.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class ObjectsList(Lister): - """List all objects.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/objects".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectsAdd(Command): - """Add a new object.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectsAdd, self).get_parser(prog_name) - parser.add_argument( - 'object_name', - metavar='<object-name>', - help='Object name', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Object description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/objects".format(parsed_args.intraextension), - post_data={ - "object_name": parsed_args.object_name, - "object_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class ObjectsDelete(Command): - """List all Intra_Extensions.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(ObjectsDelete, self).get_parser(prog_name) - parser.add_argument( - 'object_id', - metavar='<object-uuid>', - help='Object UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/objects/{}".format( - parsed_args.intraextension, - parsed_args.object_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/rules.py b/moonclient/moonclient/rules.py deleted file mode 100644 index 207533a8..00000000 --- a/moonclient/moonclient/rules.py +++ /dev/null @@ -1,242 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -from cliff.show import ShowOne - - -class RulesList(Lister): - """List all rules.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(RulesList, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='<submetarule-uuid>', - help='Sub Meta Rule UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_subject_category_name(self, intraextension, category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(intraextension), - authtoken=True) - if category_id in data: - return data[category_id]["name"] - - def __get_object_category_name(self, intraextension, category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_categories".format(intraextension), - authtoken=True) - if category_id in data: - return data[category_id]["name"] - - def __get_action_category_name(self, intraextension, category_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_categories".format(intraextension), - authtoken=True) - if category_id in data: - return data[category_id]["name"] - - def __get_subject_scope_name(self, intraextension, category_id, scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format(intraextension, category_id), - authtoken=True) - if scope_id in data: - return data[scope_id]["name"] - return scope_id - - def __get_object_scope_name(self, intraextension, category_id, scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format(intraextension, category_id), - authtoken=True) - if scope_id in data: - return data[scope_id]["name"] - return scope_id - - def __get_action_scope_name(self, intraextension, category_id, scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format(intraextension, category_id), - authtoken=True) - if scope_id in data: - return data[scope_id]["name"] - return scope_id - - def __get_headers(self, intraextension, submetarule_id): - headers = list() - headers.append("") - headers.append("id") - self.sub_meta_rules = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules".format(intraextension), - authtoken=True) - for cat in self.sub_meta_rules[submetarule_id]["subject_categories"]: - headers.append("s:" + self.__get_subject_category_name(intraextension, cat)) - for cat in self.sub_meta_rules[submetarule_id]["action_categories"]: - headers.append("a:" + self.__get_action_category_name(intraextension, cat)) - for cat in self.sub_meta_rules[submetarule_id]["object_categories"]: - headers.append("o:" + self.__get_object_category_name(intraextension, cat)) - headers.append("enabled") - return headers - - def __get_data(self, intraextension, submetarule_id, data_dict): - rules = list() - cpt = 0 - for key in data_dict: - sub_rule = list() - sub_rule.append(cpt) - cpt += 1 - sub_rule.append(key) - rule_item = list(data_dict[key]) - for cat in self.sub_meta_rules[submetarule_id]["subject_categories"]: - sub_rule.append(self.__get_subject_scope_name(intraextension, cat, rule_item.pop(0))) - for cat in self.sub_meta_rules[submetarule_id]["action_categories"]: - sub_rule.append(self.__get_action_scope_name(intraextension, cat, rule_item.pop(0))) - for cat in self.sub_meta_rules[submetarule_id]["object_categories"]: - sub_rule.append(self.__get_object_scope_name(intraextension, cat, rule_item.pop(0))) - sub_rule.append(rule_item.pop(0)) - rules.append(sub_rule) - return rules - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/rule/{}".format( - parsed_args.intraextension, - parsed_args.submetarule_id, - ), - authtoken=True) - self.log.debug(data) - headers = self.__get_headers(parsed_args.intraextension, parsed_args.submetarule_id) - data_list = self.__get_data(parsed_args.intraextension, parsed_args.submetarule_id, data) - return ( - headers, - data_list - ) - - -class RuleAdd(Command): - """Add a new rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(RuleAdd, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='<submetarule-uuid>', - help='Sub Meta Rule UUID', - ) - parser.add_argument( - 'rule', - metavar='<argument-list>', - help='Rule list (example: admin,start,servers) with that ordering: subject, action, object', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_subject_scope_id(self, intraextension, category_id, scope_name): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format(intraextension, category_id), - authtoken=True) - self.log.debug("__get_subject_scope_id {}".format(data)) - for scope_id in data: - if data[scope_id]["name"] == scope_name: - return scope_id - return scope_name - - def __get_object_scope_id(self, intraextension, category_id, scope_name): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/object_scopes/{}".format(intraextension, category_id), - authtoken=True) - self.log.debug("__get_action_scope_id {}".format(data)) - for scope_id in data: - if data[scope_id]["name"] == scope_name: - return scope_id - return scope_name - - def __get_action_scope_id(self, intraextension, category_id, scope_name): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/action_scopes/{}".format(intraextension, category_id), - authtoken=True) - self.log.debug("__get_object_scope_id {}".format(data)) - for scope_id in data: - if data[scope_id]["name"] == scope_name: - return scope_id - return scope_name - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.sub_meta_rules = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/sub_meta_rules".format( - parsed_args.intraextension), - authtoken=True) - new_rule = map(lambda x: x.strip(), parsed_args.rule.split(",")) - post = { - "subject_categories": [], - "object_categories": [], - "action_categories": [], - "enabled": True - } - for cat in self.sub_meta_rules[parsed_args.submetarule_id]["subject_categories"]: - self.log.debug("annalysing s {}".format(cat)) - post["subject_categories"].append(self.__get_subject_scope_id( - parsed_args.intraextension, cat, new_rule.pop(0)) - ) - for cat in self.sub_meta_rules[parsed_args.submetarule_id]["action_categories"]: - self.log.debug("annalysing a {}".format(cat)) - post["action_categories"].append(self.__get_action_scope_id( - parsed_args.intraextension, cat, new_rule.pop(0)) - ) - for cat in self.sub_meta_rules[parsed_args.submetarule_id]["object_categories"]: - self.log.debug("annalysing o {}".format(cat)) - post["object_categories"].append(self.__get_object_scope_id( - parsed_args.intraextension, cat, new_rule.pop(0)) - ) - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/rule/{}".format( - parsed_args.intraextension, parsed_args.submetarule_id), - post_data=post, - authtoken=True) - - -class RuleDelete(Command): - """Delete a new rule.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(RuleDelete, self).get_parser(prog_name) - parser.add_argument( - 'submetarule_id', - metavar='<submetarule-uuid>', - help='Sub Meta Rule UUID', - ) - parser.add_argument( - 'rule_id', - metavar='<rule-uuid>', - help='Rule UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url( - self.app.url_prefix+"/intra_extensions/{intra_extensions_id}/rule/{submetarule_id}/{rule_id}".format( - intra_extensions_id=parsed_args.intraextension, - submetarule_id=parsed_args.submetarule_id, - rule_id=parsed_args.rule_id - ), - method="DELETE", - authtoken=True - ) diff --git a/moonclient/moonclient/shell.py b/moonclient/moonclient/shell.py deleted file mode 100644 index 8be73621..00000000 --- a/moonclient/moonclient/shell.py +++ /dev/null @@ -1,264 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -import sys -import json -import httplib -import os - -from cliff.app import App -from cliff.commandmanager import CommandManager -import moonclient - - -def get_env_creds(admin_token=False): - d = dict() - if 'OS_SERVICE_ENDPOINT' in os.environ.keys() or 'OS_USERNAME' in os.environ.keys(): - if admin_token: - d['endpoint'] = os.environ['OS_SERVICE_ENDPOINT'] - d['token'] = os.environ['OS_SERVICE_TOKEN'] - else: - d['username'] = os.environ['OS_USERNAME'] - d['password'] = os.environ['OS_PASSWORD'] - d['auth_url'] = os.environ['OS_AUTH_URL'] - d['tenant_name'] = os.environ['OS_TENANT_NAME'] - return d - - -class MoonClient(App): - - log = logging.getLogger(__name__) - x_subject_token = None - host = "localhost" - port = "35358" - tenant = None - _intraextension = None - _tenant_id = None - _tenant_name = None - secureprotocol = False - user_saving_file = ".moonclient" - url_prefix = "/moon" - _nb_error = 0 - post = { - "auth": { - "identity": { - "methods": [ - "password" - ], - "password": { - "user": { - "domain": { - "id": "Default" - }, - "name": "admin", - "password": "nomoresecrete" - } - } - }, - "scope": { - "project": { - "domain": { - "id": "Default" - }, - "name": "demo" - } - } - } - } - - def __init__(self): - super(MoonClient, self).__init__( - description='Moon Python Client', - version=moonclient.__version__, - command_manager=CommandManager('moon.client'), - ) - creds = get_env_creds() - self.post["auth"]["identity"]["password"]["user"]["password"] = creds["password"] - self.post["auth"]["identity"]["password"]["user"]["name"] = creds["username"] - self.post["auth"]["scope"]["project"]["name"] = creds["tenant_name"] - self.host = creds["auth_url"].replace("https://", "").replace("http://", "").split("/")[0].split(":")[0] - self.port = creds["auth_url"].replace("https://", "").replace("http://", "").split("/")[0].split(":")[1] - if "https" in creds["auth_url"]: - self.secureprotocol = True - else: - self.secureprotocol = False - self._tenant_name = creds["tenant_name"] - self.parser.add_argument( - '--username', - metavar='<username-str>', - help='Force OpenStack username', - default=None - ) - self.parser.add_argument( - '--tenant', - metavar='<tenantname-str>', - help='Force OpenStack tenant', - default=None - ) - self.parser.add_argument( - '--password', - metavar='<password-str>', - help='Force OpenStack password', - default=None - ) - self.parser.add_argument( - '--authurl', - metavar='<authurl-str>', - help='Force OpenStack authentication URL', - default=None - ) - - @property - def tenant_id(self): - if not self._tenant_id: - self._tenant_id = self.get_url("/v3/projects?name={}".format(self._tenant_name), - authtoken=True, port=5000)["projects"][0]["id"] - return self._tenant_id - - @property - def tenant_name(self): - return self._tenant_name - - @property - def intraextension(self): - return open(os.path.join(os.getenv('HOME'), self.user_saving_file)).read().strip() - - @intraextension.setter - def intraextension(self, value): - self._intraextension = value - open(os.path.join(os.getenv('HOME'), self.user_saving_file), "w").write(value) - - @property - def nb_error(self): - return self._nb_error - - def incr_error(self, msg=""): - self._nb_error += 1 - if not msg: - print("INCREMENTING ERRORS {}".format(self._nb_error)) - else: - print("INCREMENTING ERRORS {} [{}]".format(self._nb_error, msg)) - - def get_tenant_uuid(self, tenant_name): - return self.get_url("/v3/projects?name={}".format(tenant_name), authtoken=True, port=5000)["projects"][0]["id"] - - def get_url(self, url, post_data=None, delete_data=None, method="GET", authtoken=None, port=None): - if post_data: - method = "POST" - if delete_data: - method = "DELETE" - self.log.debug("\033[32m{} {}\033[m".format(method, url)) - # TODO: we must manage authentication and requests with secure protocol (ie. HTTPS) - if not port: - port = self.port - conn = httplib.HTTPConnection(self.host, int(port)) - self.log.debug("Host: {}:{}".format(self.host, self.port)) - headers = { - "Content-type": "application/x-www-form-urlencoded", - "Accept": "text/plain,text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", - } - if authtoken: - if self.x_subject_token: - headers["X-Auth-Token"] = self.x_subject_token - if post_data: - method = "POST" - headers["Content-type"] = "application/json" - post_data = json.dumps(post_data) - conn.request(method, url, post_data, headers=headers) - elif delete_data: - method = "DELETE" - conn.request(method, url, json.dumps(delete_data), headers=headers) - else: - conn.request(method, url, headers=headers) - resp = conn.getresponse() - headers = resp.getheaders() - try: - self.x_subject_token = dict(headers)["x-subject-token"] - except KeyError: - pass - content = resp.read() - conn.close() - if len(content) == 0: - return {} - try: - content = json.loads(content) - if "error" in content: - try: - raise Exception("Getting an error while requiring {} ({}: {}, {})".format( - url, - content['error']['code'], - content['error']['title'], - content['error']['message'], - )) - except ValueError: - raise Exception("Bad error format while requiring {} ({})".format(url, content)) - return content - except ValueError: - raise Exception("Getting an error while requiring {} ({})".format(url, content)) - finally: - self.log.debug(str(content)) - - def auth_keystone(self, username=None, password=None, host=None, port=None, tenant=None): - """Send a new authentication request to Keystone - - :param username: user identification name - :return: - """ - if username: - self.post["auth"]["identity"]["password"]["user"]["name"] = username - if password: - self.post["auth"]["identity"]["password"]["user"]["password"] = password - if tenant: - self.post["auth"]["scope"]["project"]["name"] = tenant - if host: - self.host = host - if port: - self.port = port - data = self.get_url("/v3/auth/tokens", post_data=self.post) - if "token" not in data: - raise Exception("Authentication problem ({})".format(data)) - - def initialize_app(self, argv): - self.log.debug('initialize_app: {}'.format(argv)) - if self.options.username: - self.post["auth"]["identity"]["password"]["user"]["name"] = self.options.username - self.log.debug("change username {}".format(self.options.username)) - if self.options.password: - self.post["auth"]["identity"]["password"]["user"]["password"] = self.options.password - self.log.debug("change password") - if self.options.tenant: - self.post["auth"]["scope"]["project"]["name"] = self.options.tenant - self._tenant_name = self.options.tenant - self.log.debug("change tenant {}".format(self.options.tenant)) - if self.options.authurl: - self.host = self.options.authurl.replace("https://", "").replace("http://", "").split("/")[0].split(":")[0] - self.port = self.options.authurl.replace("https://", "").replace("http://", "").split("/")[0].split(":")[1] - if "https" in self.options.authurl: - self.secureprotocol = True - else: - self.secureprotocol = False - data = self.get_url("/v3/auth/tokens", post_data=self.post) - if "token" not in data: - raise Exception("Authentication problem ({})".format(data)) - - def prepare_to_run_command(self, cmd): - self.log.debug('prepare_to_run_command %s', cmd.__class__.__name__) - - def clean_up(self, cmd, result, err): - self.log.debug('clean_up %s', cmd.__class__.__name__) - if err: - self.log.debug('got an error: %s', err) - self.log.debug("result: {}".format(result)) - - -def main(argv=sys.argv[1:]): - myapp = MoonClient() - myapp.run(argv) - return myapp.nb_error - - -if __name__ == '__main__': - sys.exit(main(sys.argv[1:])) diff --git a/moonclient/moonclient/subject_assignments.py b/moonclient/moonclient/subject_assignments.py deleted file mode 100644 index ec5e9549..00000000 --- a/moonclient/moonclient/subject_assignments.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class SubjectAssignmentsList(Lister): - """List all subject assignments.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectAssignmentsList, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='<subject-uuid>', - help='Subject UUID', - ) - parser.add_argument( - 'subject_category_id', - metavar='<subject-category-uuid>', - help='Subject category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, subject_category_id, subject_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - intraextension_id, subject_category_id), - authtoken=True) - if subject_scope_id in data: - return data[subject_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_assignments/{}/{}".format( - parsed_args.intraextension, parsed_args.subject_id, parsed_args.subject_category_id), - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.subject_category_id, - _id)['name']) for _id in data) - ) - - -class SubjectAssignmentsAdd(Command): - """Add a new subject assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectAssignmentsAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='<subject-uuid>', - help='Subject UUID', - ) - parser.add_argument( - 'subject_category_id', - metavar='<subject-category-uuid>', - help='Subject category id', - ) - parser.add_argument( - 'subject_scope_id', - metavar='<subject-scope-uuid>', - help='Subject scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def __get_scope_from_id(self, intraextension_id, subject_category_id, subject_scope_id): - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - intraextension_id, subject_category_id), - authtoken=True) - if subject_scope_id in data: - return data[subject_scope_id] - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_assignments".format(parsed_args.intraextension), - post_data={ - "subject_id": parsed_args.subject_id, - "subject_category_id": parsed_args.subject_category_id, - "subject_scope_id": parsed_args.subject_scope_id}, - authtoken=True) - return ( - ("id", "name"), - ((_id, self.__get_scope_from_id(parsed_args.intraextension, - parsed_args.subject_category_id, - _id)['name']) for _id in data) - ) - - -class SubjectAssignmentsDelete(Command): - """Delete a subject assignment.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectAssignmentsDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='<subject-uuid>', - help='Subject UUID', - ) - parser.add_argument( - 'subject_category_id', - metavar='<subject-category-uuid>', - help='Subject category UUID', - ) - parser.add_argument( - 'subject_scope_id', - metavar='<subject-scope-uuid>', - help='Subject scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_assignments/{}/{}/{}".format( - parsed_args.intraextension, - parsed_args.subject_id, - parsed_args.subject_category_id, - parsed_args.subject_scope_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/subject_categories.py b/moonclient/moonclient/subject_categories.py deleted file mode 100644 index 810b0b5f..00000000 --- a/moonclient/moonclient/subject_categories.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class SubjectCategoriesList(Lister): - """List all subject categories.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectCategoriesList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class SubjectCategoriesAdd(Command): - """Add a new subject category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectCategoriesAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_name', - metavar='<subject_category-name>', - help='Subject category name', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Subject category description', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories".format(parsed_args.intraextension), - post_data={ - "subject_category_name": parsed_args.subject_category_name, - "subject_category_description": parsed_args.description}, - authtoken=True) - return ( - ("id", "name", "description"), - ((_uuid, data[_uuid]["name"], data[_uuid]["description"]) for _uuid in data) - ) - - -class SubjectCategoriesDelete(Command): - """Delete a subject category.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectCategoriesDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='<subject_category-uuid>', - help='Subject category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_categories/{}".format( - parsed_args.intraextension, - parsed_args.subject_category_id), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/subject_scopes.py b/moonclient/moonclient/subject_scopes.py deleted file mode 100644 index 90cc5dcc..00000000 --- a/moonclient/moonclient/subject_scopes.py +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class SubjectScopesList(Lister): - """List all subject scopes.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectScopesList, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='<subject-category-uuid>', - help='Subject category UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - parsed_args.intraextension, - parsed_args.subject_category_id), - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class SubjectScopesAdd(Command): - """Add a new subject scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectScopesAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='<subject-category-uuid>', - help='Subject category UUID', - ) - parser.add_argument( - 'subject_scope_name', - metavar='<subject-scope-str>', - help='Subject scope Name', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Description', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}".format( - parsed_args.intraextension, parsed_args.subject_category_id), - post_data={ - "subject_scope_name": parsed_args.subject_scope_name, - "subject_scope_description": parsed_args.description, - }, - authtoken=True) - return ( - ("id", "name", "description"), - ((_id, data[_id]["name"], data[_id]["description"]) for _id in data) - ) - - -class SubjectScopesDelete(Command): - """Delete a subject scope.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectScopesDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_category_id', - metavar='<subject-category-uuid>', - help='Subject category UUID', - ) - parser.add_argument( - 'subject_scope_id', - metavar='<subject-scope-uuid>', - help='Subject scope UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subject_scopes/{}/{}".format( - parsed_args.intraextension, - parsed_args.subject_category_id, - parsed_args.subject_scope_id - ), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/subjects.py b/moonclient/moonclient/subjects.py deleted file mode 100644 index 678caf5b..00000000 --- a/moonclient/moonclient/subjects.py +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command -import getpass - - -class SubjectsList(Lister): - """List all subjects.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectsList, self).get_parser(prog_name) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subjects".format(parsed_args.intraextension), - authtoken=True) - return ( - ("id", "name", "Keystone ID"), - ((_uuid, data[_uuid]["name"], data[_uuid]["keystone_id"]) for _uuid in data) - ) - - -class SubjectsAdd(Command): - """add a new subject.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectsAdd, self).get_parser(prog_name) - parser.add_argument( - 'subject_name', - metavar='<subject-name>', - help='Subject name', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - parser.add_argument( - '--description', - metavar='<description-str>', - help='Subject description', - ) - parser.add_argument( - '--subject_pass', - metavar='<password-str>', - help='Password for subject (if not given, user will be prompted for one)', - ) - parser.add_argument( - '--email', - metavar='<email-str>', - help='Email for the user', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - if not parsed_args.subject_pass: - parsed_args.password = getpass.getpass("Password for user {}:".format(parsed_args.subject_name)) - data = self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subjects".format(parsed_args.intraextension), - post_data={ - "subject_name": parsed_args.subject_name, - "subject_description": parsed_args.description, - "subject_password": parsed_args.subject_pass, - "subject_email": parsed_args.email - }, - authtoken=True) - return ( - ("id", "name", "Keystone ID"), - ((_uuid, data[_uuid]["name"], data[_uuid]["keystone_id"]) for _uuid in data) - ) - - -class SubjectsDelete(Command): - """Delete a subject.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(SubjectsDelete, self).get_parser(prog_name) - parser.add_argument( - 'subject_id', - metavar='<subject-uuid>', - help='Subject UUID', - ) - parser.add_argument( - '--intraextension', - metavar='<intraextension-uuid>', - help='IntraExtension UUID', - ) - return parser - - def take_action(self, parsed_args): - if not parsed_args.intraextension: - parsed_args.intraextension = self.app.intraextension - self.app.get_url(self.app.url_prefix+"/intra_extensions/{}/subjects/{}".format( - parsed_args.intraextension, - parsed_args.subject_id - ), - method="DELETE", - authtoken=True - )
\ No newline at end of file diff --git a/moonclient/moonclient/tenants.py b/moonclient/moonclient/tenants.py deleted file mode 100644 index 99c6e501..00000000 --- a/moonclient/moonclient/tenants.py +++ /dev/null @@ -1,200 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging - -from cliff.lister import Lister -from cliff.command import Command - - -class TenantList(Lister): - """List all tenants.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantList, self).get_parser(prog_name) - return parser - - def take_action(self, parsed_args): - tenants = self.app.get_url(self.app.url_prefix+"/tenants", authtoken=True) - self.log.debug(tenants) - return ( - ("id", "name", "description", "intra_authz_extension_id", "intra_admin_extension_id"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantAdd(Command): - """Add a tenant.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantAdd, self).get_parser(prog_name) - parser.add_argument( - 'tenant_name', - metavar='<tenant-name>', - help='Tenant name', - ) - parser.add_argument( - '--authz', - metavar='<authz-intraextension-uuid>', - help='Authz IntraExtension UUID', - ) - parser.add_argument( - '--admin', - metavar='<admin-intraextension-uuid>', - help='Admin IntraExtension UUID', - ) - parser.add_argument( - '--desc', - metavar='<tenant-description-str>', - help='Tenant description', - ) - return parser - - def take_action(self, parsed_args): - post_data = dict() - post_data["tenant_name"] = parsed_args.tenant_name - if parsed_args.authz: - post_data["tenant_intra_authz_extension_id"] = parsed_args.authz - if parsed_args.admin: - post_data["tenant_intra_admin_extension_id"] = parsed_args.admin - if parsed_args.desc: - post_data["tenant_description"] = parsed_args.desc - tenants = self.app.get_url(self.app.url_prefix+"/tenants", - post_data=post_data, - authtoken=True) - return ( - ("id", "name", "description", "intra_authz_extension_id", "intra_admin_extension_id"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantShow(Command): - """Show information of one tenant.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantShow, self).get_parser(prog_name) - parser.add_argument( - 'tenant_name', - metavar='<tenant-name>', - help='Tenant name', - ) - return parser - - def take_action(self, parsed_args): - tenants = self.app.get_url(self.app.url_prefix+"/tenants/{}".format(parsed_args.tenant_name), - authtoken=True) - return ( - ("id", "name", "description", "intra_authz_extension_id", "intra_admin_extension_id"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantSet(Command): - """Modify a tenant.""" - - log = logging.getLogger(__name__) - - # TODO: could use a PATCH method also - def get_parser(self, prog_name): - parser = super(TenantSet, self).get_parser(prog_name) - parser.add_argument( - 'tenant_id', - metavar='<tenant-id>', - help='Tenant UUID', - ) - parser.add_argument( - '--name', - metavar='<tenant-name>', - help='Tenant name', - ) - parser.add_argument( - '--authz', - metavar='<authz-intraextension-uuid>', - help='Authz IntraExtension UUID', - ) - parser.add_argument( - '--admin', - metavar='<admin-intraextension-uuid>', - help='Admin IntraExtension UUID', - ) - parser.add_argument( - '--desc', - metavar='<tenant-description-str>', - help='Tenant description', - ) - return parser - - def take_action(self, parsed_args): - post_data = dict() - post_data["tenant_id"] = parsed_args.tenant_id - if parsed_args.name: - post_data["tenant_name"] = parsed_args.tenant_name - if parsed_args.authz is not None: - post_data["tenant_intra_authz_extension_id"] = parsed_args.authz - if parsed_args.admin is not None: - post_data["tenant_intra_admin_extension_id"] = parsed_args.admin - if parsed_args.desc is not None: - post_data["tenant_description"] = parsed_args.desc - tenants = self.app.get_url(self.app.url_prefix+"/tenants/{}".format(post_data["tenant_id"]), - post_data=post_data, - authtoken=True) - return ( - ("id", "name", "description", "authz", "admin"), - (( - tenant_id, - tenants[tenant_id]["name"], - tenants[tenant_id]["description"], - tenants[tenant_id]["intra_authz_extension_id"], - tenants[tenant_id]["intra_admin_extension_id"], - ) - for tenant_id in tenants) - ) - - -class TenantDelete(Command): - """Delete a tenant.""" - - log = logging.getLogger(__name__) - - def get_parser(self, prog_name): - parser = super(TenantDelete, self).get_parser(prog_name) - parser.add_argument( - 'tenant_id', - metavar='<tenant-id>', - help='Tenant UUID', - ) - return parser - - def take_action(self, parsed_args): - self.app.get_url(self.app.url_prefix+"/tenants/{}".format(parsed_args.tenant_id), - method="DELETE", - authtoken=True) diff --git a/moonclient/moonclient/tests.py b/moonclient/moonclient/tests.py deleted file mode 100644 index b2c02f11..00000000 --- a/moonclient/moonclient/tests.py +++ /dev/null @@ -1,251 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -import json -import shlex -import re -from cliff.lister import Lister -from cliff.command import Command -from uuid import uuid4 -import os -import time -import subprocess -import glob - - -class TestsLaunch(Lister): - """Tests launcher.""" - - log = logging.getLogger(__name__) - result_vars = dict() - logfile_name = "/tmp/moonclient_test_{}.log".format(time.strftime("%Y%m%d-%H%M%S")) - logfile = open(logfile_name, "w") - TIME_FORMAT = '%Y-%m-%d %H:%M:%S' - - def get_parser(self, prog_name): - parser = super(TestsLaunch, self).get_parser(prog_name) - parser.add_argument( - '--stop-on-error', action="store_true", - help='Stop the test on the first error', - ) - parser.add_argument( - '--self', action="store_true", - help='Execute all internal tests', - ) - parser.add_argument( - 'testfile', - metavar='<filename(s)>', - nargs='?', - help='Filenames that contains tests to run ' - '(examples: /path/to/test.json, /path/to/directory/, ' - '"/path/to/*-file.json" -- don\'t forget the quote)', - ) - parser.add_argument( - '--logfile', - metavar='<logfile-str>', - help='Force Log filename.', - default=None - ) - return parser - - def __replace_var_in_str(self, data_str): - self.log.debug("__replace_var_in_str " + data_str) - for exp in re.findall("\$\w+", data_str): - self.log.debug("--->" + exp + str(self.result_vars)) - if exp.replace("$", "") in self.result_vars: - data_str = re.sub(exp.replace("$", "\$") + "(?!\w)", self.result_vars[exp.replace("$", "")], data_str) - self.log.debug("__replace_var_in_str " + data_str) - return data_str - - def __compare_results(self, expected, observed): - match = re.search(expected, observed) - if match: - self.result_vars.update(match.groupdict()) - return True - return False - - def take_action(self, parsed_args): - if parsed_args.logfile: - self.logfile_name = parsed_args.logfile - self.log.info("Write tests output to {}".format(self.logfile_name)) - if parsed_args.self: - import sys - import moonclient # noqa - parsed_args.testfile = os.path.join(sys.modules['moonclient'].__path__[0], "tests") - if parsed_args.testfile and os.path.isfile(parsed_args.testfile): - return self.test_file(parsed_args.testfile) - else: - cpt = 1 - filenames = [] - global_result = {} - if os.path.isdir(parsed_args.testfile): - filenames = glob.glob(parsed_args.testfile + "/*.json") - else: - filenames = glob.glob(parsed_args.testfile) - for filename in filenames: - if os.path.isfile(filename): - self.log.info("\n\033[1m\033[32mExecuting {} ({}/{})\033[m".format(filename, cpt, len(filenames))) - global_result[filename] = self.test_file(filename) - cpt += 1 - results = [] - for result_id, result_values in global_result.iteritems(): - result_ok = True - # self.log.info(result_id) - # self.log.info(result_values[1]) - log_filename = "" - for value in result_values[1]: - if "False" in value[2]: - result_ok = False - if "Overall results" in value[1]: - log_filename = value[3] - if result_ok: - results.append((result_id, "\033[32mTrue\033[m", log_filename)) - else: - results.append((result_id, "\033[1m\033[31mFalse\033[m", log_filename)) - return ( - ("filename", "results", "log file"), - results - ) - - def test_file(self, testfile): - if not self.logfile_name: - self.logfile_name = "/tmp/moonclient_test_{}.log".format(time.strftime("%Y%m%d-%H%M%S")) - self.logfile = open(self.logfile_name, "a") - self.logfile.write(80*"=" + "\n") - self.logfile.write(testfile + "\n\n") - stdout_back = self.app.stdout - tests_dict = json.load(open(testfile)) - self.log.debug("tests_dict = {}".format(tests_dict)) - global_command_options = "" - if "command_options" in tests_dict: - global_command_options = tests_dict["command_options"] - data = list() - for group_name, tests_list in tests_dict["tests_group"].iteritems(): - overall_result = True - self.log.info("\n\033[1mgroup {}\033[0m".format(group_name)) - self.logfile.write("{}:\n\n".format(group_name)) - test_count = len(tests_list) - for test in tests_list: - result_str = "" - error_str = "" - if "auth_name" in test or "auth_password" in test or "auth_url" in test: - username = None - password = None - tenant = None - host = None - port = None - description = "" - if "auth_name" in test: - username = test["auth_name"] - os.environ["OS_USERNAME"] = test["auth_name"] - if "auth_password" in test: - password = test["auth_password"] - os.environ["OS_PASSWORD"] = test["auth_password"] - if "auth_tenant" in test: - tenant = test["auth_tenant"] - os.environ["OS_TENANT_NAME"] = test["auth_tenant"] - if "auth_host" in test: - host = test["auth_host"] - if "auth_port" in test: - port = test["auth_port"] - if "description" in test: - description = test["description"] - self.app.auth_keystone(username, password, host, port, tenant) - title = "Change auth to " - if username: - title += username - if host: - title += "@" + host - if port: - title += ":" + port - title += "\n" - self.logfile.write(time.strftime(self.TIME_FORMAT) + " " + title + "\n") - self.log.info(title.strip()) - data_tmp = list() - data_tmp.append("") - data_tmp.append(title.strip()) - data_tmp.append("\033[32mOK\033[m") - data_tmp.append(description.strip()) - data.append(data_tmp) - continue - data_tmp = list() - tmp_filename = os.path.join("/tmp", "moon_{}.tmp".format(uuid4().hex)) - tmp_filename_fd = open(tmp_filename, "w") - self.log.debug("test={}".format(test)) - if "command" not in test: - if "external_command" in test: - ext_command = test["external_command"] - else: - continue - ext_command = self.__replace_var_in_str(ext_command) - self.logfile.write(time.strftime(self.TIME_FORMAT) + " " + "-----> {}\n".format(ext_command)) - self.log.info(" \\-executing external \"{}\"".format(ext_command)) - pipe = subprocess.Popen(shlex.split(ext_command), stdout=subprocess.PIPE, stderr=subprocess.PIPE) - com = pipe.communicate() - result_str = com[0] - error_str = com[1] - self.logfile.write("stdout: {}\n".format(result_str)) - self.logfile.write("stderr: {}\n".format(error_str)) - if "command" in test: - if "command_options" in test: - command = test["command"] + " " + test["command_options"] - else: - command = test["command"] + " " + global_command_options - command = self.__replace_var_in_str(command) - self.logfile.write(time.strftime(self.TIME_FORMAT) + " " + - test["name"] + " " + - "-----> {}\n".format(command)) - self.log.info(" \\-executing {}".format(command)) - self.app.stdout = tmp_filename_fd - result_id = self.app.run_subcommand(shlex.split(command)) - tmp_filename_fd.close() - self.app.stdout = stdout_back - result_str = open(tmp_filename, "r").read() - self.logfile.write("{}".format(result_str)) - os.unlink(tmp_filename) - data_tmp.append(group_name) - data_tmp.append(test["name"]) - if "result" in test: - compare = self.__compare_results(self.__replace_var_in_str(test["result"]), result_str) - self.logfile.write("\\---->{}: {}\n\n".format(compare, self.__replace_var_in_str(test["result"]))) - else: - compare = not self.__compare_results(self.__replace_var_in_str(test["no_result"]), result_str) - self.logfile.write("\\---->{}: not {}\n\n".format(compare, self.__replace_var_in_str(test["no_result"]))) - if error_str: - if compare: - compare = "\033[33mTrue\033[m" - overall_result = overall_result and True - else: - compare = "\033[1m\033[31mFalse\033[m" - self.app.incr_error(error_str) - overall_result = overall_result and False - else: - overall_result = overall_result and compare - if compare: - if overall_result: - compare = "\033[32mTrue\033[m" - else: - compare = "\033[mTrue\033[m" - else: - compare = "\033[1m\033[31mFalse\033[m" - self.app.incr_error() - data_tmp.append(compare) - data_tmp.append(test["description"]) - data.append(data_tmp) - data_tmp = list() - data_tmp.append("\033[1m" + group_name + "\033[m") - data_tmp.append("\033[1mOverall results ({})\033[m".format(test_count)) - if overall_result: - data_tmp.append("\033[1m\033[32mTrue\033[m") - else: - data_tmp.append("\033[1m\033[31mFalse\033[m") - data_tmp.append(self.logfile_name) - data.append(data_tmp) - - return ( - ("group_name", "test_name", "result", "description"), - data - ) diff --git a/moonclient/moonclient/tests/functional_tests.sh b/moonclient/moonclient/tests/functional_tests.sh deleted file mode 100644 index 505980cc..00000000 --- a/moonclient/moonclient/tests/functional_tests.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/sh - -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -PROG=moon -OS_TENANT_NAME=demo -DEMO_USER=$(keystone user-list | awk '/ demo / {print $2}') - -# must be authenticated with Keystone -# ie. : "cd ~/devstack; . openrc admin" - -function test_cmd { - echo -e "\033[33m$PROG $1\033[m" - $PROG $1 | tee /tmp/_ - if [ $? != 0 ]; then - echo -e "\033[31mError for test \"$1\" \033[m" - exit 1 - fi -} - -test_cmd "intraextension list" -test_cmd "intraextension add --policy_model policy_rbac func_test" -uuid=$(cat /tmp/_ | cut -d " " -f 3) -test_cmd "intraextension tenant set $uuid $OS_TENANT_NAME" -test_cmd "intraextension show $uuid" - -test_cmd "subjects list" -test_cmd "subjects add $DEMO_USER" -test_cmd "subjects list" - -test_cmd "objects list" -test_cmd "objects add my_obj" -test_cmd "objects list" - -test_cmd "actions list" -test_cmd "actions add my_action" -test_cmd "actions list" - -# Category - -test_cmd "subject categories list" -test_cmd "subject categories add my_cat" -test_cmd "subject categories list" - -test_cmd "object categories list" -test_cmd "object categories add my_cat" -test_cmd "object categories list" - -test_cmd "action categories list" -test_cmd "action categories add my_cat" -test_cmd "action categories list" - -# Category scope - -test_cmd "subject category scope list" -test_cmd "subject category scope add my_cat my_scope" -test_cmd "subject category scope list" - -test_cmd "object category scope list" -test_cmd "object category scope add my_cat my_scope" -test_cmd "object category scope list" - -test_cmd "action category scope list" -test_cmd "action category scope add my_cat my_scope" -test_cmd "action category scope list" - -# Assignments - -test_cmd "subject assignments list" -test_cmd "subject assignments add $DEMO_USER my_cat my_scope" -test_cmd "subject assignments list" - -test_cmd "object assignments list" -test_cmd "object assignments add my_obj my_cat my_scope" -test_cmd "object assignments list" - -test_cmd "action assignments list" -test_cmd "action assignments add my_action my_cat my_scope" -test_cmd "action assignments list" - -# Sub meta rules - -test_cmd "aggregation algorithms list" -test_cmd "aggregation algorithm show" -test_cmd "aggregation algorithm set test_aggregation" -test_cmd "aggregation algorithm show" -test_cmd "submetarule show" -test_cmd "submetarule set relation_super subject_security_level,my_cat computing_action,my_cat object_security_level,my_cat" -test_cmd "submetarule show" -test_cmd "submetarule relation list" - -# Rules - -test_cmd "rules list" -test_cmd "rules add relation_super high,my_scope,vm_access,my_scope,high,my_scope" -test_cmd "rules delete relation_super high,my_scope,vm_access,my_scope,high,my_scope" - -#Delete all -test_cmd "subject assignments delete $DEMO_USER my_cat my_scope" -test_cmd "subject assignments list" -test_cmd "object assignments delete my_obj my_cat my_scope" -test_cmd "object assignments list" -test_cmd "action assignments delete my_action my_cat my_scope" -test_cmd "action assignments list" - -test_cmd "subject category scope delete my_cat my_scope" -test_cmd "subject category scope list" -test_cmd "object category scope delete my_cat my_scope" -test_cmd "object category scope list" -test_cmd "action category scope delete my_cat my_scope" -test_cmd "action category scope list" - -test_cmd "subjects delete $DEMO_USER" -test_cmd "subjects list" -test_cmd "objects delete my_obj" -test_cmd "objects list" -test_cmd "actions delete my_action" -test_cmd "actions list" -test_cmd "subject categories delete my_cat" -test_cmd "subject categories list" -test_cmd "object categories delete my_cat" -test_cmd "object categories list" -test_cmd "action categories delete my_cat" -test_cmd "action categories list" - - -test_cmd "intraextension delete $uuid"
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_action_assignments.json b/moonclient/moonclient/tests/tests_action_assignments.json deleted file mode 100644 index f5cabbbb..00000000 --- a/moonclient/moonclient/tests/tests_action_assignments.json +++ /dev/null @@ -1,371 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add boot", - "result": "", - "description": "Add the new action category boot", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action>\\w+)\\s+boot", - "description": "Check that boot action was added." - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "action assignment add $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "result": "$uuid_action_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "action assignment delete $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category role", - "command_options": "" - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add boot", - "result": "", - "description": "Add the new action category boot", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action>\\w+)\\s+boot", - "description": "Check that boot action was added." - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "action assignment add $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "result": "$uuid_action_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "action assignment delete $uuid_action $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "action assignment list $uuid_action $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category role", - "command_options": "" - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_action_categories.json b/moonclient/moonclient/tests/tests_action_categories.json deleted file mode 100644 index 1932ffc0..00000000 --- a/moonclient/moonclient/tests/tests_action_categories.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action_category", - "command": "action category add my_new_action_category", - "result": "", - "description": "Add the new action category my_new_action_category", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+my_new_action_category", - "description": "Check that my_new_action_category action_category was added." - }, - { - "name": "delete_action_category", - "command": "action category delete $uuid_action_category", - "result": "^$", - "description": "Delete my_new_action_category action_category.", - "command_options": "" - }, - { - "name": "list_action_category", - "command": "action category list", - "no_result": "$uuid_action_category", - "description": "Check that my_new_action_category action_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_action_scopes.json b/moonclient/moonclient/tests/tests_action_scopes.json deleted file mode 100644 index 069af73e..00000000 --- a/moonclient/moonclient/tests/tests_action_scopes.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_action_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", - "description": "Get one action_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category resource_action", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category resource_action", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "action scope list $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_action_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", - "description": "Get one action_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to action category resource_action", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "action scope delete $uuid_action_category $uuid_action_scope", - "result": "^$", - "description": "Delete one scope from action category resource_action", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "action scope list $uuid_action_category", - "no_result": "$uuid_action_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_actions.json b/moonclient/moonclient/tests/tests_actions.json deleted file mode 100644 index 07de9cc0..00000000 --- a/moonclient/moonclient/tests/tests_actions.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add new_action_1", - "result": "", - "description": "Add a new action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action>\\w+)\\s+new_action_1", - "description": "Check that new_action_1 action was added." - }, - { - "name": "delete_action", - "command": "action delete $uuid_action", - "result": "^$", - "description": "Delete new_action_1 action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "no_result": "$uuid_action", - "description": "Check that new_action_1 action was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_action", - "command": "action add new_action_1", - "result": "", - "description": "Add a new action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action>\\w+)\\s+new_action_1", - "description": "Check that new_action_1 action was added." - }, - { - "name": "delete_action", - "command": "action delete $uuid_action", - "result": "^$", - "description": "Delete new_action_1 action.", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "no_result": "$uuid_action", - "description": "Check that new_action_1 action was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_admin_intraextensions.json b/moonclient/moonclient/tests/tests_admin_intraextensions.json deleted file mode 100644 index 16a47348..00000000 --- a/moonclient/moonclient/tests/tests_admin_intraextensions.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "List all tenants (must be empty)" - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check authz ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check admin ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_admin", - "description": "Check that admin ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_admin_extension_id -f value" - }, - - { - "name": "select admin ie", - "command": "intraextension select $uuid_admin", - "result": "Select $uuid_admin IntraExtension.", - "description": "Select the admin intra extension to work with", - "command_options": "" - }, - { - "name": "check_admin_user", - "command": "subject list", - "result": "admin", - "description": "Check that admin user was added" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "rbac", - "description": "Check that submetarule was added" - }, - - - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_configuration.json b/moonclient/moonclient/tests/tests_configuration.json deleted file mode 100644 index de16ec9d..00000000 --- a/moonclient/moonclient/tests/tests_configuration.json +++ /dev/null @@ -1,235 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "list template", - "command": "template list", - "result": "policy_root", - "description": "Check that we have the root policy templates", - "command_options": "-c id -f value" - }, - { - "name": "list aggregation_algorithm", - "command": "aggregation algorithm list", - "result": "all_true", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - { - "name": "list submetarule_algorithm", - "command": "submetarule algorithm list", - "result": "comparison", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "lst template", - "command": "template list", - "result": "policy_root", - "description": "Check that we have the root policy templates", - "command_options": "-c id -f value" - }, - { - "name": "list aggregation_algorithm", - "command": "aggregation algorithm list", - "result": "all_true", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - { - "name": "list submetarule_algorithm", - "command": "submetarule algorithm list", - "result": "comparison", - "description": "Check that the aggregation algorithm all_true exists.", - "command_options": "-c name -f value" - }, - - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_assignments.json b/moonclient/moonclient/tests/tests_object_assignments.json deleted file mode 100644 index 3ae555c2..00000000 --- a/moonclient/moonclient/tests/tests_object_assignments.json +++ /dev/null @@ -1,385 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add the new object category nova_server_1", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object>\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category scope1 --description \"scope1 description\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope>\\w+)\\s+scope1\\s+scope1 description", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "result": "$uuid_object_scope scope1", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "object assignment delete $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check added scope was deleted.", - "command_options": "-c id -f value" - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add the new object category nova_server_1", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object>\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category scope1 --description \"scope1 description\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope>\\w+)\\s+scope1\\s+scope1 description", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "result": "$uuid_object_scope scope1", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "object assignment delete $uuid_object $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "object assignment list $uuid_object $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category role", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check added scope was deleted.", - "command_options": "-c id -f value" - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_categories.json b/moonclient/moonclient/tests/tests_object_categories.json deleted file mode 100644 index ac067a89..00000000 --- a/moonclient/moonclient/tests/tests_object_categories.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object_category", - "command": "object category add my_new_object_category", - "result": "", - "description": "Add the new object category my_new_object_category", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+my_new_object_category", - "description": "Check that my_new_object_category object_category was added." - }, - { - "name": "delete_object_category", - "command": "object category delete $uuid_object_category", - "result": "^$", - "description": "Delete my_new_object_category object_category.", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "no_result": "$uuid_object_category", - "description": "Check that my_new_object_category object_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_object_scopes.json b/moonclient/moonclient/tests/tests_object_scopes.json deleted file mode 100644 index 52ac12fd..00000000 --- a/moonclient/moonclient/tests/tests_object_scopes.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+object_id", - "description": "Get one object_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to object category object_id", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category object_id", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+object_id", - "description": "Get one object_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to object category object_id", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "object scope delete $uuid_object_category $uuid_object_scope", - "result": "^$", - "description": "Delete one scope from object category object_id", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "object scope list $uuid_object_category", - "no_result": "$uuid_object_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_objects.json b/moonclient/moonclient/tests/tests_objects.json deleted file mode 100644 index ef17dd60..00000000 --- a/moonclient/moonclient/tests/tests_objects.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add a new object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object>\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "delete_object", - "command": "object delete $uuid_object", - "result": "^$", - "description": "Delete nova_server_1 object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "no_result": "$uuid_object", - "description": "Check that nova_server_1 object was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_object", - "command": "object add nova_server_1", - "result": "", - "description": "Add a new object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object>\\w+)\\s+nova_server_1", - "description": "Check that nova_server_1 object was added." - }, - { - "name": "delete_object", - "command": "object delete $uuid_object", - "result": "^$", - "description": "Delete nova_server_1 object.", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "no_result": "$uuid_object", - "description": "Check that nova_server_1 object was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_root_intraextensions.json b/moonclient/moonclient/tests/tests_root_intraextensions.json deleted file mode 100644 index e24151d1..00000000 --- a/moonclient/moonclient/tests/tests_root_intraextensions.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list_intraextension", - "command": "intraextension list", - "result": "(?P<uuid_root>\\w+)\\s+policy_root", - "description": "Check the existence of the root intra extension", - "command_options": "-c id -c name -f value" - }, - - { - "name": "select root ie", - "command": "intraextension select $uuid_root", - "result": "Select $uuid_root IntraExtension.", - "description": "Select the root intra extension to work with", - "command_options": "" - }, - { - "name": "check_admin_user", - "command": "subject list", - "result": "admin", - "description": "Check that admin user was added" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "(?P<uuid_submetarule>\\w+)\\s+rbac_rule", - "description": "Check that submetarule was added" - }, - { - "name": "check_rule", - "command": "rule list $uuid_submetarule", - "result": "root_role", - "description": "Check that rules were added" - } - - - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_rules.json b/moonclient/moonclient/tests/tests_rules.json deleted file mode 100644 index 1950a1e3..00000000 --- a/moonclient/moonclient/tests/tests_rules.json +++ /dev/null @@ -1,378 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid>\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P<category_slevel_uuid>\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_action_categories", - "command": "action category list", - "result": "(?P<category_action_uuid>\\w+)\\s+resource_action", - "description": "Get one action category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_object_categories", - "command": "object category list", - "result": "(?P<category_object_uuid>\\w+)\\s+object_security_level", - "description": "Get one object category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_subject_scope", - "command": "subject scope add $category_slevel_uuid very_high", - "result": "^$", - "description": "Add one new scope.", - "command_options": "" - }, - { - "name": "check_added_subject_scope", - "command": "subject scope list $category_slevel_uuid", - "result": "(?P<scope_subject>\\s+very_high)", - "description": "Get the ID of the new scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_action_scope", - "command": "action scope list $category_action_uuid", - "result": "(?P<scope_action>\\s+storage_admin)", - "description": "Get the ID of one action scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_object_scope", - "command": "object scope list $category_object_uuid", - "result": "(?P<scope_object>\\s+high)", - "description": "Get the ID of one object scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"very_high,storage_admin,high\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+very_high\\s+storage_admin\\s+high", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "delete_added_rule", - "command": "rule delete $submetarule_uuid $rule_id", - "result": "^$", - "description": "Delete the added rule.", - "command_options": "" - }, - { - "name": "check_deleted_rule", - "command": "rule list $submetarule_uuid", - "no_result": "very_high", - "description": "Check that the rule was correctly deleted.", - "command_options": "-c s:subject_security_level -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid>\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P<category_slevel_uuid>\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_action_categories", - "command": "action category list", - "result": "(?P<category_action_uuid>\\w+)\\s+resource_action", - "description": "Get one action category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_object_categories", - "command": "object category list", - "result": "(?P<category_object_uuid>\\w+)\\s+object_security_level", - "description": "Get one object category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_subject_scope", - "command": "subject scope add $category_slevel_uuid very_high", - "result": "^$", - "description": "Add one new scope.", - "command_options": "" - }, - { - "name": "check_added_subject_scope", - "command": "subject scope list $category_slevel_uuid", - "result": "(?P<scope_subject>\\s+very_high)", - "description": "Get the ID of the new scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_action_scope", - "command": "action scope list $category_action_uuid", - "result": "(?P<scope_action>\\s+storage_admin)", - "description": "Get the ID of one action scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get_one_object_scope", - "command": "object scope list $category_object_uuid", - "result": "(?P<scope_object>\\s+high)", - "description": "Get the ID of one object scope.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"very_high,storage_admin,high\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+very_high\\s+storage_admin\\s+high", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "delete_added_rule", - "command": "rule delete $submetarule_uuid $rule_id", - "result": "^$", - "description": "Delete the added rule.", - "command_options": "" - }, - { - "name": "check_deleted_rule", - "command": "rule list $submetarule_uuid", - "no_result": "very_high", - "description": "Check that the rule was correctly deleted.", - "command_options": "-c s:subject_security_level -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subject_assignments.json b/moonclient/moonclient/tests/tests_subject_assignments.json deleted file mode 100644 index e4615500..00000000 --- a/moonclient/moonclient/tests/tests_subject_assignments.json +++ /dev/null @@ -1,371 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass nomoresecrete", - "result": "", - "description": "Add the new subject category alt_demo", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject>\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "result": "$uuid_subject_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "subject assignment delete $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass nomoresecrete", - "result": "", - "description": "Add the new subject category alt_demo", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject>\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "result": "$uuid_subject_scope testers", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "delete_assignment", - "command": "subject assignment delete $uuid_subject $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete the added assignment", - "command_options": "" - }, - { - "name": "check_deleted_assignment", - "command": "subject assignment list $uuid_subject $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted assignment.", - "command_options": "-c id -f value" - }, - - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subject_categories.json b/moonclient/moonclient/tests/tests_subject_categories.json deleted file mode 100644 index cd2be2d1..00000000 --- a/moonclient/moonclient/tests/tests_subject_categories.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject_category", - "command": "subject category add my_new_subject_category", - "result": "", - "description": "Add the new subject category my_new_subject_category", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+my_new_subject_category", - "description": "Check that my_new_subject_category subject_category was added." - }, - { - "name": "delete_subject_category", - "command": "subject category delete $uuid_subject_category", - "result": "^$", - "description": "Delete my_new_subject_category subject_category.", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "no_result": "$uuid_subject_category", - "description": "Check that my_new_subject_category subject_category was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subject_scopes.json b/moonclient/moonclient/tests/tests_subject_scopes.json deleted file mode 100644 index bbf31c11..00000000 --- a/moonclient/moonclient/tests/tests_subject_scopes.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+role", - "description": "Get one subject_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "subject scope list $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "get_one_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+role", - "description": "Get one subject_category for next tests.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category testers --description \"test engineers\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope>\\w+)\\s+testers\\s+test engineers", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "delete_scope", - "command": "subject scope delete $uuid_subject_category $uuid_subject_scope", - "result": "^$", - "description": "Delete one scope from subject category role", - "command_options": "" - }, - { - "name": "check_deleted_scope", - "command": "subject scope list $uuid_subject_category", - "no_result": "$uuid_subject_scope", - "description": "Check deleted scope.", - "command_options": "-c id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_subjects.json b/moonclient/moonclient/tests/tests_subjects.json deleted file mode 100644 index 97a45da6..00000000 --- a/moonclient/moonclient/tests/tests_subjects.json +++ /dev/null @@ -1,241 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass password", - "result": "", - "description": "Add the alt_demo subject", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject>\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "delete_subject", - "command": "subject delete $uuid_subject", - "result": "^$", - "description": "Delete alt_demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "no_result": "$uuid_subject", - "description": "Check that alt_demo subject was deleted." - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add alt_demo --subject_pass password", - "result": "", - "description": "Add the alt_demo subject", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject>\\w+)\\s+alt_demo", - "description": "Check that alt_demo subject was added." - }, - { - "name": "delete_subject", - "command": "subject delete $uuid_subject", - "result": "^$", - "description": "Delete alt_demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "no_result": "$uuid_subject", - "description": "Check that alt_demo subject was deleted." - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_submetarules.json b/moonclient/moonclient/tests/tests_submetarules.json deleted file mode 100644 index cde01c27..00000000 --- a/moonclient/moonclient/tests/tests_submetarules.json +++ /dev/null @@ -1,294 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid>\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P<category_domain_uuid>\\w+)\\s+domain", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P<category_level_uuid>\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$category_level_uuid,$category_domain_uuid\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level,\\s+domain", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ], - "authz_and_admin": [ - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check tenant alt_demo and authz ie", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz intra extension has been correctly added to the tenant.", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "check tenant alt_demo and admin ie", - "command": "tenant list", - "result": "$uuid_admin", - "description": "Check that admin intra extension has been correctly added to the tenant.", - "command_options": "-c intra_admin_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid>\\w+)\\s+subject_security_level", - "description": "Get one submetarule ID", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P<category_domain_uuid>\\w+)\\s+domain", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "list_subject_categories", - "command": "subject category list", - "result": "(?P<category_level_uuid>\\w+)\\s+subject_security_level", - "description": "Get one subject category.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$category_level_uuid,$category_domain_uuid\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level,\\s+domain", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "no_result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "Check if tenant alt_demo is used." - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/tests_tenants.json b/moonclient/moonclient/tests/tests_tenants.json deleted file mode 100644 index 719cdbfc..00000000 --- a/moonclient/moonclient/tests/tests_tenants.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "alt_demo", - "description": "List all tenants (must be empty)" - }, - { - "name": "add tenant alt_demo", - "command": "tenant add alt_demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant alt_demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+alt_demo", - "description": "Check that tenant alt_demo has been correctly added" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check authz ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_authz", - "description": "Check that authz ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant alt_demo", - "command_options": "" - }, - { - "name": "check admin ie for tenant alt_demo", - "command": "tenant list", - "result": "alt_demo $uuid_admin", - "description": "Check that admin ie has been correctly added for tenant alt_demo ", - "command_options": "-c name -c intra_admin_extension_id -f value" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant alt_demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/todo/tests_empty_policy_new_user.json b/moonclient/moonclient/tests/todo/tests_empty_policy_new_user.json deleted file mode 100644 index ad9d7e52..00000000 --- a/moonclient/moonclient/tests/todo/tests_empty_policy_new_user.json +++ /dev/null @@ -1,3627 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "auth_password": "console", - "auth_tenant": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "get cirros image", - "external_command": "wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o /tmp/cirros.img", - "result": "", - "description": "Download a Cirros image" - }, - { - "name": "install cirros image", - "external_command": "glance image-create --name \"cirros\" --disk-format qcow2 --file /tmp/cirros.img --container-format bare", - "result": "", - "description": "Upload the Cirros image in glance" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default tcp 22 22 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create router", - "external_command": "neutron router-create demo-router", - "result": "", - "description": "Create a new router" - }, - { - "name": "set router", - "external_command": "neutron router-gateway-set demo-router ext-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron net-create demo-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron router-interface-add demo-router demo-subnet", - "result": "", - "description": "Configure the new router" - }, - { - "name": "openstack image list", - "external_command": "nova image-list", - "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros", - "description": "Get an Image ID" - }, - { - "name": "create tenant test", - "external_command": "openstack project create test_moonclient", - "result": "", - "description": "Create a new tenant" - }, - { - "name": "create user demo", - "external_command": "openstack user create --password console demo", - "result": "", - "description": "Create user demo" - }, - { - "name": "add role admin to demo", - "external_command": "openstack role add --project admin --user demo admin", - "result": "", - "description": "Force the admin role for the user demo on the project admin (for testing purpose)." - }, - { - "name": "neutron net-list", - "external_command": "neutron net-list", - "result": "(?P<uuid_net>[\\w-]+)\\s+\\| demo-net", - "description": "Get an Net ID" - }, - { - "name": "nova boot new server", - "external_command": "nova boot --flavor m1.tiny --image $uuid_image --nic net-id=$uuid_net --security-group default test_moonclient", - "result": "", - "description": "Get an Image ID" - }, - { - "name": "sleep", - "external_command": "sleep 10", - "result": "", - "description": "time for server to really boot" - }, - { - "name": "nova get new server", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Get the ID of the new server" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "add tenant demo", - "command": "tenant add demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+demo", - "description": "Check that tenant demo has been correctly added" - }, - { - "name": "add role admin to demo", - "external_command": "openstack role add --project demo --user demo admin ", - "result": "", - "description": "Add role admin to user demo (an error may occurred)" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_empty_authz empty_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add admin --subject_pass console", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", - "description": "Check that admin subject was added." - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass console", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_object", - "command": "object add servers", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_servers>\\w+)\\s+servers", - "description": "Check that servers subject was added." - }, - { - "name": "add_action", - "command": "action add pause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_pause>\\w+)\\s+pause", - "description": "Check that pause action was added." - }, - { - "name": "add_action", - "command": "action add unpause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", - "description": "Check that unpause action was added." - }, - { - "name": "add_action", - "command": "action add list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_list>\\w+)\\s+list", - "description": "Check that list action was added." - }, - { - "name": "add_action", - "command": "action add start", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_start>\\w+)\\s+start", - "description": "Check that start action was added." - }, - { - "name": "add_action", - "command": "action add stop", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_stop>\\w+)\\s+stop", - "description": "Check that stop action was added." - }, - { - "name": "add_action", - "command": "action add create", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_create>\\w+)\\s+create", - "description": "Check that create action was added." - }, - { - "name": "add_action", - "command": "action add upload", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_upload>\\w+)\\s+upload", - "description": "Check that upload action was added." - }, - { - "name": "add_action", - "command": "action add download", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_download>\\w+)\\s+download", - "description": "Check that download action was added." - }, - { - "name": "add_action", - "command": "action add post", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_post>\\w+)\\s+post", - "description": "Check that post action was added." - }, - { - "name": "add_action", - "command": "action add storage_list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", - "description": "Check that storage_list action was added." - }, - - { - "name": "add_subject_category", - "command": "subject category add subject_security_level", - "result": "", - "description": "Add the new subject category subject_security_level", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category_authz>\\w+)\\s+subject_security_level", - "description": "Check that subject_security_level subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_security_level", - "result": "", - "description": "Add the new object category object_security_level", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category_authz>\\w+)\\s+object_security_level", - "description": "Check that object_security_level object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add resource_action", - "result": "", - "description": "Add the new action category resource_action", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P<uuid_action_category_authz>\\w+)\\s+resource_action", - "description": "Check that resource_action action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_authz high --description \"high\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_authz", - "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_authz medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_authz", - "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_authz low --description \"low\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_authz", - "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_authz high --description \"high\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_authz", - "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_authz medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_authz", - "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_authz low --description \"low\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_authz", - "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz vm_admin --description \"vm_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz vm_access --description \"vm_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz storage_admin --description \"storage_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_authz storage_access --description \"storage_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_authz", - "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_authz $uuid_subject_scope_high", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_authz", - "result": "$uuid_subject_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_demo $uuid_subject_category_authz $uuid_subject_scope_medium", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_demo $uuid_subject_category_authz", - "result": "$uuid_subject_scope_medium medium", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_servers $uuid_object_category_authz $uuid_object_scope_low", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_servers $uuid_object_category_authz", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_pause $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_pause $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_unpause $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_unpause $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_start $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_start $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_stop $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_stop $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category_authz $uuid_action_scope_vm_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_access vm_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_create $uuid_action_category_authz $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_create $uuid_action_category_authz", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_storage_list $uuid_action_category_authz $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_storage_list $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_download $uuid_action_category_authz $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_download $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_upload $uuid_action_category_authz $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_upload $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_post $uuid_action_category_authz $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_post $uuid_action_category_authz", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid_authz>\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid_authz --subject_category_id=\"$uuid_subject_category_authz\" --object_category_id=\"$uuid_object_category_authz\" --action_category_id=\"$uuid_action_category_authz\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_authz \\s*subject_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_authz \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_authz \\s*resource_action", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"high,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_authz \"medium,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_authz", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_authz", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_empty_admin empty_admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "select_admin_ie", - "command": "intraextension select $uuid_admin", - "result": "Select $uuid_admin IntraExtension.", - "description": "Select the admin IntraExtension", - "command_options": "" - }, - { - "name": "check_select_admin_ie", - "command": "intraextension show selected", - "result": "$uuid_admin", - "description": "Check the selected admin IntraExtension", - "command_options": "-c id -f value" - }, - - { - "name": "add_subject", - "command": "subject add admin --subject_pass console", - "result": "", - "description": "Add admin subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", - "description": "Check that admin subject was already there." - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_subjects>\\w+)\\s+authz.subjects", - "description": "Check that authz_subjects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_objects>\\w+)\\s+authz.objects", - "description": "Check that authz_objects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_actions>\\w+)\\s+authz.actions", - "description": "Check that authz_actions subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_subject_categories>\\w+)\\s+authz.subject_categories", - "description": "Check that authz_subject_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_object_categories>\\w+)\\s+authz.object_categories", - "description": "Check that authz_object_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_action_categories>\\w+)\\s+authz.action_categories", - "description": "Check that authz_action_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_subject_scopes>\\w+)\\s+authz.subject_scopes", - "description": "Check that authz_subject_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_object_scopes>\\w+)\\s+authz.object_scopes", - "description": "Check that authz_object_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_action_scopes>\\w+)\\s+authz.action_scopes", - "description": "Check that authz_action_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_subject_assignments>\\w+)\\s+authz.subject_assignments", - "description": "Check that authz_subject_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_object_assignments>\\w+)\\s+authz.object_assignments", - "description": "Check that authz_object_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_action_assignments>\\w+)\\s+authz.action_assignments", - "description": "Check that authz_action_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_aggregation_algorithm>\\w+)\\s+authz.aggregation_algorithm", - "description": "Check that authz_aggregation_algorithm subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_sub_meta_rules>\\w+)\\s+authz.sub_meta_rules", - "description": "Check that authz_sub_meta_rules subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_authz_rules>\\w+)\\s+authz.rules", - "description": "Check that authz_rules subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_subjects>\\w+)\\s+admin.subjects", - "description": "Check that admin_subjects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_objects>\\w+)\\s+admin.objects", - "description": "Check that admin_objects subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_actions>\\w+)\\s+admin.actions", - "description": "Check that admin_actions subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_subject_categories>\\w+)\\s+admin.subject_categories", - "description": "Check that admin_subject_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_object_categories>\\w+)\\s+admin.object_categories", - "description": "Check that admin_object_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_action_categories>\\w+)\\s+admin.action_categories", - "description": "Check that admin_action_categories subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_subject_scopes>\\w+)\\s+admin.subject_scopes", - "description": "Check that admin_subject_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_object_scopes>\\w+)\\s+admin.object_scopes", - "description": "Check that admin_object_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_action_scopes>\\w+)\\s+admin.action_scopes", - "description": "Check that admin_action_scopes subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_subject_assignments>\\w+)\\s+admin.subject_assignments", - "description": "Check that admin_subject_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_object_assignments>\\w+)\\s+admin.object_assignments", - "description": "Check that admin_object_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_action_assignments>\\w+)\\s+admin.action_assignments", - "description": "Check that admin_action_assignments subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_aggregation_algorithm>\\w+)\\s+admin.aggregation_algorithm", - "description": "Check that admin_aggregation_algorithm subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_sub_meta_rules>\\w+)\\s+admin.sub_meta_rules", - "description": "Check that admin_sub_meta_rules subject was already there." - }, - - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_admin_rules>\\w+)\\s+admin.rules", - "description": "Check that admin_rules subject was already there." - }, - - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_read>\\w+)\\s+read", - "description": "Check that read action was already there." - }, - - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_write>\\w+)\\s+write", - "description": "Check that write action was already there." - }, - - { - "name": "add_subject_category", - "command": "subject category add role", - "result": "", - "description": "Add the new subject category role", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category_admin>\\w+)\\s+role", - "description": "Check that role subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_id", - "result": "", - "description": "Add the new object category object_id", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category_admin>\\w+)\\s+object_id", - "description": "Check that object_id object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add action_id", - "result": "", - "description": "Add the new action category action_id", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P<uuid_action_category_admin>\\w+)\\s+action_id", - "description": "Check that action_id action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_admin root_role --description \"root role\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_admin", - "result": "(?P<uuid_subject_scope_root_role>\\w+)\\s+root_role\\s+root role", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category_admin dev_role --description \"dev role\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category_admin", - "result": "(?P<uuid_subject_scope_dev_role>\\w+)\\s+dev_role\\s+dev role", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subjects --description \"authz subjects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_subjects>\\w+)\\s+authz.subjects\\s+authz subjects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_objects --description \"authz objects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_objects>\\w+)\\s+authz.objects\\s+authz objects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_actions --description \"authz actions\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_actions>\\w+)\\s+authz.actions\\s+authz actions", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subject_categories --description \"authz subject categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_subject_categories>\\w+)\\s+authz.subject_categories\\s+authz subject categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_object_categories --description \"authz object categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_object_categories>\\w+)\\s+authz.object_categories\\s+authz object categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_action_categories --description \"authz action categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_action_categories>\\w+)\\s+authz.action_categories\\s+authz action categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subject_scopes --description \"authz subject scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_subject_scopes>\\w+)\\s+authz.subject_scopes\\s+authz subject scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_object_scopes --description \"authz object scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_object_scopes>\\w+)\\s+authz.object_scopes\\s+authz object scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_action_scopes --description \"authz action scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_action_scopes>\\w+)\\s+authz.action_scopes\\s+authz action scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_subject_assignments --description \"authz subject assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_subject_assignments>\\w+)\\s+authz.subject_assignments\\s+authz subject assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_object_assignments --description \"authz object assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_object_assignments>\\w+)\\s+authz.object_assignments\\s+authz object assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_action_assignments --description \"authz action assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_action_assignments>\\w+)\\s+authz.action_assignments\\s+authz action assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_aggregation_algorithm --description \"authz aggregation algorithm\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_aggregation_algorithm>\\w+)\\s+authz.aggregation_algorithm\\s+authz aggregation algorithm", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_sub_meta_rules --description \"authz sub meta rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_sub_meta_rules>\\w+)\\s+authz.sub_meta_rules\\s+authz sub meta rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin authz_rules --description \"authz rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_authz_rules>\\w+)\\s+authz.rules\\s+authz rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subjects --description \"admin subjects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_subjects>\\w+)\\s+admin.subjects\\s+admin subjects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_objects --description \"admin objects\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_objects>\\w+)\\s+admin.objects\\s+admin objects", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_actions --description \"admin actions\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_actions>\\w+)\\s+admin.actions\\s+admin actions", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subject_categories --description \"admin subject categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_subject_categories>\\w+)\\s+admin.subject_categories\\s+admin subject categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_object_categories --description \"admin object categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_object_categories>\\w+)\\s+admin.object_categories\\s+admin object categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_action_categories --description \"admin action categories\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_action_categories>\\w+)\\s+admin.action_categories\\s+admin action categories", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subject_scopes --description \"admin subject scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_subject_scopes>\\w+)\\s+admin.subject_scopes\\s+admin subject scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_object_scopes --description \"admin object scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_object_scopes>\\w+)\\s+admin.object_scopes\\s+admin object scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_action_scopes --description \"admin action scopes\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_action_scopes>\\w+)\\s+admin.action_scopes\\s+admin action scopes", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_subject_assignments --description \"admin subject assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_subject_assignments>\\w+)\\s+admin.subject_assignments\\s+admin subject assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_object_assignments --description \"admin object assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_object_assignments>\\w+)\\s+admin.object_assignments\\s+admin object assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_action_assignments --description \"admin action assignments\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_action_assignments>\\w+)\\s+admin.action_assignments\\s+admin action assignments", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_aggregation_algorithm --description \"admin aggregation algorithm\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_aggregation_algorithm>\\w+)\\s+admin.aggregation_algorithm\\s+admin aggregation algorithm", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_sub_meta_rules --description \"admin sub meta rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_sub_meta_rules>\\w+)\\s+admin.sub_meta_rules\\s+admin sub meta rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_scope", - "command": "object scope add $uuid_object_category_admin admin_rules --description \"admin rules\"", - "result": "^$", - "description": "Add one scope to object category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category_admin", - "result": "(?P<uuid_object_scope_admin_rules>\\w+)\\s+admin.rules\\s+admin rules", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_admin read --description \"read\"", - "result": "^$", - "description": "Add one scope to action category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_admin", - "result": "(?P<uuid_action_scope_read>\\w+)\\s+read\\s+read", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category_admin write --description \"write\"", - "result": "^$", - "description": "Add one scope to action category", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category_admin", - "result": "(?P<uuid_action_scope_write>\\w+)\\s+write\\s+write", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category_admin $uuid_subject_scope_root_role", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category_admin", - "result": "$uuid_subject_scope_root_role root_role", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subjects $uuid_object_category_admin $uuid_object_scope_authz_subjects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subjects $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subjects authz_subjects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_objects $uuid_object_category_admin $uuid_object_scope_authz_objects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_objects $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_objects authz_objects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_actions $uuid_object_category_admin $uuid_object_scope_authz_actions", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_actions $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_actions authz_actions", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subject_categories $uuid_object_category_admin $uuid_object_scope_authz_subject_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subject_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subject_categories authz_subject_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_object_categories $uuid_object_category_admin $uuid_object_scope_authz_object_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_object_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_object_categories authz_object_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_action_categories $uuid_object_category_admin $uuid_object_scope_authz_action_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_action_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_action_categories authz_action_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subject_scopes $uuid_object_category_admin $uuid_object_scope_authz_subject_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subject_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subject_scopes authz_subject_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_object_scopes $uuid_object_category_admin $uuid_object_scope_authz_object_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_object_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_object_scopes authz_object_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_action_scopes $uuid_object_category_admin $uuid_object_scope_authz_action_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_action_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_action_scopes authz_action_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_subject_assignments $uuid_object_category_admin $uuid_object_scope_authz_subject_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_subject_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_subject_assignments authz_subject_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_object_assignments $uuid_object_category_admin $uuid_object_scope_authz_object_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_object_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_object_assignments authz_object_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_action_assignments $uuid_object_category_admin $uuid_object_scope_authz_action_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_action_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_action_assignments authz_action_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_authz_aggregation_algorithm", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_aggregation_algorithm $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_aggregation_algorithm authz_aggregation_algorithm", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_authz_sub_meta_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_sub_meta_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_sub_meta_rules authz_sub_meta_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_authz_rules $uuid_object_category_admin $uuid_object_scope_authz_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_authz_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_authz_rules authz_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subjects $uuid_object_category_admin $uuid_object_scope_admin_subjects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subjects $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subjects admin_subjects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_objects $uuid_object_category_admin $uuid_object_scope_admin_objects", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_objects $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_objects admin_objects", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_actions $uuid_object_category_admin $uuid_object_scope_admin_actions", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_actions $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_actions admin_actions", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subject_categories $uuid_object_category_admin $uuid_object_scope_admin_subject_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subject_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subject_categories admin_subject_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_object_categories $uuid_object_category_admin $uuid_object_scope_admin_object_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_object_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_object_categories admin_object_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_action_categories $uuid_object_category_admin $uuid_object_scope_admin_action_categories", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_action_categories $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_action_categories admin_action_categories", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subject_scopes $uuid_object_category_admin $uuid_object_scope_admin_subject_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subject_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subject_scopes admin_subject_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_object_scopes $uuid_object_category_admin $uuid_object_scope_admin_object_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_object_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_object_scopes admin_object_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_action_scopes $uuid_object_category_admin $uuid_object_scope_admin_action_scopes", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_action_scopes $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_action_scopes admin_action_scopes", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_subject_assignments $uuid_object_category_admin $uuid_object_scope_admin_subject_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_subject_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_subject_assignments admin_subject_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_object_assignments $uuid_object_category_admin $uuid_object_scope_admin_object_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_object_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_object_assignments admin_object_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_action_assignments $uuid_object_category_admin $uuid_object_scope_admin_action_assignments", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_action_assignments $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_action_assignments admin_action_assignments", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin $uuid_object_scope_admin_aggregation_algorithm", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_aggregation_algorithm $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_aggregation_algorithm admin_aggregation_algorithm", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_sub_meta_rules $uuid_object_category_admin $uuid_object_scope_admin_sub_meta_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_sub_meta_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_sub_meta_rules admin_sub_meta_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_admin_rules $uuid_object_category_admin $uuid_object_scope_admin_rules", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_admin_rules $uuid_object_category_admin", - "result": "$uuid_object_scope_admin_rules admin_rules", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_read $uuid_action_category_admin $uuid_action_scope_read", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_read $uuid_action_category_admin", - "result": "$uuid_action_scope_read read", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_write $uuid_action_category_admin $uuid_action_scope_write", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_write $uuid_action_category_admin", - "result": "$uuid_action_scope_write write", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid_admin>\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid_admin --subject_category_id=\"$uuid_subject_category_admin\" --object_category_id=\"$uuid_object_category_admin\" --action_category_id=\"$uuid_action_category_admin\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_admin \\s*role", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_admin \\s*object_id", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid_admin \\s*action_id", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,authz_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+authz.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,authz_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+authz.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,read,admin_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+read\\s+admin.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subjects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subjects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_actions\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.actions", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_subject_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.subject_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_action_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.action_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_aggregation_algorithm\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.aggregation_algorithm", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_sub_meta_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.sub_meta_rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"root_role,write,admin_rules\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+root_role\\s+write\\s+admin.rules", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid_admin", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "select_admin_ie", - "command": "intraextension select $uuid_admin", - "result": "Select $uuid_admin IntraExtension.", - "description": "Select the admin IntraExtension", - "command_options": "" - }, - { - "name": "check_select_admin_ie", - "command": "intraextension show selected", - "result": "$uuid_admin", - "description": "Check the selected admin IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass console", - "result": "", - "description": "Add demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_demo_admin>\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_new_role", - "command": "subject scope add $uuid_subject_category_admin demo_role", - "result": "", - "description": "Add demo_role to demo subject.", - "command_options": "" - }, - { - "name": "check_new_role", - "command": "subject scope list $uuid_subject_category_admin", - "result": "(?P<uuid_subject_scope_demo_role>\\w+)\\s+demo_role", - "description": "Check that demo_role was added." - }, - { - "name": "add_new_assignment", - "command": "subject assignment add $uuid_subject_demo_admin $uuid_subject_category_admin $uuid_subject_scope_demo_role", - "result": "", - "description": "Link the demo subject to the demo_role scope.", - "command_options": "" - }, - { - "name": "check_new_assignment", - "command": "subject assignment list $uuid_subject_demo_admin $uuid_subject_category_admin", - "result": "$uuid_subject_scope_demo_role demo_role", - "description": "Check that assignment was added.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_objects\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_objects", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_assignments\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_object_assignments", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_scopes\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_object_scopes", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,read,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+read\\s+authz_object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid_admin \"demo_role,write,authz_object_categories\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid_admin", - "result": "(?P<rule_id>\\w+)\\s+demo_role\\s+write\\s+authz_object_categories", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:role -c a:action_id -c o:object_id -f value" - }, - - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected admin IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass console", - "result": "", - "description": "Add demo subject.", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_demo_admin>\\w+)\\s+demo", - "description": "Check that admin subject was added." - }, - - { - "name": "demo: check nova command", - "external_command": "nova --os-user-name demo --os-project-name demo --os-password console list", - "result": "test_moonclient", - "description": "Check demo can list nova servers due to the current rules" - }, - { - "name": "demo: try to pause nova instance", - "external_command": "nova --os-username demo --os-project-name demo --os-password console pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be impossible due to the current rules" - }, - { - "name": "check nova command", - "external_command": "nova --os-user-name demo --os-project-name demo --os-password console list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that nova server is still in running state." - }, - - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - - { - "auth_name": "demo", - "auth_password": "console", - "auth_tenant": "demo", - "description": "Change user to demo" - }, - - { - "name": "add_object", - "command": "object add $uuid_server", - "result": "", - "description": "Add the new nova server", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_nova_server>\\w+)\\s+$uuid_server", - "description": "Check that the new nova server was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused", - "description": "Check that we can still list nova servers due to the current rules" - }, - { - "name": "reactivate nova instance", - "external_command": "nova unpause $uuid_server", - "result": "^$", - "description": "Unpausing the server for next tests" - }, - - { - "name": "del_assignment", - "command": "object assignment delete $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_low", - "result": "^$", - "description": "Delete the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category_authz $uuid_object_scope_high", - "result": "^$", - "description": "Set the assignment 'high' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category_authz", - "result": "$uuid_object_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be not possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can still list nova servers due to the current rules" - }, - - - { - "auth_name": "admin", - "auth_tenant": "admin", - "description": "Change user to admin" - }, - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant demo", - "command_options": "" - }, - { - "name": "nova delete new server", - "external_command": "nova delete $uuid_server", - "result": "", - "description": "Delete the new server" - } - ] - } -} diff --git a/moonclient/moonclient/tests/todo/tests_empty_policy_nova.json b/moonclient/moonclient/tests/todo/tests_empty_policy_nova.json deleted file mode 100644 index 399710be..00000000 --- a/moonclient/moonclient/tests/todo/tests_empty_policy_nova.json +++ /dev/null @@ -1,1079 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "get cirros image", - "external_command": "wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o /tmp/cirros.img", - "result": "", - "description": "Download a Cirros image" - }, - { - "name": "install cirros image", - "external_command": "glance image-create --name \"cirros\" --disk-format qcow2 --file /tmp/cirros.img --container-format bare", - "result": "", - "description": "Upload the Cirros image in glance" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default tcp 22 22 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create router", - "external_command": "neutron router-create demo-router", - "result": "", - "description": "Create a new router" - }, - { - "name": "set router", - "external_command": "neutron router-gateway-set demo-router ext-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron net-create demo-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron router-interface-add demo-router demo-subnet", - "result": "", - "description": "Configure the new router" - }, - { - "name": "nova image-list", - "external_command": "nova image-list", - "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros", - "description": "Get an Image ID" - }, - { - "name": "neutron net-list", - "external_command": "neutron net-list", - "result": "(?P<uuid_net>[\\w-]+)\\s+\\| ext-net", - "description": "Get an Net ID" - }, - { - "name": "nova boot new server", - "external_command": "nova boot --flavor m1.tiny --image $uuid_image --nic net-id=$uuid_net --security-group default test_moonclient", - "result": "", - "description": "Get an Image ID" - }, - { - "name": "sleep", - "external_command": "sleep 10", - "result": "", - "description": "time for server to really boot" - }, - { - "name": "nova get new server", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Get the ID of the new server" - }, - { - "name": "list tenant", - "command": "tenant list", - "no_result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "add tenant demo", - "command": "tenant add demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+demo", - "description": "Check that tenant demo has been correctly added" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "no_result": "test_moonclient", - "description": "Check that we cannot list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be impossible due to the current rules" - }, - - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_empty_authz empty_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add admin --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", - "description": "Check that admin subject was added." - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_object", - "command": "object add servers", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_servers>\\w+)\\s+servers", - "description": "Check that servers subject was added." - }, - { - "name": "add_action", - "command": "action add pause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_pause>\\w+)\\s+pause", - "description": "Check that pause action was added." - }, - { - "name": "add_action", - "command": "action add unpause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", - "description": "Check that unpause action was added." - }, - { - "name": "add_action", - "command": "action add list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_list>\\w+)\\s+list", - "description": "Check that list action was added." - }, - { - "name": "add_action", - "command": "action add start", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_start>\\w+)\\s+start", - "description": "Check that start action was added." - }, - { - "name": "add_action", - "command": "action add stop", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_stop>\\w+)\\s+stop", - "description": "Check that stop action was added." - }, - { - "name": "add_action", - "command": "action add create", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_create>\\w+)\\s+create", - "description": "Check that create action was added." - }, - { - "name": "add_action", - "command": "action add upload", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_upload>\\w+)\\s+upload", - "description": "Check that upload action was added." - }, - { - "name": "add_action", - "command": "action add download", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_download>\\w+)\\s+download", - "description": "Check that download action was added." - }, - { - "name": "add_action", - "command": "action add post", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_post>\\w+)\\s+post", - "description": "Check that post action was added." - }, - { - "name": "add_action", - "command": "action add storage_list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", - "description": "Check that storage_list action was added." - }, - - { - "name": "add_subject_category", - "command": "subject category add subject_security_level", - "result": "", - "description": "Add the new subject category subject_security_level", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+subject_security_level", - "description": "Check that subject_security_level subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_security_level", - "result": "", - "description": "Add the new object category object_security_level", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+object_security_level", - "description": "Check that object_security_level object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add resource_action", - "result": "", - "description": "Add the new action category resource_action", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", - "description": "Check that resource_action action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", - "result": "$uuid_subject_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", - "result": "$uuid_subject_scope_medium medium", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_servers $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_pause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_unpause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_start $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_stop $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_access vm_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_create $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_storage_list $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_download $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_upload $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_post $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid>\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*resource_action", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "list tenant", - "command": "tenant list", - "result": "demo", - "description": "Check if tenant demo is used." - }, - - { - "name": "add_object", - "command": "object add $uuid_server", - "result": "", - "description": "Add the new nova server", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_nova_server>\\w+)\\s+$uuid_server", - "description": "Check that the new nova server was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| PAUSED\\s+\\| [\\w\\-]+\\s+\\| Paused", - "description": "Check that we can still list nova servers due to the current rules" - }, - { - "name": "reactivate nova instance", - "external_command": "nova unpause $uuid_server", - "result": "^$", - "description": "Unpausing the server for next tests" - }, - - { - "name": "del_assignment", - "command": "object assignment delete $uuid_object_nova_server $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Delete the assignment 'low' to nova server", - "command_options": "" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_nova_server $uuid_object_category $uuid_object_scope_high", - "result": "^$", - "description": "Set the assignment 'high' to nova server", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_nova_server $uuid_object_category", - "result": "$uuid_object_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can now list nova servers due to the current rules" - }, - { - "name": "try to pause nova instance", - "external_command": "nova pause $uuid_server", - "result": "^$", - "description": "Pausing the server must be not possible now" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| test_moonclient\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that we can still list nova servers due to the current rules" - }, - - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant demo", - "command_options": "" - }, - { - "name": "nova delete new server", - "external_command": "nova delete $uuid_server", - "result": "", - "description": "Delete the new server" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/todo/tests_empty_policy_swift.json b/moonclient/moonclient/tests/todo/tests_empty_policy_swift.json deleted file mode 100644 index e935da98..00000000 --- a/moonclient/moonclient/tests/todo/tests_empty_policy_swift.json +++ /dev/null @@ -1,1175 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "authz": [ - { - "auth_name": "admin", - "auth_password": "console", - "auth_tenant": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "swift list", - "external_command": "swift list", - "no_result": "moonclient_test", - "description": "Check Swift command" - }, - { - "name": "add swift container", - "external_command": "swift post moonclient_test", - "result": "", - "description": "Add a new container" - }, - { - "name": "swift list", - "external_command": "swift list", - "result": "moonclient_test", - "description": "Check the added container" - }, - { - "name": "get accound ID", - "external_command": "swift stat", - "result": "Account: (?P<uuid_account>[\\w_]+)", - "description": "Check the added container" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "admin", - "description": "Check if tenant demo is used." - }, - { - "name": "add tenant admin", - "command": "tenant add admin", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant admin", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+admin", - "description": "Check that tenant demo has been correctly added" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_empty_authz empty_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "list tenant", - "command": "tenant list", - "result": "admin", - "description": "Check if tenant admin is used." - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "add_subject", - "command": "subject add admin --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_admin>\\w+)\\s+admin", - "description": "Check that admin subject was added." - }, - { - "name": "add_subject", - "command": "subject add demo --subject_pass password", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_subject", - "command": "subject list", - "result": "(?P<uuid_subject_demo>\\w+)\\s+demo", - "description": "Check that demo subject was added." - }, - { - "name": "add_object", - "command": "object add servers", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_servers>\\w+)\\s+servers", - "description": "Check that servers subject was added." - }, - { - "name": "add_action", - "command": "action add pause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_pause>\\w+)\\s+pause", - "description": "Check that pause action was added." - }, - { - "name": "add_action", - "command": "action add unpause", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_unpause>\\w+)\\s+unpause", - "description": "Check that unpause action was added." - }, - { - "name": "add_action", - "command": "action add list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_list>\\w+)\\s+list", - "description": "Check that list action was added." - }, - { - "name": "add_action", - "command": "action add start", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_start>\\w+)\\s+start", - "description": "Check that start action was added." - }, - { - "name": "add_action", - "command": "action add stop", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_stop>\\w+)\\s+stop", - "description": "Check that stop action was added." - }, - { - "name": "add_action", - "command": "action add create", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_create>\\w+)\\s+create", - "description": "Check that create action was added." - }, - { - "name": "add_action", - "command": "action add upload", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_upload>\\w+)\\s+upload", - "description": "Check that upload action was added." - }, - { - "name": "add_action", - "command": "action add download", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_download>\\w+)\\s+download", - "description": "Check that download action was added." - }, - { - "name": "add_action", - "command": "action add post", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_post>\\w+)\\s+post", - "description": "Check that post action was added." - }, - { - "name": "add_action", - "command": "action add storage_list", - "result": "", - "description": "", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_storage_list>\\w+)\\s+storage_list", - "description": "Check that storage_list action was added." - }, - - { - "name": "add_subject_category", - "command": "subject category add subject_security_level", - "result": "", - "description": "Add the new subject category subject_security_level", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "subject category list", - "result": "(?P<uuid_subject_category>\\w+)\\s+subject_security_level", - "description": "Check that subject_security_level subject_category was added." - }, - { - "name": "add_object_category", - "command": "object category add object_security_level", - "result": "", - "description": "Add the new object category object_security_level", - "command_options": "" - }, - { - "name": "list_object_category", - "command": "object category list", - "result": "(?P<uuid_object_category>\\w+)\\s+object_security_level", - "description": "Check that object_security_level object_category was added." - }, - { - "name": "add_action_category", - "command": "action category add resource_action", - "result": "", - "description": "Add the new action category resource_action", - "command_options": "" - }, - { - "name": "list_subject_category", - "command": "action category list", - "result": "(?P<uuid_action_category>\\w+)\\s+resource_action", - "description": "Check that resource_action action_category was added." - }, - - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope_high>\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope_medium>\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "subject scope add $uuid_subject_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to subject category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "subject scope list $uuid_subject_category", - "result": "(?P<uuid_subject_scope_low>\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category high --description \"high\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope_high>\\w+)\\s+high\\s+high", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category medium --description \"medium\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope_medium>\\w+)\\s+medium\\s+medium", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "object scope add $uuid_object_category low --description \"low\"", - "result": "^$", - "description": "Add one scope to object category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "object scope list $uuid_object_category", - "result": "(?P<uuid_object_scope_low>\\w+)\\s+low\\s+low", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_admin --description \"vm_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_vm_admin>\\w+)\\s+vm_admin\\s+vm_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category vm_access --description \"vm_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_vm_access>\\w+)\\s+vm_access\\s+vm_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_admin --description \"storage_admin\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_storage_admin>\\w+)\\s+storage_admin\\s+storage_admin", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - { - "name": "add_scope", - "command": "action scope add $uuid_action_category storage_access --description \"storage_access\"", - "result": "^$", - "description": "Add one scope to action category role", - "command_options": "" - }, - { - "name": "check_added_scope", - "command": "action scope list $uuid_action_category", - "result": "(?P<uuid_action_scope_storage_access>\\w+)\\s+storage_access\\s+storage_access", - "description": "Check added scope.", - "command_options": "-c id -c name -c description -f value" - }, - - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_admin $uuid_subject_category $uuid_subject_scope_high", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_admin $uuid_subject_category", - "result": "$uuid_subject_scope_high high", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "subject assignment add $uuid_subject_demo $uuid_subject_category $uuid_subject_scope_medium", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "subject assignment list $uuid_subject_demo $uuid_subject_category", - "result": "$uuid_subject_scope_medium medium", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_servers $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_servers $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_pause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_pause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_unpause $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_unpause $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_start $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_start $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_stop $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_stop $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_list $uuid_action_category $uuid_action_scope_vm_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_list $uuid_action_category", - "result": "$uuid_action_scope_vm_access vm_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_create $uuid_action_category $uuid_action_scope_vm_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_create $uuid_action_category", - "result": "$uuid_action_scope_vm_admin vm_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_storage_list $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_storage_list $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_download $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_download $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_upload $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_upload $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_post $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Add a new assignment", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_post $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "check_submetarules", - "command": "submetarule show", - "result": "(?P<submetarule_uuid>\\w+)", - "description": "Get one submetarule ID", - "command_options": "-c id -f value" - }, - { - "name": "set_submetarule", - "command": "submetarule set $submetarule_uuid --subject_category_id=\"$uuid_subject_category\" --object_category_id=\"$uuid_object_category\" --action_category_id=\"$uuid_action_category\"", - "result": "^$", - "description": "Set a new submetarule", - "command_options": "" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*subject_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"subject categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*object_security_level", - "description": "Check the new submetarule", - "command_options": "-c id -c \"object categories\" -f value" - }, - { - "name": "check_submetarule", - "command": "submetarule show", - "result": "$submetarule_uuid \\s*resource_action", - "description": "Check the new submetarule", - "command_options": "-c id -c \"action categories\" -f value" - }, - - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,vm_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+vm_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_admin,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_admin\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,medium\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+medium", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"high,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+high\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "add_a_new_rule", - "command": "rule add $submetarule_uuid \"medium,storage_access,low\"", - "result": "^$", - "description": "Add a new rule.", - "command_options": "" - }, - { - "name": "check_added_rule", - "command": "rule list $submetarule_uuid", - "result": "(?P<rule_id>\\w+)\\s+medium\\s+storage_access\\s+low", - "description": "Check that the rule was correctly added.", - "command_options": "-c id -c s:subject_security_level -c a:resource_action -c o:object_security_level -f value" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "get submetarule algorithm", - "command": "submetarule algorithm list", - "result": "(?P<uuid_submetarule_algo>\\w+)\\s+inclusion", - "description": "Get submetarule algorithm named inclusion.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set submetarule algorithm", - "command": "submetarule set --algorithm_name inclusion $submetarule_uuid", - "result": "", - "description": "Set submetarule algorithm to inclusion.", - "command_options": "" - }, - - { - "name": "swift list", - "external_command": "swift list", - "no_result": "moonclient_test", - "description": "Check Swift command, it must be impossible due to current rules" - }, - - { - "name": "list tenant", - "command": "tenant list", - "result": "admin", - "description": "Check if tenant admin is used." - }, - - { - "name": "add_object", - "command": "object add $uuid_account", - "result": "", - "description": "Add the new swift account", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_swift_account>\\w+)\\s+$uuid_account", - "description": "Check that the new swift account was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_swift_account $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to swift account", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_swift_account $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add get_account_details --description 'Swift action'", - "result": "", - "description": "Add the action get_account_details", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_swift_get_account_details>\\w+)\\s+get_account_details", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_get_account_details $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_get_account_details $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "swift list", - "external_command": "swift list", - "result": "moonclient_test", - "description": "Check Swift command, it must be now possible due to current rules" - }, - { - "name": "create temp file", - "external_command": "touch /tmp/test.txt", - "result": "", - "description": "Create a temporary file to put in swift." - }, - { - "name": "swift post file", - "external_command": "swift upload moonclient_test /tmp/test.txt", - "result": "", - "description": "Try to put the test file in the container, impossible due to the absence of the object" - }, - { - "name": "swift list", - "external_command": "swift list moonclient_test", - "no_result": "tmp/test.txt", - "description": "Check that test file has not been uploaded." - }, - { - "name": "add_object", - "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", - "result": "", - "description": "Add the new swift container", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_swift_container>\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test", - "description": "Check that the new swift container was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_swift_container $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to swift container", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_swift_container $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_object", - "command": "object add AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", - "result": "", - "description": "Add the new swift object", - "command_options": "" - }, - { - "name": "list_object", - "command": "object list", - "result": "(?P<uuid_object_swift_object>\\w+)\\s+AUTH_6c7f27a7aaf94423a28ea8ac30fea929-moonclient_test-tmp-test-txt", - "description": "Check that the new swift object was added." - }, - { - "name": "add_assignment", - "command": "object assignment add $uuid_object_swift_object $uuid_object_category $uuid_object_scope_low", - "result": "^$", - "description": "Set the assignment 'low' to swift object", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "object assignment list $uuid_object_swift_object $uuid_object_category", - "result": "$uuid_object_scope_low low", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add get_container --description 'Swift action'", - "result": "", - "description": "Add the action get_container", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_swift_get_container>\\w+)\\s+get_container", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_get_container $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_get_container $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add get_object_metadata --description 'Swift action'", - "result": "", - "description": "Add the action get_object_metadata", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_swift_get_object_metadata>\\w+)\\s+get_object_metadata", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_get_object_metadata $uuid_action_category $uuid_action_scope_storage_access", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_get_object_metadata $uuid_action_category", - "result": "$uuid_action_scope_storage_access storage_access", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add create_object --description 'Swift action'", - "result": "", - "description": "Add the action create_object", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_swift_create_object>\\w+)\\s+create_object", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_create_object $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_create_object $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "add_action", - "command": "action add create_container --description 'Swift action'", - "result": "", - "description": "Add the action create_container", - "command_options": "" - }, - { - "name": "list_action", - "command": "action list", - "result": "(?P<uuid_action_swift_create_container>\\w+)\\s+create_container", - "description": "Check that the new swift action was added." - }, - { - "name": "add_assignment", - "command": "action assignment add $uuid_action_swift_create_container $uuid_action_category $uuid_action_scope_storage_admin", - "result": "^$", - "description": "Set the assignment 'storage_access' to swift action", - "command_options": "" - }, - { - "name": "check_added_assignment", - "command": "action assignment list $uuid_action_swift_create_container $uuid_action_category", - "result": "$uuid_action_scope_storage_admin storage_admin", - "description": "Check added assignment.", - "command_options": "-c id -c name -f value" - }, - { - "name": "swift post file", - "external_command": "swift upload moonclient_test /tmp/test.txt", - "result": "", - "description": "Put the test file in the container" - }, - { - "name": "swift list", - "external_command": "swift list moonclient_test", - "result": "tmp/test.txt", - "description": "Check that test file has been uploaded." - }, - - - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant admin", - "command_options": "" - }, - { - "name": "swift delete new container", - "external_command": "swift delete moonclient_test", - "result": "", - "description": "Delete the new server" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/moonclient/tests/todo/tests_external_commands.json b/moonclient/moonclient/tests/todo/tests_external_commands.json deleted file mode 100644 index 4caa0df1..00000000 --- a/moonclient/moonclient/tests/todo/tests_external_commands.json +++ /dev/null @@ -1,228 +0,0 @@ -{ - "command_options": "-f value", - "tests_group": { - "main": [ - { - "auth_name": "admin", - "description": "Change user to admin (just in case...)" - }, - - { - "name": "list tenant", - "command": "tenant list", - "no_result": "demo", - "description": "List all tenants (must be empty)" - }, - { - "name": "add tenant demo", - "command": "tenant add demo", - "result": "^$", - "description": "Add a new tenant", - "command_options": "" - }, - { - "name": "check tenant demo", - "command": "tenant list", - "result": "(?P<uuid>\\w+)\\s+demo", - "description": "Check that tenant demo has been correctly added" - }, - { - "name": "create_intraextension_admin", - "command": "intraextension add --policy_model policy_rbac_admin admin_test", - "result": "IntraExtension created: (?P<uuid_admin>\\w+)", - "description": "Create an admin intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_admin", - "command": "intraextension list", - "result": "$uuid_admin", - "description": "Check the existence of that admin intra extension" - }, - { - "name": "create_intraextension_authz", - "command": "intraextension add --policy_model policy_authz authz_test", - "result": "IntraExtension created: (?P<uuid_authz>\\w+)", - "description": "Create an authz intra extension", - "command_options": "" - }, - { - "name": "list_intraextension_authz", - "command": "intraextension list", - "result": "$uuid_authz", - "description": "Check the existence of that authz intra extension" - }, - { - "name": "set_tenant_authz", - "command": "tenant set --authz $uuid_authz $uuid", - "result": "", - "description": "Connect the authz intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "check authz ie for tenant demo", - "command": "tenant list", - "result": "demo $uuid_authz", - "description": "Check that authz ie has been correctly added for tenant demo ", - "command_options": "-c name -c intra_authz_extension_id -f value" - }, - { - "name": "select_authz_ie", - "command": "intraextension select $uuid_authz", - "result": "Select $uuid_authz IntraExtension.", - "description": "Select the authz IntraExtension", - "command_options": "" - }, - { - "name": "check_select_authz_ie", - "command": "intraextension show selected", - "result": "$uuid_authz", - "description": "Check the selected authz IntraExtension", - "command_options": "-c id -f value" - }, - { - "name": "set_tenant_admin", - "command": "tenant set --admin $uuid_admin $uuid", - "result": "", - "description": "Connect the admin intra extension to the tenant demo", - "command_options": "" - }, - { - "name": "check admin ie for tenant demo", - "command": "tenant list", - "result": "demo $uuid_admin", - "description": "Check that admin ie has been correctly added for tenant demo ", - "command_options": "-c name -c intra_admin_extension_id -f value" - }, - - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm list", - "result": "(?P<uuid_aggregation>\\w+)\\s+one_true", - "description": "Get aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - { - "name": "set aggregation algorithm", - "command": "aggregation algorithm set $uuid_aggregation", - "result": "", - "description": "Set aggregation algorithm to one_true.", - "command_options": "" - }, - { - "name": "get aggregation algorithm", - "command": "aggregation algorithm show", - "result": "$uuid_aggregation\\s+one_true", - "description": "Check aggregation algorithm.", - "command_options": "-c id -c name -f value" - }, - - { - "name": "get cirros image", - "external_command": "wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o /tmp/cirros.img", - "result": "", - "description": "Download a Cirros image" - }, - { - "name": "install cirros image", - "external_command": "glance image-create --name \"cirros\" --disk-format qcow2 --file /tmp/cirros.img --container-format bare", - "result": "", - "description": "Upload the Cirros image in glance" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create secgroup", - "external_command": "nova secgroup-add-rule default tcp 22 22 0.0.0.0/0", - "result": "", - "description": "Create a new secgroup in Nova" - }, - { - "name": "create router", - "external_command": "neutron router-create demo-router", - "result": "", - "description": "Create a new router" - }, - { - "name": "set router", - "external_command": "neutron router-gateway-set demo-router ext-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron net-create demo-net", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1", - "result": "", - "description": "Configure the new router" - }, - { - "name": "set router", - "external_command": "neutron router-interface-add demo-router demo-subnet", - "result": "", - "description": "Configure the new router" - }, - { - "name": "nova image-list", - "external_command": "nova image-list", - "result": "(?P<uuid_image>[\\w-]+)\\s+\\| cirros", - "description": "Get an Image ID" - }, - { - "name": "neutron net-list", - "external_command": "neutron net-list", - "result": "(?P<uuid_net>[\\w-]+)\\s+\\| ext-net", - "description": "Get an Net ID" - }, - { - "name": "nova boot new server", - "external_command": "nova boot --flavor m1.tiny --image $uuid_image --nic net-id=$uuid_net --security-group default test_moonclient", - "result": "", - "description": "Get an Image ID" - }, - { - "name": "sleep", - "external_command": "sleep 10", - "result": "", - "description": "time for server to really boot" - }, - { - "name": "check nova command", - "external_command": "nova list", - "result": "\\| (?P<uuid_server>[\\w\\-]+)\\s+\\| (?P<name_server>\\w+)\\s+\\| ACTIVE\\s+\\| [\\w\\-]+\\s+\\| Running", - "description": "Check that nova is running and get the ID of one running server" - }, - - { - "name": "delete_admin_intra_extension", - "command": "intraextension delete $uuid_admin", - "result": "", - "description": "Delete the admin intra extension", - "command_options": "" - }, - { - "name": "delete_authz_intra_extension", - "command": "intraextension delete $uuid_authz", - "result": "", - "description": "Delete the authz intra extension", - "command_options": "" - }, - { - "name": "delete_tenant", - "command": "tenant delete $uuid", - "result": "", - "description": "Delete the tenant demo", - "command_options": "" - } - ] - } -}
\ No newline at end of file diff --git a/moonclient/requirements.txt b/moonclient/requirements.txt deleted file mode 100644 index 298dfec9..00000000 --- a/moonclient/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -pbr>=0.6,!=0.7,<1.0 -cliff>=1.7.0 # Apache-2.0 -cliff-tablib>=1.0 diff --git a/moonclient/setup.py b/moonclient/setup.py deleted file mode 100644 index 0b93c4d3..00000000 --- a/moonclient/setup.py +++ /dev/null @@ -1,133 +0,0 @@ -#!/usr/bin/env python - - -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from setuptools import setup, find_packages -from moonclient import __version__ - -PROJECT = 'python-moonclient' - -# Change docs/sphinx/conf.py too! -VERSION = __version__ - -try: - long_description = open('README.rst', 'rt').read() -except IOError: - long_description = '' - -setup( - name=PROJECT, - version=VERSION, - - description='Python Moon client', - long_description=long_description, - - author='Thomas Duval', - author_email='thomas.duval@orange.com', - - url='https://github.com/...', - download_url='https://github.com/.../tarball/master', - - classifiers=['Development Status :: 3 - Alpha', - 'License :: OSI Approved :: Apache Software License', - 'Programming Language :: Python', - 'Programming Language :: Python :: 2', - 'Programming Language :: Python :: 2.7', - 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.2', - 'Intended Audience :: Developers', - 'Environment :: Console', - ], - - platforms=['Any'], - - scripts=[], - - provides=[], - install_requires=['cliff'], - - namespace_packages=[], - packages=find_packages(), - include_package_data=True, - - entry_points={ - 'console_scripts': [ - 'moon = moonclient.shell:main' - ], - 'moon.client': [ - 'template_list = moonclient.configuration:TemplatesList', - 'aggregation_algorithm_list = moonclient.configuration:AggregationAlgorithmsList', - 'submetarule_algorithm_list = moonclient.configuration:SubMetaRuleAlgorithmsList', - - 'tenant_add = moonclient.tenants:TenantAdd', - 'tenant_set = moonclient.tenants:TenantSet', - 'tenant_list = moonclient.tenants:TenantList', - 'tenant_show = moonclient.tenants:TenantShow', - 'tenant_delete = moonclient.tenants:TenantDelete', - - 'intraextension_select = moonclient.intraextension:IntraExtensionSelect', - 'intraextension_add = moonclient.intraextension:IntraExtensionCreate', - 'intraextension_list = moonclient.intraextension:IntraExtensionList', - 'intraextension_delete = moonclient.intraextension:IntraExtensionDelete', - 'intraextension_show = moonclient.intraextension:IntraExtensionShow', - 'intraextension_init = moonclient.intraextension:IntraExtensionInit', - - 'subject_list = moonclient.subjects:SubjectsList', - 'subject_add = moonclient.subjects:SubjectsAdd', - 'subject_delete = moonclient.subjects:SubjectsDelete', - 'object_list = moonclient.objects:ObjectsList', - 'object_add = moonclient.objects:ObjectsAdd', - 'object_delete = moonclient.objects:ObjectsDelete', - 'action_list = moonclient.actions:ActionsList', - 'action_add = moonclient.actions:ActionsAdd', - 'action_delete = moonclient.actions:ActionsDelete', - 'subject_category_list = moonclient.subject_categories:SubjectCategoriesList', - 'subject_category_add = moonclient.subject_categories:SubjectCategoriesAdd', - 'subject_category_delete = moonclient.subject_categories:SubjectCategoriesDelete', - 'object_category_list = moonclient.object_categories:ObjectCategoriesList', - 'object_category_add = moonclient.object_categories:ObjectCategoriesAdd', - 'object_category_delete = moonclient.object_categories:ObjectCategoriesDelete', - 'action_category_list = moonclient.action_categories:ActionCategoriesList', - 'action_category_add = moonclient.action_categories:ActionCategoriesAdd', - 'action_category_delete = moonclient.action_categories:ActionCategoriesDelete', - 'subject_scope_list = moonclient.subject_scopes:SubjectScopesList', - 'subject_scope_add = moonclient.subject_scopes:SubjectScopesAdd', - 'subject_scope_delete = moonclient.subject_scopes:SubjectScopesDelete', - 'object_scope_list = moonclient.object_scopes:ObjectScopesList', - 'object_scope_add = moonclient.object_scopes:ObjectScopesAdd', - 'object_scope_delete = moonclient.object_scopes:ObjectScopesDelete', - 'action_scope_list = moonclient.action_scopes:ActionScopesList', - 'action_scope_add = moonclient.action_scopes:ActionScopesAdd', - 'action_scope_delete = moonclient.action_scopes:ActionScopesDelete', - 'subject_assignment_list = moonclient.subject_assignments:SubjectAssignmentsList', - 'subject_assignment_add = moonclient.subject_assignments:SubjectAssignmentsAdd', - 'subject_assignment_delete = moonclient.subject_assignments:SubjectAssignmentsDelete', - 'object_assignment_list = moonclient.object_assignments:ObjectAssignmentsList', - 'object_assignment_add = moonclient.object_assignments:ObjectAssignmentsAdd', - 'object_assignment_delete = moonclient.object_assignments:ObjectAssignmentsDelete', - 'action_assignment_list = moonclient.action_assignments:ActionAssignmentsList', - 'action_assignment_add = moonclient.action_assignments:ActionAssignmentsAdd', - 'action_assignment_delete = moonclient.action_assignments:ActionAssignmentsDelete', - - 'aggregation_algorithm_show = moonclient.metarules:AggregationAlgorithmsList', - 'aggregation_algorithm_set = moonclient.metarules:AggregationAlgorithmSet', - - 'submetarule_show = moonclient.metarules:SubMetaRuleShow', - 'submetarule_set = moonclient.metarules:SubMetaRuleSet', - - - 'rule_list = moonclient.rules:RulesList', - 'rule_add = moonclient.rules:RuleAdd', - 'rule_delete = moonclient.rules:RuleDelete', - - 'log = moonclient.logs:LogsList', - - 'test = moonclient.tests:TestsLaunch', - ], - }, - - zip_safe=False, -)
\ No newline at end of file diff --git a/python_moonclient/Changelog b/python_moonclient/Changelog index 854200cb..cd099ae3 100644 --- a/python_moonclient/Changelog +++ b/python_moonclient/Changelog @@ -9,4 +9,12 @@ CHANGES 0.1.0 ----- -- First version of the python-moonclient
\ No newline at end of file +- First version of the python-moonclient + +1.0.0 +----- +- First public version of the python-moonclient + +1.0.1 +----- +- Fix a bug in configuration diff --git a/python_moonclient/python_moonclient/__init__.py b/python_moonclient/python_moonclient/__init__.py index d7cdd111..2249a1b6 100644 --- a/python_moonclient/python_moonclient/__init__.py +++ b/python_moonclient/python_moonclient/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "0.0.1" +__version__ = "1.0.1" diff --git a/python_moonclient/python_moonclient/config.py b/python_moonclient/python_moonclient/config.py index d6317820..300ebf1a 100644 --- a/python_moonclient/python_moonclient/config.py +++ b/python_moonclient/python_moonclient/config.py @@ -21,17 +21,36 @@ def get_configuration(consul_host, consul_port, key): def get_config_data(consul_host, consul_port): conf_data = dict() - conf_data['manager_host'] = get_configuration(consul_host, consul_port, - 'components/manager')['components/manager']['external']['hostname'] - conf_data['manager_port'] = get_configuration(consul_host, consul_port, - 'components/manager')['components/manager']['external']['port'] - # conf_data['authz_host'] = get_configuration(consul_host, consul_port, - # 'components/interface')['components/interface']['external']['hostname'] - # conf_data['authz_port'] = get_configuration(consul_host, consul_port, - # 'components/interface')['components/interface']['external']['port'] - conf_data['keystone_host'] = get_configuration(consul_host, consul_port, - 'openstack/keystone')['openstack/keystone']['external']['url'] - # conf_data['keystone_port'] = '5000' + conf_data['manager_host'] = get_configuration( + consul_host, consul_port, + 'components/manager')['components/manager']['external']['hostname'] + conf_data['manager_port'] = get_configuration( + consul_host, consul_port, + 'components/manager')['components/manager']['external']['port'] + try: + requests.get("http://{}:{}/".format( + conf_data['manager_host'], + conf_data['manager_port'] + ), + timeout=2) + except requests.exceptions.ConnectionError: + conf_data['manager_host'] = get_configuration(consul_host, consul_port, + 'components/manager')[ + 'components/manager']['hostname'] + conf_data['manager_port'] = get_configuration(consul_host, consul_port, + 'components/manager')[ + 'components/manager']['port'] + + conf_data['keystone_host'] = get_configuration( + consul_host, consul_port, + 'openstack/keystone')['openstack/keystone']['external']['url'] + try: + requests.get(conf_data['keystone_host'], timeout=2) + except requests.exceptions.ConnectionError: + conf_data['keystone_host'] = get_configuration( + consul_host, consul_port, + 'openstack/keystone')['openstack/keystone']['url'] + conf_data['keystone_user'] = get_configuration(consul_host, consul_port, 'openstack/keystone')['openstack/keystone']['user'] conf_data['keystone_password'] = get_configuration(consul_host, consul_port, @@ -39,6 +58,3 @@ def get_config_data(consul_host, consul_port): conf_data['keystone_project'] = get_configuration(consul_host, consul_port, 'openstack/keystone')['openstack/keystone']['project'] return conf_data - -# get_conf_data('88.88.88.2', '30005') -# get_conf_data('127.0.0.1', 8082) diff --git a/python_moonclient/python_moonclient/scripts.py b/python_moonclient/python_moonclient/scripts.py new file mode 100644 index 00000000..69746a8b --- /dev/null +++ b/python_moonclient/python_moonclient/scripts.py @@ -0,0 +1,83 @@ +import logging +from importlib.machinery import SourceFileLoader +from . import parse, models, policies, pdp, authz + + +logger = logging.getLogger("moonclient.scripts") + + +def get_keystone_projects(): + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + projects = pdp.get_keystone_projects() + + for _project in projects['projects']: + print("{} {}".format(_project['id'], _project['name'])) + + +def populate_values(): + requests_log = logging.getLogger("requests.packages.urllib3") + requests_log.setLevel(logging.WARNING) + requests_log.propagate = True + + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + project_id = args.keystone_pid + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + if args.filename: + print("Loading: {}".format(args.filename[0])) + m = SourceFileLoader("scenario", args.filename[0]) + scenario = m.load_module() + + _models = models.check_model() + for _model_id, _model_value in _models['models'].items(): + if _model_value['name'] == scenario.model_name: + model_id = _model_id + meta_rule_list = _model_value['meta_rules'] + models.create_model(scenario, model_id) + break + else: + model_id, meta_rule_list = models.create_model(scenario) + policy_id = policies.create_policy(scenario, model_id, meta_rule_list) + pdp_id = pdp.create_pdp(scenario, policy_id=policy_id, project_id=project_id) + + +def send_authz(): + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + if args.filename: + print("Loading: {}".format(args.filename[0])) + m = SourceFileLoader("scenario", args.filename[0]) + scenario = m.load_module() + + keystone_project_id = pdp.get_keystone_id(args.pdp) + time_data = authz.send_requests( + scenario, + args.authz_host, + args.authz_port, + keystone_project_id, + request_second=args.request_second, + limit=args.limit, + dry_run=args.dry_run, + stress_test=args.stress_test, + destination=args.destination + ) + if not args.dry_run: + authz.save_data(args.write, time_data) diff --git a/python_moonclient/setup.py b/python_moonclient/setup.py index 000e87ca..f2dbc580 100644 --- a/python_moonclient/setup.py +++ b/python_moonclient/setup.py @@ -39,4 +39,12 @@ setup( 'Operating System :: OS Independent', ], + entry_points={ + 'console_scripts': [ + 'moon_get_keystone_projects = python_moonclient.scripts:get_keystone_projects', + 'moon_populate_values = python_moonclient.scripts:populate_values', + 'moon_send_authz = python_moonclient.scripts:send_authz', + ], + } + ) diff --git a/python_moondb/tests/unit_python/mock_keystone.py b/python_moondb/tests/unit_python/mock_keystone.py index c0b26b88..3f262538 100644 --- a/python_moondb/tests/unit_python/mock_keystone.py +++ b/python_moondb/tests/unit_python/mock_keystone.py @@ -20,4 +20,14 @@ def register_keystone(m): json={"users": [{ "id": "1111111111111" }]} - )
\ No newline at end of file + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/projects/', + json={ + "description": "test_project", + "domain_id": ['domain_id_1'], + "enabled": True, + "is_domain": False, + "name": 'project_1' + } + ) diff --git a/templates/moon_forming/utils/__init__.py b/python_moondb/tests/unit_python/models/__init__.py index e69de29b..e69de29b 100644..100755 --- a/templates/moon_forming/utils/__init__.py +++ b/python_moondb/tests/unit_python/models/__init__.py diff --git a/python_moondb/tests/unit_python/models/test_meta_rules.py b/python_moondb/tests/unit_python/models/test_meta_rules.py new file mode 100644 index 00000000..d8b61365 --- /dev/null +++ b/python_moondb/tests/unit_python/models/test_meta_rules.py @@ -0,0 +1,175 @@ +import pytest + + +def set_meta_rule(meta_rule_id, value=None): + from python_moondb.core import ModelManager + if not value: + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_security_level_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + return ModelManager.set_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) + + +def add_meta_rule(meta_rule_id=None, value=None): + from python_moondb.core import ModelManager + if not value: + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_security_level_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + return ModelManager.add_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) + + +def get_meta_rules(meta_rule_id=None): + from python_moondb.core import ModelManager + return ModelManager.get_meta_rules(user_id=None, meta_rule_id=meta_rule_id) + + +def delete_meta_rules(meta_rule_id=None): + from python_moondb.core import ModelManager + ModelManager.delete_meta_rule(user_id=None, meta_rule_id=meta_rule_id) + +def test_set_not_exist_meta_rule_error(db): + # set not existing meta rule and expect to raise and error + with pytest.raises(Exception) as exception_info: + set_meta_rule(meta_rule_id=None) + assert str(exception_info.value) == '400: Sub Meta Rule Unknown' + + +def test_add_new_meta_rule_success(db): + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_security_level_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + metaRules = add_meta_rule(); + assert isinstance(metaRules, dict) + assert metaRules + assert len(metaRules) is 1 + meta_rule_id = list(metaRules.keys())[0] + for key in ("name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in metaRules[meta_rule_id] + assert metaRules[meta_rule_id][key] == value[key] + + +def test_set_meta_rule_succes(db): + # arrange + meta_rules = add_meta_rule() + meta_rule_id = list(meta_rules.keys())[0] + updated_value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_role_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + # action + updated_meta_rule = set_meta_rule(meta_rule_id, updated_value) + # assert + updated_meta_rule_id = list(updated_meta_rule.keys())[0] + assert updated_meta_rule_id == meta_rule_id + assert updated_meta_rule[updated_meta_rule_id]["subject_categories"] == \ + updated_value["subject_categories"] + + +def test_add_existing_meta_rule_error(db): + meta_rules = add_meta_rule() + meta_rule_id = list(meta_rules.keys())[0] + with pytest.raises(Exception) as exception_info: + add_meta_rule(meta_rule_id=meta_rule_id) + assert str(exception_info.value) == '400: Sub Meta Rule Existing' + + +def test_get_meta_rule_success(db): + # arrange + values = {} + value1 = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_security_level_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + meta_rules1 = add_meta_rule(value=value1) + meta_rule_id1 = list(meta_rules1.keys())[0] + values[meta_rule_id1] = value1 + value2 = { + "name": "rbac_meta_rule", + "description": "test", + "subject_categories": ["user_role_id_1"], + "object_categories": ["vm_id_1"], + "action_categories": ["action_type_id_1"] + } + meta_rules2 = add_meta_rule(value=value2) + meta_rule_id2 = list(meta_rules2.keys())[0] + values[meta_rule_id2] = value2 + + # action + meta_rules = get_meta_rules() + # assert + assert isinstance(meta_rules , dict) + assert meta_rules + assert len(meta_rules) is 2 + for meta_rule_id in meta_rules: + for key in ("name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in meta_rules[meta_rule_id] + assert meta_rules[meta_rule_id][key] == values[meta_rule_id][key] + + +def test_get_specific_meta_rule_success(db): + # arrange + add_meta_rule() + added_meta_rules = add_meta_rule() + added_meta_rule_id = list(added_meta_rules.keys())[0] + # action + meta_rules = get_meta_rules(meta_rule_id=added_meta_rule_id) + meta_rule_id = list(meta_rules.keys())[0] + # assert + assert meta_rule_id == added_meta_rule_id + for key in ("name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in meta_rules[meta_rule_id] + assert meta_rules[meta_rule_id][key] == added_meta_rules[added_meta_rule_id][key] + + +def test_delete_meta_rules_success(db): + # arrange + value1 = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_security_level_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + meta_rules1 = add_meta_rule(value=value1) + meta_rule_id1 = list(meta_rules1.keys())[0] + + value2 = { + "name": "rbac_meta_rule", + "description": "test", + "subject_categories": ["user_role_id_1"], + "object_categories": ["vm_id_1"], + "action_categories": ["action_type_id_1"] + } + meta_rules2 = add_meta_rule(value=value2) + meta_rule_id2 = list(meta_rules2.keys())[0] + + # action + delete_meta_rules(meta_rule_id1) + # assert + meta_rules = get_meta_rules() + assert meta_rule_id1 not in meta_rules + + +def test_delete_invalid_meta_rules_error(db): + with pytest.raises(Exception) as exception_info: + delete_meta_rules("INVALID_META_RULE_ID") + assert str(exception_info.value) == '400: Sub Meta Rule Unknown' diff --git a/python_moondb/tests/unit_python/models/test_models.py b/python_moondb/tests/unit_python/models/test_models.py new file mode 100644 index 00000000..e56fea6b --- /dev/null +++ b/python_moondb/tests/unit_python/models/test_models.py @@ -0,0 +1,161 @@ +import pytest + + +def get_models(model_id=None): + from python_moondb.core import ModelManager + return ModelManager.get_models(user_id= None , model_id= model_id) + + +def add_model(model_id=None, value=None): + from python_moondb.core import ModelManager + if not value: + value = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_1" + } + return ModelManager.add_model(user_id=None, model_id=model_id, value=value) + + +def delete_models(uuid=None, name=None): + from python_moondb.core import ModelManager + if not uuid: + for model_id, model_value in get_models(): + if name == model_value['name']: + uuid = model_id + break + ModelManager.delete_model(user_id=None, model_id=uuid) + + +def update_model(model_id=None, value=None): + from python_moondb.core import ModelManager + return ModelManager.update_model(user_id=None, model_id=model_id, value=value) + + +def test_get_models_empty(db): + # act + models = get_models() + # assert + assert isinstance(models, dict) + assert not models + + +def test_get_model(db): + # prepare + add_model(model_id="mls_model_id") + # act + models = get_models() + # assert + assert isinstance(models, dict) + assert models # assert model is not empty + assert len(models) is 1 + + +def test_get_specific_model(db): + # prepare + add_model(model_id="mls_model_id") + add_model(model_id="rbac_model_id") + # act + models = get_models(model_id="mls_model_id") + # assert + assert isinstance(models, dict) + assert models # assert model is not empty + assert len(models) is 1 + + +def test_add_model(db): + # act + model = add_model() + # assert + assert isinstance(model, dict) + assert model # assert model is not empty + assert len(model) is 1 + + +def test_add_same_model_twice(db): + # prepare + add_model(model_id="model_1") # add model twice + # act + with pytest.raises(Exception) as exception_info: + add_model(model_id="model_1") + assert str(exception_info.value) == '409: Model Error' + + +def test_add_model_generate_new_uuid(db): + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_1" + } + model1 = add_model(value=model_value1) + + model_value2 = { + "name": "rbac", + "description": "test", + "meta_rules": "meta_rule_mls_2" + } + model2 = add_model(value=model_value2) + + assert list(model1)[0] != list(model2)[0] + + +def test_add_models(db): + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_1" + } + models = add_model(value=model_value1) + assert isinstance(models, dict) + assert models + assert len(models.keys()) == 1 + model_id = list(models.keys())[0] + for key in ("name", "meta_rules", "description"): + assert key in models[model_id] + assert models[model_id][key] == model_value1[key] + + +def test_delete_models(db): + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_1" + } + model1 = add_model(value=model_value1) + + model_value2 = { + "name": "rbac", + "description": "test", + "meta_rules": "meta_rule_mls_2" + } + model2 = add_model(value=model_value2) + + id = list(model1)[0] + delete_models(id) + # assert + models = get_models() + assert id not in models + + +def test_update_model(db): + # prepare + model_value = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_1" + } + model = add_model(value=model_value) + model_id = list(model)[0] + new_model_value = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_2" + } + # act + update_model(model_id=model_id, value=new_model_value) + # assert + model = get_models(model_id) + + for key in ("name", "meta_rules", "description"): + assert key in model[model_id] + assert model[model_id][key] == new_model_value[key]
\ No newline at end of file diff --git a/python_moondb/tests/unit_python/policies/__init__.py b/python_moondb/tests/unit_python/policies/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/python_moondb/tests/unit_python/policies/__init__.py diff --git a/python_moondb/tests/unit_python/policies/mock_data.py b/python_moondb/tests/unit_python/policies/mock_data.py new file mode 100644 index 00000000..b2642979 --- /dev/null +++ b/python_moondb/tests/unit_python/policies/mock_data.py @@ -0,0 +1,45 @@ +def create_meta_rule(): + meta_rule_value = { + "name": "meta_rule1", + "algorithm": "name of the meta rule algorithm", + "subject_categories": ["subject_category_id1", + "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } + return meta_rule_value + + +def create_model(meta_rule_id): + value = { + "name": "test_model", + "description": "test", + "meta_rules": [meta_rule_id] + + } + return value + + +def create_policy(model_id): + value = { + "name": "policy_1", + "model_id": model_id, + "genre": "authz", + "description": "test", + } + return value + + +def get_policy_id(): + import policies.test_policies as test_policies + import models.test_models as test_models + import models.test_meta_rules as test_meta_rules + meta_rule = test_meta_rules.add_meta_rule(value=create_meta_rule()) + meta_rule_id = list(meta_rule.keys())[0] + model = test_models.add_model(value=create_model(meta_rule_id)) + model_id = list(model.keys())[0] + value = create_policy(model_id) + policy = test_policies.add_policies(value) + assert policy + policy_id = list(policy.keys())[0] + return policy_id diff --git a/python_moondb/tests/unit_python/policies/test_assignments.py b/python_moondb/tests/unit_python/policies/test_assignments.py new file mode 100755 index 00000000..ccac205a --- /dev/null +++ b/python_moondb/tests/unit_python/policies/test_assignments.py @@ -0,0 +1,245 @@ +def get_action_assignments(policy_id, action_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_action_assignments("", policy_id, action_id, category_id) + + +def add_action_assignment(policy_id, action_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_action_assignment("", policy_id, action_id, category_id, data_id) + + +def delete_action_assignment(policy_id, action_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action_assignment("", policy_id, action_id, category_id, data_id) + + +def get_object_assignments(policy_id, object_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_object_assignments("", policy_id, object_id, category_id) + + +def add_object_assignment(policy_id, object_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_object_assignment("", policy_id, object_id, category_id, data_id) + + +def delete_object_assignment(policy_id, object_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object_assignment("", policy_id, object_id, category_id, data_id) + + +def get_subject_assignments(policy_id, subject_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subject_assignments("", policy_id, subject_id, category_id) + + +def add_subject_assignment(policy_id, subject_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_subject_assignment("", policy_id, subject_id, category_id, data_id) + + +def delete_subject_assignment(policy_id, subject_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject_assignment("", policy_id, subject_id, category_id, data_id) + + +def test_get_action_assignments(db): + policy_id = "admin" + action_id = "action_id_1" + category_id = "category_id_1" + data_id = "data_id_1" + add_action_assignment(policy_id, action_id, category_id, data_id) + act_assignments = get_action_assignments(policy_id, action_id, category_id) + action_id_1 = list(act_assignments.keys())[0] + assert act_assignments[action_id_1]["policy_id"] == policy_id + assert act_assignments[action_id_1]["action_id"] == action_id + assert act_assignments[action_id_1]["category_id"] == category_id + assert len(act_assignments[action_id_1].get("assignments")) == 1 + assert data_id in act_assignments[action_id_1].get("assignments") + + +def test_get_action_assignments_by_policy_id(db): + policy_id = "admin" + action_id = "action_id_1" + category_id = "category_id_1" + data_id = "data_id_1" + add_action_assignment(policy_id, action_id, category_id, data_id) + data_id = "data_id_2" + add_action_assignment(policy_id, action_id, category_id, data_id) + data_id = "data_id_3" + add_action_assignment(policy_id, action_id, category_id, data_id) + act_assignments = get_action_assignments(policy_id) + action_id_1 = list(act_assignments.keys())[0] + assert act_assignments[action_id_1]["policy_id"] == policy_id + assert act_assignments[action_id_1]["action_id"] == action_id + assert act_assignments[action_id_1]["category_id"] == category_id + assert len(act_assignments[action_id_1].get("assignments")) == 3 + + +def test_add_action_assignments(db): + policy_id = "admin" + action_id = "action_id_1" + category_id = "category_id_1" + data_id = "data_id_1" + action_assignments = add_action_assignment(policy_id, action_id, category_id, data_id) + assert action_assignments + action_id_1 = list(action_assignments.keys())[0] + assert action_assignments[action_id_1]["policy_id"] == policy_id + assert action_assignments[action_id_1]["action_id"] == action_id + assert action_assignments[action_id_1]["category_id"] == category_id + assert len(action_assignments[action_id_1].get("assignments")) == 1 + assert data_id in action_assignments[action_id_1].get("assignments") + + +def test_delete_action_assignment(db): + policy_id = "admin_1" + add_action_assignment(policy_id, "", "", "") + policy_id = "admin_2" + action_id = "action_id_2" + category_id = "category_id_2" + data_id = "data_id_2" + add_action_assignment(policy_id, action_id, category_id, data_id) + delete_action_assignment(policy_id, "", "", "") + assignments = get_action_assignments(policy_id, ) + assert len(assignments) == 1 + + +def test_delete_action_assignment_with_invalid_policy_id(db): + policy_id = "invalid_id" + delete_action_assignment(policy_id, "", "", "") + assignments = get_action_assignments(policy_id, ) + assert len(assignments) == 0 + + +def test_get_object_assignments(db): + policy_id = "admin" + object_id = "object_id_1" + category_id = "category_id_1" + data_id = "data_id_1" + add_object_assignment(policy_id, object_id, category_id, data_id) + obj_assignments = get_object_assignments(policy_id, object_id, category_id) + object_id_1 = list(obj_assignments.keys())[0] + assert obj_assignments[object_id_1]["policy_id"] == policy_id + assert obj_assignments[object_id_1]["object_id"] == object_id + assert obj_assignments[object_id_1]["category_id"] == category_id + assert len(obj_assignments[object_id_1].get("assignments")) == 1 + assert data_id in obj_assignments[object_id_1].get("assignments") + + +def test_get_object_assignments_by_policy_id(db): + policy_id = "admin" + object_id_1 = "object_id_1" + category_id_1 = "category_id_1" + data_id = "data_id_1" + add_action_assignment(policy_id, object_id_1, category_id_1, data_id) + object_id_2 = "object_id_2" + category_id_2 = "category_id_2" + data_id = "data_id_2" + add_action_assignment(policy_id, object_id_2, category_id_2, data_id) + object_id_3 = "object_id_3" + category_id_3 = "category_id_3" + data_id = "data_id_3" + add_action_assignment(policy_id, object_id_3, category_id_3, data_id) + act_assignments = get_action_assignments(policy_id) + assert len(act_assignments) == 3 + + +def test_add_object_assignments(db): + policy_id = "admin" + object_id = "object_id_1" + category_id = "category_id_1" + data_id = "data_id_1" + object_assignments = add_object_assignment(policy_id, object_id, category_id, data_id) + assert object_assignments + object_id_1 = list(object_assignments.keys())[0] + assert object_assignments[object_id_1]["policy_id"] == policy_id + assert object_assignments[object_id_1]["object_id"] == object_id + assert object_assignments[object_id_1]["category_id"] == category_id + assert len(object_assignments[object_id_1].get("assignments")) == 1 + assert data_id in object_assignments[object_id_1].get("assignments") + + +def test_delete_object_assignment(db): + policy_id = "admin_1" + add_object_assignment(policy_id, "", "", "") + object_id = "action_id_2" + category_id = "category_id_2" + data_id = "data_id_2" + add_object_assignment(policy_id, object_id, category_id, data_id) + delete_object_assignment(policy_id, "", "", "") + assignments = get_object_assignments(policy_id, ) + assert len(assignments) == 1 + + +def test_delete_object_assignment_with_invalid_policy_id(db): + policy_id = "invalid_id" + delete_object_assignment(policy_id, "", "", "") + assignments = get_object_assignments(policy_id, ) + assert len(assignments) == 0 + + +def test_get_subject_assignments(db): + policy_id = "admin" + subject_id = "object_id_1" + category_id = "category_id_1" + data_id = "data_id_1" + add_subject_assignment(policy_id, subject_id, category_id, data_id) + subj_assignments = get_subject_assignments(policy_id, subject_id, category_id) + subject_id_1 = list(subj_assignments.keys())[0] + assert subj_assignments[subject_id_1]["policy_id"] == policy_id + assert subj_assignments[subject_id_1]["subject_id"] == subject_id + assert subj_assignments[subject_id_1]["category_id"] == category_id + assert len(subj_assignments[subject_id_1].get("assignments")) == 1 + assert data_id in subj_assignments[subject_id_1].get("assignments") + + +def test_get_subject_assignments_by_policy_id(db): + policy_id = "admin" + subject_id_1 = "subject_id_1" + category_id_1 = "category_id_1" + data_id = "data_id_1" + add_subject_assignment(policy_id, subject_id_1, category_id_1, data_id) + subject_id_2 = "subject_id_2" + category_id_2 = "category_id_2" + data_id = "data_id_2" + add_subject_assignment(policy_id, subject_id_2, category_id_2, data_id) + subject_id_3 = "subject_id_3" + category_id_3 = "category_id_3" + data_id = "data_id_3" + add_subject_assignment(policy_id, subject_id_3, category_id_3, data_id) + subj_assignments = get_subject_assignments(policy_id) + assert len(subj_assignments) == 3 + + +def test_add_subject_assignments(db): + policy_id = "admin" + subject_id = "subject_id_1" + category_id = "category_id_1" + data_id = "data_id_1" + subject_assignments = add_subject_assignment(policy_id, subject_id, category_id, data_id) + assert subject_assignments + subject_id_1 = list(subject_assignments.keys())[0] + assert subject_assignments[subject_id_1]["policy_id"] == policy_id + assert subject_assignments[subject_id_1]["subject_id"] == subject_id + assert subject_assignments[subject_id_1]["category_id"] == category_id + assert len(subject_assignments[subject_id_1].get("assignments")) == 1 + assert data_id in subject_assignments[subject_id_1].get("assignments") + + +def test_delete_subject_assignment(db): + policy_id = "admin_1" + add_subject_assignment(policy_id, "", "", "") + subject_id = "subject_id_2" + category_id = "category_id_2" + data_id = "data_id_2" + add_subject_assignment(policy_id, subject_id, category_id, data_id) + delete_subject_assignment(policy_id, "", "", "") + assignments = get_subject_assignments(policy_id, ) + assert len(assignments) == 1 + + +def test_delete_subject_assignment_with_invalid_policy_id(db): + policy_id = "invalid_id" + delete_subject_assignment(policy_id, "", "", "") + assignments = get_subject_assignments(policy_id, ) + assert len(assignments) == 0 diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py new file mode 100755 index 00000000..68b1d2a0 --- /dev/null +++ b/python_moondb/tests/unit_python/policies/test_data.py @@ -0,0 +1,513 @@ +import policies.mock_data as mock_data +import pytest + + +def get_action_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_action_data("", policy_id, data_id, category_id) + + +def add_action_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_action_data("", policy_id, data_id, category_id, value) + + +def delete_action_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action_data("", policy_id, data_id) + + +def get_object_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_object_data("", policy_id, data_id, category_id) + + +def add_object_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_object_data("", policy_id, data_id, category_id, value) + + +def delete_object_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object_data("", policy_id, data_id) + + +def get_subject_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subject_data("", policy_id, data_id, category_id) + + +def add_subject_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.set_subject_data("", policy_id, data_id, category_id, value) + + +def delete_subject_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject_data("", policy_id, data_id) + + +def get_actions(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_actions("", policy_id, perimeter_id) + + +def add_action(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_action("", policy_id, perimeter_id, value) + + +def delete_action(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action("", policy_id, perimeter_id) + + +def get_objects(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_objects("", policy_id, perimeter_id) + + +def add_object(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_object("", policy_id, perimeter_id, value) + + +def delete_object(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object("", policy_id, perimeter_id) + + +def get_subjects(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subjects("", policy_id, perimeter_id) + + +def add_subject(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_subject("", policy_id, perimeter_id, value) + + +def delete_subject(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject("", policy_id, perimeter_id) + + +def get_available_metadata(policy_id): + from python_moondb.core import PolicyManager + return PolicyManager.get_available_metadata("", policy_id) + + +def test_get_action_data(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + + policy_id = policy_id + data_id = "data_id_1" + category_id = "action_category_id1" + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + add_action_data(policy_id, data_id, category_id, value) + action_data = get_action_data(policy_id, data_id, category_id) + assert action_data + assert len(action_data[0]['data']) == 1 + + +def test_get_action_data_with_invalid_category_id(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + + policy_id = policy_id + data_id = "data_id_1" + category_id = "action_category_id1" + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + add_action_data(policy_id, data_id, category_id, value) + action_data = get_action_data(policy_id) + assert action_data + assert len(action_data[0]['data']) == 1 + + +def test_add_action_data(db): + policy_id = "policy_id_1" + data_id = "data_id_1" + category_id = "category_id_1" + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = add_action_data(policy_id, data_id, category_id, value).get('data') + assert action_data + action_data_id = list(action_data.keys())[0] + assert action_data[action_data_id].get('policy_id') == policy_id + + +def test_delete_action_data(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + data_id = "data_id_1" + category_id = "category_id_1" + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = add_action_data(policy_id, data_id, category_id, value).get('data') + action_data_id = list(action_data.keys())[0] + delete_action_data(action_data[action_data_id].get('policy_id'), None) + new_action_data = get_action_data(policy_id) + assert len(new_action_data[0]['data']) == 0 + + +def test_get_object_data(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + + policy_id = policy_id + data_id = "data_id_1" + category_id = "object_category_id1" + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + add_object_data(policy_id, data_id, category_id, value) + object_data = get_object_data(policy_id, data_id, category_id) + assert object_data + assert len(object_data[0]['data']) == 1 + + +def test_get_object_data_with_invalid_category_id(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + + policy_id = policy_id + data_id = "data_id_1" + category_id = "object_category_id1" + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + add_object_data(policy_id, data_id, category_id, value) + object_data = get_object_data(policy_id) + assert object_data + assert len(object_data[0]['data']) == 1 + + +def test_add_object_data(db): + policy_id = "policy_id_1" + data_id = "data_id_1" + category_id = "object_category_id1" + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = add_object_data(policy_id, data_id, category_id, value).get('data') + assert object_data + object_data_id = list(object_data.keys())[0] + assert object_data[object_data_id].get('policy_id') == policy_id + + +def test_delete_object_data(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + data_id = "data_id_1" + category_id = "object_category_id1" + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = add_object_data(policy_id, data_id, category_id, value).get('data') + object_data_id = list(object_data.keys())[0] + delete_object_data(object_data[object_data_id].get('policy_id'), data_id) + new_object_data = get_object_data(policy_id) + assert len(new_object_data[0]['data']) == 0 + + +def test_get_subject_data(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + + policy_id = policy_id + data_id = "data_id_1" + category_id = "subject_category_id1" + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + add_subject_data(policy_id, data_id, category_id, value) + subject_data = get_subject_data(policy_id, data_id, category_id) + assert subject_data + assert len(subject_data[0]['data']) == 1 + + +def test_get_subject_data_with_invalid_category_id(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + + policy_id = policy_id + data_id = "data_id_1" + category_id = "subject_category_id1" + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + add_subject_data(policy_id, data_id, category_id, value) + subject_data = get_subject_data(policy_id) + assert subject_data + assert len(subject_data[0]['data']) == 1 + + +def test_add_subject_data(db): + policy_id = "policy_id_1" + data_id = "data_id_1" + category_id = "subject_category_id1" + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = add_object_data(policy_id, data_id, category_id, value).get('data') + assert subject_data + subject_data_id = list(subject_data.keys())[0] + assert subject_data[subject_data_id].get('policy_id') == policy_id + + +def test_delete_subject_data(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + data_id = "data_id_1" + category_id = "subject_category_id1" + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = add_subject_data(policy_id, data_id, category_id, value).get('data') + subject_data_id = list(subject_data.keys())[0] + delete_subject_data(subject_data[subject_data_id].get('policy_id'), data_id) + new_subject_data = get_subject_data(policy_id) + assert len(new_subject_data[0]['data']) == 0 + + +def test_get_actions(db): + policy_id = "policy_id_1" + value = { + "name": "test_action", + "description": "test", + } + add_action(policy_id=policy_id, value=value) + actions = get_actions(policy_id, ) + assert actions + assert len(actions) == 1 + action_id = list(actions.keys())[0] + assert actions[action_id].get('policy_list')[0] == policy_id + + +def test_add_action(db): + policy_id = "policy_id_1" + value = { + "name": "test_action", + "description": "test", + } + action = add_action(policy_id=policy_id, value=value) + assert action + action_id = list(action.keys())[0] + assert len(action[action_id].get('policy_list')) == 1 + + +def test_add_action_multiple_times(db): + policy_id = "policy_id_1" + value = { + "name": "test_action", + "description": "test", + } + action = add_action(policy_id=policy_id, value=value) + action_id = list(action.keys())[0] + perimeter_id = action[action_id].get('id') + assert action + value = { + "name": "test_action", + "description": "test", + "policy_list": ['policy_id_3', 'policy_id_4'] + } + action = add_action('policy_id_7', perimeter_id, value) + assert action + action_id = list(action.keys())[0] + assert len(action[action_id].get('policy_list')) == 2 + + +def test_delete_action(db): + policy_id = "policy_id_1" + value = { + "name": "test_action", + "description": "test", + } + action = add_action(policy_id=policy_id, value=value) + action_id = list(action.keys())[0] + delete_action(policy_id, action_id) + actions = get_actions(policy_id, ) + assert not actions + + +def test_delete_action_with_invalid_perimeter_id(db): + policy_id = "invalid" + perimeter_id = "invalid" + with pytest.raises(Exception) as exception_info: + delete_action(policy_id, perimeter_id) + assert str(exception_info.value) == '400: Action Unknown' + + +def test_get_objects(db): + policy_id = "policy_id_1" + value = { + "name": "test_object", + "description": "test", + } + add_object(policy_id=policy_id, value=value) + objects = get_objects(policy_id, ) + assert objects + assert len(objects) == 1 + object_id = list(objects.keys())[0] + assert objects[object_id].get('policy_list')[0] == policy_id + + +def test_add_object(db): + policy_id = "policy_id_1" + value = { + "name": "test_object", + "description": "test", + } + added_object = add_object(policy_id=policy_id, value=value) + assert added_object + object_id = list(added_object.keys())[0] + assert len(added_object[object_id].get('policy_list')) == 1 + + +def test_add_objects_multiple_times(db): + policy_id = "policy_id_1" + value = { + "name": "test_object", + "description": "test", + } + added_object = add_object(policy_id=policy_id, value=value) + object_id = list(added_object.keys())[0] + perimeter_id = added_object[object_id].get('id') + assert added_object + value = { + "name": "test_object", + "description": "test", + "policy_list": ['policy_id_3', 'policy_id_4'] + } + added_object = add_object('policy_id_7', perimeter_id, value) + assert added_object + object_id = list(added_object.keys())[0] + assert len(added_object[object_id].get('policy_list')) == 2 + + +def test_delete_object(db): + policy_id = "policy_id_1" + value = { + "name": "test_object", + "description": "test", + } + added_object = add_object(policy_id=policy_id, value=value) + object_id = list(added_object.keys())[0] + delete_object(policy_id, object_id) + objects = get_objects(policy_id, ) + assert not objects + + +def test_delete_object_with_invalid_perimeter_id(db): + policy_id = "invalid" + perimeter_id = "invalid" + with pytest.raises(Exception) as exception_info: + delete_object(policy_id, perimeter_id) + assert str(exception_info.value) == '400: Object Unknown' + + +def test_get_subjects(db): + policy_id = "policy_id_1" + value = { + "name": "testuser", + "description": "test", + } + add_subject(policy_id=policy_id, value=value) + subjects = get_subjects(policy_id, ) + assert subjects + assert len(subjects) == 1 + subject_id = list(subjects.keys())[0] + assert subjects[subject_id].get('policy_list')[0] == policy_id + + +def test_add_subject(db): + policy_id = "policy_id_1" + value = { + "name": "testuser", + "description": "test", + } + subject = add_subject(policy_id=policy_id, value=value) + assert subject + subject_id = list(subject.keys())[0] + assert len(subject[subject_id].get('policy_list')) == 1 + + +def test_add_subjects_multiple_times(db): + policy_id = "policy_id_1" + value = { + "name": "testuser", + "description": "test", + } + subject = add_subject(policy_id=policy_id, value=value) + subject_id = list(subject.keys())[0] + perimeter_id = subject[subject_id].get('id') + assert subject + value = { + "name": "testuser", + "description": "test", + "policy_list": ['policy_id_3', 'policy_id_4'] + } + subject = add_subject('policy_id_7', perimeter_id, value) + assert subject + subject_id = list(subject.keys())[0] + assert len(subject[subject_id].get('policy_list')) == 2 + + +def test_delete_subject(db): + policy_id = "policy_id_1" + value = { + "name": "testuser", + "description": "test", + } + subject = add_subject(policy_id=policy_id, value=value) + subject_id = list(subject.keys())[0] + delete_subject(policy_id, subject_id) + subjects = get_subjects(policy_id, ) + assert not subjects + + +def test_delete_subject_with_invalid_perimeter_id(db): + policy_id = "invalid" + perimeter_id = "invalid" + with pytest.raises(Exception) as exception_info: + delete_subject(policy_id, perimeter_id) + assert str(exception_info.value) == '400: Subject Unknown' + + +def test_get_available_metadata(db): + policy_id = mock_data.get_policy_id() + metadata = get_available_metadata(policy_id) + assert metadata + assert metadata['object'][0] == "object_category_id1" + assert metadata['subject'][0] == "subject_category_id1" + assert metadata['subject'][1] == "subject_category_id2" + + +def test_get_available_metadata_empty_model(db): + import policies.test_policies as test_policies + policy_id = mock_data.get_policy_id() + value = mock_data.create_policy("invalid") + policy = test_policies.add_policies(value) + assert policy + policy_id = list(policy.keys())[0] + metadata = get_available_metadata(policy_id) + assert metadata
\ No newline at end of file diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py new file mode 100755 index 00000000..acd5d7a8 --- /dev/null +++ b/python_moondb/tests/unit_python/policies/test_policies.py @@ -0,0 +1,161 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +def get_policies(): + from python_moondb.core import PolicyManager + return PolicyManager.get_policies("admin") + + +def add_policies(value=None): + from python_moondb.core import PolicyManager + if not value: + value = { + "name": "test_policiy", + "model_id": "", + "genre": "authz", + "description": "test", + } + return PolicyManager.add_policy("admin", value=value) + + +def delete_policies(uuid=None, name=None): + from python_moondb.core import PolicyManager + if not uuid: + for policy_id, policy_value in get_policies(): + if name == policy_value['name']: + uuid = policy_id + break + PolicyManager.delete_policy("admin", uuid) + + +def get_rules(policy_id=None, meta_rule_id=None, rule_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_rules("", policy_id, meta_rule_id, rule_id) + + +def add_rule(policy_id=None, meta_rule_id=None, value=None): + from python_moondb.core import PolicyManager + if not value: + value = { + "rule": ("high", "medium", "vm-action"), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + return PolicyManager.add_rule("", policy_id, meta_rule_id, value) + + +def delete_rule(policy_id=None, rule_id=None): + from python_moondb.core import PolicyManager + PolicyManager.delete_rule("", policy_id, rule_id) + + +def test_get_policies(db): + policies = get_policies() + assert isinstance(policies, dict) + assert not policies + + +def test_add_policies(db): + value = { + "name": "test_policy", + "model_id": "", + "genre": "authz", + "description": "test", + } + policies = add_policies(value) + assert isinstance(policies, dict) + assert policies + assert len(policies.keys()) == 1 + policy_id = list(policies.keys())[0] + for key in ("genre", "name", "model_id", "description"): + assert key in policies[policy_id] + assert policies[policy_id][key] == value[key] + + +def test_delete_policies(db): + value = { + "name": "test_policy1", + "model_id": "", + "genre": "authz", + "description": "test", + } + policies = add_policies(value) + policy_id1 = list(policies.keys())[0] + value = { + "name": "test_policy2", + "model_id": "", + "genre": "authz", + "description": "test", + } + policies = add_policies(value) + policy_id2 = list(policies.keys())[0] + assert policy_id1 != policy_id2 + delete_policies(policy_id1) + policies = get_policies() + assert policy_id1 not in policies + + +def test_get_rules(db): + value = { + "rule": ("low", "medium", "vm-action"), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + policy_id = "1" + meta_rule_id = "1" + add_rule(policy_id, meta_rule_id, value) + value = { + "rule": ("low", "low", "vm-action"), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + policy_id = "1" + meta_rule_id = "1" + add_rule(policy_id, meta_rule_id, value) + rules = get_rules(policy_id, meta_rule_id) + assert isinstance(rules, dict) + assert rules + obj = rules.get('rules') + assert len(obj) == 2 + + +def test_get_rules_with_invalid_policy_id_failure(db): + rules = get_rules("invalid_policy_id", "meta_rule_id") + assert not rules.get('meta_rule-id') + assert len(rules.get('rules')) == 0 + + +def test_add_rule(db): + value = { + "rule": ("high", "medium", "vm-action"), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + policy_id = "1" + meta_rule_id = "1" + rules = add_rule(policy_id, meta_rule_id, value) + assert rules + assert len(rules) == 1 + assert isinstance(rules, dict) + rule_id = list(rules.keys())[0] + for key in ("rule", "instructions", "enabled"): + assert key in rules[rule_id] + assert rules[rule_id][key] == value[key] + + +def test_delete_rule(db): + value = { + "rule": ("low", "low", "vm-action"), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + policy_id = "2" + meta_rule_id = "2" + rules = add_rule(policy_id, meta_rule_id, value) + rule_id = list(rules.keys())[0] + delete_rule(policy_id, rule_id) + rules = get_rules(policy_id, meta_rule_id) + assert not rules.get('rules') diff --git a/python_moondb/tests/unit_python/test_keystone.py b/python_moondb/tests/unit_python/test_keystone.py new file mode 100644 index 00000000..134bec0d --- /dev/null +++ b/python_moondb/tests/unit_python/test_keystone.py @@ -0,0 +1,53 @@ +import pytest + + +def create_project(tenant_dict): + from python_moondb.core import KeystoneManager + return KeystoneManager.create_project(tenant_dict) + + +def list_projects(): + from python_moondb.core import KeystoneManager + return KeystoneManager.list_projects() + + +def create_user(subject_dict): + from python_moondb.core import KeystoneManager + return KeystoneManager.create_user(subject_dict) + + +def test_create_project(): + tenant_dict = { + "description": "test_project", + "domain_id": ['domain_id_1'], + "enabled": True, + "is_domain": False, + "name": 'project_1' + } + project = create_project(tenant_dict) + assert project + assert project.get('name') == tenant_dict.get('name') + + +def test_create_project_without_name(): + tenant_dict = { + "description": "test_project", + "domain_id": ['domain_id_1'], + "enabled": True, + "is_domain": False, + } + with pytest.raises(Exception) as exception_info: + create_project(tenant_dict) + assert '400: Keystone project error' == str(exception_info.value) + + +def test_create_user(): + subject_dict = { + "password": "password", + "domain_id": ['domain_id_1'], + "enabled": True, + "project": 'test_project', + "name": 'user_id_1' + } + user = create_user(subject_dict) + assert user diff --git a/python_moondb/tests/unit_python/test_pdp.py b/python_moondb/tests/unit_python/test_pdp.py new file mode 100755 index 00000000..cb206d3d --- /dev/null +++ b/python_moondb/tests/unit_python/test_pdp.py @@ -0,0 +1,69 @@ +def update_pdp(pdp_id, value): + from python_moondb.core import PDPManager + return PDPManager.update_pdp("", pdp_id, value) + + +def delete_pdp(pdp_id): + from python_moondb.core import PDPManager + PDPManager.delete_pdp("", pdp_id) + + +def add_pdp(pdp_id=None, value=None): + from python_moondb.core import PDPManager + return PDPManager.add_pdp("", pdp_id, value) + + +def get_pdp(pdp_id=None): + from python_moondb.core import PDPManager + return PDPManager.get_pdp("", pdp_id) + + +def test_update_pdp(db): + pdp_id = "pdp_id1" + value = { + "name": "test_pdp", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + add_pdp(pdp_id, value) + pdp = update_pdp(pdp_id, value) + assert pdp + + +def test_delete_pdp(db): + pdp_id = "pdp_id1" + value = { + "name": "test_pdp", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + add_pdp(pdp_id, value) + delete_pdp(pdp_id) + assert len(get_pdp(pdp_id)) == 0 + + +def test_add_pdp(db): + pdp_id = "pdp_id1" + value = { + "name": "test_pdp", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp = add_pdp(pdp_id, value) + assert pdp + + +def test_get_pdp(db): + pdp_id = "pdp_id1" + value = { + "name": "test_pdp", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + add_pdp(pdp_id, value) + pdp = get_pdp(pdp_id) + assert len(pdp) == 1 diff --git a/python_moondb/tests/unit_python/test_policies.py b/python_moondb/tests/unit_python/test_policies.py deleted file mode 100644 index 2d654660..00000000 --- a/python_moondb/tests/unit_python/test_policies.py +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -def get_policies(): - from python_moondb.core import PolicyManager - return PolicyManager.get_policies("admin") - - -def add_policies(value=None): - from python_moondb.core import PolicyManager - if not value: - value = { - "name": "test_policiy", - "model_id": "", - "genre": "authz", - "description": "test", - } - return PolicyManager.add_policy("admin", value=value) - - -def delete_policies(uuid=None, name=None): - from python_moondb.core import PolicyManager - if not uuid: - for policy_id, policy_value in get_policies(): - if name == policy_value['name']: - uuid = policy_id - break - PolicyManager.delete_policy("admin", uuid) - - -def test_get_policies(db): - policies = get_policies() - assert isinstance(policies, dict) - assert not policies - - -def test_add_policies(db): - value = { - "name": "test_policy", - "model_id": "", - "genre": "authz", - "description": "test", - } - policies = add_policies(value) - assert isinstance(policies, dict) - assert policies - assert len(policies.keys()) == 1 - policy_id = list(policies.keys())[0] - for key in ("genre", "name", "model_id", "description"): - assert key in policies[policy_id] - assert policies[policy_id][key] == value[key] - - -def test_delete_policies(db): - value = { - "name": "test_policy1", - "model_id": "", - "genre": "authz", - "description": "test", - } - policies = add_policies(value) - policy_id1 = list(policies.keys())[0] - value = { - "name": "test_policy2", - "model_id": "", - "genre": "authz", - "description": "test", - } - policies = add_policies(value) - policy_id2 = list(policies.keys())[0] - assert policy_id1 != policy_id2 - delete_policies(policy_id1) - policies = get_policies() - assert policy_id1 not in policies diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index 5bbab2be..dab398cf 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -14,7 +14,7 @@ class MoonErrorMetaClass(type): def __init__(cls, name, bases, dct): super(MoonErrorMetaClass, cls).__init__(name, bases, dct) - cls.hierarchy += "/"+str(name) + cls.hierarchy += "/" + str(name) class MoonError(HTTPException): @@ -109,6 +109,7 @@ class TenantNoIntraAuthzExtension(TenantNoIntraExtension): title = 'Tenant No Intra_Admin_Extension' logger = "ERROR" + # Exceptions for IntraExtension @@ -520,3 +521,16 @@ class ContainerMissing(DockerError): title = 'Container missing' logger = "ERROR" + +class PdpUnknown(MoonError): + description = _("The pdp is unknown.") + code = 400 + title = 'Pdp Unknown' + logger = "Error" + + +class PdpExisting(MoonError): + description = _("The pdp already exists.") + code = 409 + title = 'Pdp Error' + logger = "Error" diff --git a/templates/moon_forming/README.md b/templates/moon_forming/README.md deleted file mode 100644 index f6327693..00000000 --- a/templates/moon_forming/README.md +++ /dev/null @@ -1,12 +0,0 @@ -Introduction -============ - -moonforming is a container used to automatize the configuration of the Moon patform - -Usage -===== - -```bash -docker run asteroide/moonforming:v1.1 -``` - diff --git a/templates/moon_forming/moon.conf b/templates/moon_forming/moon.conf deleted file mode 100644 index dc498e34..00000000 --- a/templates/moon_forming/moon.conf +++ /dev/null @@ -1,79 +0,0 @@ -database: - url: mysql+pymysql://moon:p4sswOrd1@db/moon - driver: sql - -openstack: - keystone: - url: http://keystone:5000/v3 - user: admin - password: p4ssw0rd - domain: default - project: admin - check_token: false - certificate: false - -plugins: - authz: - container: wukongsun/moon_authz:v4.3 - port: 8081 - session: - container: asteroide/session:latest - port: 8082 - -components: - interface: - port: 8080 - bind: 0.0.0.0 - hostname: interface - container: wukongsun/moon_interface:v4.3 - orchestrator: - port: 8083 - bind: 0.0.0.0 - hostname: orchestrator - container: wukongsun/moon_orchestrator:v4.3 - wrapper: - port: 8080 - bind: 0.0.0.0 - hostname: wrapper - container: wukongsun/moon_wrapper:v4.3.1 - timeout: 5 - manager: - port: 8082 - bind: 0.0.0.0 - hostname: manager - container: wukongsun/moon_manager:v4.3.1 - port_start: 31001 - -logging: - version: 1 - - formatters: - brief: - format: "%(levelname)s %(name)s %(message)-30s" - custom: - format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" - - handlers: - console: - class : logging.StreamHandler - formatter: brief - level : INFO - stream : ext://sys.stdout - file: - class : logging.handlers.RotatingFileHandler - formatter: custom - level : DEBUG - filename: /tmp/moon.log - maxBytes: 1048576 - backupCount: 3 - - loggers: - moon: - level: DEBUG - handlers: [console, file] - propagate: no - - root: - level: ERROR - handlers: [console] - diff --git a/templates/moon_forming/populate_default_values.py b/templates/moon_forming/populate_default_values.py deleted file mode 100644 index fa099458..00000000 --- a/templates/moon_forming/populate_default_values.py +++ /dev/null @@ -1,235 +0,0 @@ -import argparse -import logging -from importlib.machinery import SourceFileLoader -from utils.pdp import * -from utils.models import * -from utils.policies import * - -parser = argparse.ArgumentParser() -parser.add_argument('filename', help='scenario filename', nargs=1) -parser.add_argument("--verbose", "-v", action='store_true', - help="verbose mode") -parser.add_argument("--debug", "-d", action='store_true', help="debug mode") -parser.add_argument("--keystone-pid", "-k", dest="keystone_pid", default="", - help="Force a particular Keystone Project ID") -args = parser.parse_args() - -FORMAT = '%(asctime)-15s %(levelname)s %(message)s' -if args.debug: - logging.basicConfig( - format=FORMAT, - level=logging.DEBUG) -elif args.verbose: - logging.basicConfig( - format=FORMAT, - level=logging.INFO) -else: - logging.basicConfig( - format=FORMAT, - level=logging.WARNING) - -requests_log = logging.getLogger("requests.packages.urllib3") -requests_log.setLevel(logging.WARNING) -requests_log.propagate = True - -logger = logging.getLogger("moonforming") - -if args.filename: - print("Loading: {}".format(args.filename[0])) - -m = SourceFileLoader("scenario", args.filename[0]) - -scenario = m.load_module() - - -def create_model(model_id=None): - if args.verbose: - logger.info("Creating model {}".format(scenario.model_name)) - if not model_id: - logger.info("Add model") - model_id = add_model(name=scenario.model_name) - logger.info("Add subject categories") - for cat in scenario.subject_categories: - scenario.subject_categories[cat] = add_subject_category(name=cat) - logger.info("Add object categories") - for cat in scenario.object_categories: - scenario.object_categories[cat] = add_object_category(name=cat) - logger.info("Add action categories") - for cat in scenario.action_categories: - scenario.action_categories[cat] = add_action_category(name=cat) - sub_cat = [] - ob_cat = [] - act_cat = [] - meta_rule_list = [] - for item_name, item_value in scenario.meta_rule.items(): - for item in item_value["value"]: - if item in scenario.subject_categories: - sub_cat.append(scenario.subject_categories[item]) - elif item in scenario.object_categories: - ob_cat.append(scenario.object_categories[item]) - elif item in scenario.action_categories: - act_cat.append(scenario.action_categories[item]) - meta_rules = check_meta_rule(meta_rule_id=None) - for _meta_rule_id, _meta_rule_value in meta_rules['meta_rules'].items(): - if _meta_rule_value['name'] == item_name: - meta_rule_id = _meta_rule_id - break - else: - logger.info("Add meta rule") - meta_rule_id = add_meta_rule(item_name, sub_cat, ob_cat, act_cat) - item_value["id"] = meta_rule_id - if meta_rule_id not in meta_rule_list: - meta_rule_list.append(meta_rule_id) - return model_id, meta_rule_list - - -def create_policy(model_id, meta_rule_list): - if args.verbose: - logger.info("Creating policy {}".format(scenario.policy_name)) - _policies = check_policy() - for _policy_id, _policy_value in _policies["policies"].items(): - if _policy_value['name'] == scenario.policy_name: - policy_id = _policy_id - break - else: - policy_id = add_policy(name=scenario.policy_name, genre=scenario.policy_genre) - - update_policy(policy_id, model_id) - - for meta_rule_id in meta_rule_list: - logger.debug("add_meta_rule_to_model {} {}".format(model_id, meta_rule_id)) - add_meta_rule_to_model(model_id, meta_rule_id) - - logger.info("Add subject data") - for subject_cat_name in scenario.subject_data: - for subject_data_name in scenario.subject_data[subject_cat_name]: - data_id = scenario.subject_data[subject_cat_name][subject_data_name] = add_subject_data( - policy_id=policy_id, - category_id=scenario.subject_categories[subject_cat_name], name=subject_data_name) - scenario.subject_data[subject_cat_name][subject_data_name] = data_id - logger.info("Add object data") - for object_cat_name in scenario.object_data: - for object_data_name in scenario.object_data[object_cat_name]: - data_id = scenario.object_data[object_cat_name][object_data_name] = add_object_data( - policy_id=policy_id, - category_id=scenario.object_categories[object_cat_name], name=object_data_name) - scenario.object_data[object_cat_name][object_data_name] = data_id - logger.info("Add action data") - for action_cat_name in scenario.action_data: - for action_data_name in scenario.action_data[action_cat_name]: - data_id = scenario.action_data[action_cat_name][action_data_name] = add_action_data( - policy_id=policy_id, - category_id=scenario.action_categories[action_cat_name], name=action_data_name) - scenario.action_data[action_cat_name][action_data_name] = data_id - - logger.info("Add subjects") - for name in scenario.subjects: - scenario.subjects[name] = add_subject(policy_id, name=name) - logger.info("Add objects") - for name in scenario.objects: - scenario.objects[name] = add_object(policy_id, name=name) - logger.info("Add actions") - for name in scenario.actions: - scenario.actions[name] = add_action(policy_id, name=name) - - logger.info("Add subject assignments") - for subject_name in scenario.subject_assignments: - if type(scenario.subject_assignments[subject_name]) in (list, tuple): - for items in scenario.subject_assignments[subject_name]: - for subject_category_name in items: - subject_id = scenario.subjects[subject_name] - subject_cat_id = scenario.subject_categories[subject_category_name] - for data in scenario.subject_assignments[subject_name]: - subject_data_id = scenario.subject_data[subject_category_name][data[subject_category_name]] - add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) - else: - for subject_category_name in scenario.subject_assignments[subject_name]: - subject_id = scenario.subjects[subject_name] - subject_cat_id = scenario.subject_categories[subject_category_name] - subject_data_id = scenario.subject_data[subject_category_name][scenario.subject_assignments[subject_name][subject_category_name]] - add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) - - logger.info("Add object assignments") - for object_name in scenario.object_assignments: - if type(scenario.object_assignments[object_name]) in (list, tuple): - for items in scenario.object_assignments[object_name]: - for object_category_name in items: - object_id = scenario.objects[object_name] - object_cat_id = scenario.object_categories[object_category_name] - for data in scenario.object_assignments[object_name]: - object_data_id = scenario.object_data[object_category_name][data[object_category_name]] - add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) - else: - for object_category_name in scenario.object_assignments[object_name]: - object_id = scenario.objects[object_name] - object_cat_id = scenario.object_categories[object_category_name] - object_data_id = scenario.object_data[object_category_name][scenario.object_assignments[object_name][object_category_name]] - add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) - - logger.info("Add action assignments") - for action_name in scenario.action_assignments: - if type(scenario.action_assignments[action_name]) in (list, tuple): - for items in scenario.action_assignments[action_name]: - for action_category_name in items: - action_id = scenario.actions[action_name] - action_cat_id = scenario.action_categories[action_category_name] - for data in scenario.action_assignments[action_name]: - action_data_id = scenario.action_data[action_category_name][data[action_category_name]] - add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) - else: - for action_category_name in scenario.action_assignments[action_name]: - action_id = scenario.actions[action_name] - action_cat_id = scenario.action_categories[action_category_name] - action_data_id = scenario.action_data[action_category_name][scenario.action_assignments[action_name][action_category_name]] - add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) - - logger.info("Add rules") - for meta_rule_name in scenario.rules: - meta_rule_value = scenario.meta_rule[meta_rule_name] - for rule in scenario.rules[meta_rule_name]: - data_list = [] - _meta_rule = list(meta_rule_value["value"]) - for data_name in rule["rule"]: - category_name = _meta_rule.pop(0) - if category_name in scenario.subject_categories: - data_list.append(scenario.subject_data[category_name][data_name]) - elif category_name in scenario.object_categories: - data_list.append(scenario.object_data[category_name][data_name]) - elif category_name in scenario.action_categories: - data_list.append(scenario.action_data[category_name][data_name]) - instructions = rule["instructions"] - add_rule(policy_id, meta_rule_value["id"], data_list, instructions) - return policy_id - - -def create_pdp(policy_id=None): - logger.info("Creating PDP {}".format(scenario.pdp_name)) - projects = get_keystone_projects() - project_id = args.keystone_pid - if not project_id: - for _project in projects['projects']: - if _project['name'] == "admin": - project_id = _project['id'] - assert project_id - pdps = check_pdp()["pdps"] - for pdp_id, pdp_value in pdps.items(): - if scenario.pdp_name == pdp_value["name"]: - update_pdp(pdp_id, policy_id=policy_id) - logger.debug("Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, policy_id)) - return pdp_id - _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id) - map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) - return _pdp_id - -if __name__ == "__main__": - _models = check_model() - for _model_id, _model_value in _models['models'].items(): - if _model_value['name'] == scenario.model_name: - model_id = _model_id - meta_rule_list = _model_value['meta_rules'] - create_model(model_id) - break - else: - model_id, meta_rule_list = create_model() - policy_id = create_policy(model_id, meta_rule_list) - pdp_id = create_pdp(policy_id) diff --git a/templates/moon_forming/utils/config.py b/templates/moon_forming/utils/config.py deleted file mode 100644 index 30c8ea4f..00000000 --- a/templates/moon_forming/utils/config.py +++ /dev/null @@ -1,22 +0,0 @@ -import yaml - - -def get_config_data(filename="moon.conf"): - data_config = None - for _file in ( - filename, - "conf/moon.conf", - "../moon.conf", - "../conf/moon.conf", - "/etc/moon/moon.conf", - ): - try: - data_config = yaml.safe_load(open(_file)) - except FileNotFoundError: - data_config = None - continue - else: - break - if not data_config: - raise Exception("Configuration file not found...") - return data_config diff --git a/templates/moon_forming/utils/models.py b/templates/moon_forming/utils/models.py deleted file mode 100644 index 3cf31354..00000000 --- a/templates/moon_forming/utils/models.py +++ /dev/null @@ -1,270 +0,0 @@ -import requests -import copy -import utils.config - -config = utils.config.get_config_data() - -URL = "http://{}:{}".format( - config['components']['manager']['hostname'], - config['components']['manager']['port']) -URL = URL + "{}" -HEADERS = {"content-type": "application/json"} - -model_template = { - "name": "test_model", - "description": "test", - "meta_rules": [] -} - -category_template = { - "name": "name of the category", - "description": "description of the category" -} - -meta_rule_template = { - "name": "test_meta_rule", - "subject_categories": [], - "object_categories": [], - "action_categories": [] -} - - -def check_model(model_id=None, check_model_name=True): - req = requests.get(URL.format("/models")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "models" in result - if model_id: - assert result["models"] - assert model_id in result['models'] - assert "name" in result['models'][model_id] - if check_model_name: - assert model_template["name"] == result['models'][model_id]["name"] - return result - - -def add_model(name=None): - if name: - model_template['name'] = name - req = requests.post(URL.format("/models"), json=model_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - model_id = list(result['models'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['models'][model_id] - assert model_template["name"] == result['models'][model_id]["name"] - return model_id - - -def delete_model(model_id): - req = requests.delete(URL.format("/models/{}".format(model_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - -def add_subject_category(name="subject_cat_1"): - category_template["name"] = name - req = requests.post(URL.format("/subject_categories"), json=category_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "subject_categories" in result - category_id = list(result['subject_categories'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['subject_categories'][category_id] - assert category_template["name"] == result['subject_categories'][category_id]["name"] - return category_id - - -def check_subject_category(category_id): - req = requests.get(URL.format("/subject_categories")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "subject_categories" in result - if "result" in result: - assert result["result"] - assert category_id in result['subject_categories'] - assert "name" in result['subject_categories'][category_id] - assert category_template["name"] == result['subject_categories'][category_id]["name"] - - -def delete_subject_category(category_id): - req = requests.delete(URL.format("/subject_categories/{}".format(category_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_object_category(name="object_cat_1"): - category_template["name"] = name - req = requests.post(URL.format("/object_categories"), json=category_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "object_categories" in result - category_id = list(result['object_categories'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['object_categories'][category_id] - assert category_template["name"] == result['object_categories'][category_id]["name"] - return category_id - - -def check_object_category(category_id): - req = requests.get(URL.format("/object_categories")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "object_categories" in result - if "result" in result: - assert result["result"] - assert category_id in result['object_categories'] - assert "name" in result['object_categories'][category_id] - assert category_template["name"] == result['object_categories'][category_id]["name"] - - -def delete_object_category(category_id): - req = requests.delete(URL.format("/object_categories/{}".format(category_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_action_category(name="action_cat_1"): - category_template["name"] = name - req = requests.post(URL.format("/action_categories"), json=category_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "action_categories" in result - category_id = list(result['action_categories'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['action_categories'][category_id] - assert category_template["name"] == result['action_categories'][category_id]["name"] - return category_id - - -def check_action_category(category_id): - req = requests.get(URL.format("/action_categories")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "action_categories" in result - if "result" in result: - assert result["result"] - assert category_id in result['action_categories'] - assert "name" in result['action_categories'][category_id] - assert category_template["name"] == result['action_categories'][category_id]["name"] - - -def delete_action_category(category_id): - req = requests.delete(URL.format("/action_categories/{}".format(category_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_categories_and_meta_rule(name="test_meta_rule"): - scat_id = add_subject_category() - ocat_id = add_object_category() - acat_id = add_action_category() - _meta_rule_template = copy.deepcopy(meta_rule_template) - _meta_rule_template["name"] = name - _meta_rule_template["subject_categories"].append(scat_id) - _meta_rule_template["object_categories"].append(ocat_id) - _meta_rule_template["action_categories"].append(acat_id) - req = requests.post(URL.format("/meta_rules"), json=_meta_rule_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "meta_rules" in result - meta_rule_id = list(result['meta_rules'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['meta_rules'][meta_rule_id] - assert _meta_rule_template["name"] == result['meta_rules'][meta_rule_id]["name"] - return meta_rule_id, scat_id, ocat_id, acat_id - - -def add_meta_rule(name="test_meta_rule", scat=[], ocat=[], acat=[]): - _meta_rule_template = copy.deepcopy(meta_rule_template) - _meta_rule_template["name"] = name - _meta_rule_template["subject_categories"] = [] - _meta_rule_template["subject_categories"].extend(scat) - _meta_rule_template["object_categories"] = [] - _meta_rule_template["object_categories"].extend(ocat) - _meta_rule_template["action_categories"] = [] - _meta_rule_template["action_categories"].extend(acat) - req = requests.post(URL.format("/meta_rules"), json=_meta_rule_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "meta_rules" in result - meta_rule_id = list(result['meta_rules'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['meta_rules'][meta_rule_id] - assert _meta_rule_template["name"] == result['meta_rules'][meta_rule_id]["name"] - return meta_rule_id - - -def check_meta_rule(meta_rule_id, scat_id=None, ocat_id=None, acat_id=None): - req = requests.get(URL.format("/meta_rules")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "meta_rules" in result - if "result" in result: - assert result["result"] - if not meta_rule_id: - return result - assert meta_rule_id in result['meta_rules'] - assert "name" in result['meta_rules'][meta_rule_id] - if scat_id: - assert scat_id in result['meta_rules'][meta_rule_id]["subject_categories"] - if ocat_id: - assert ocat_id in result['meta_rules'][meta_rule_id]["object_categories"] - if acat_id: - assert acat_id in result['meta_rules'][meta_rule_id]["action_categories"] - - -def delete_meta_rule(meta_rule_id): - req = requests.delete(URL.format("/meta_rules/{}".format(meta_rule_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - - -def add_meta_rule_to_model(model_id, meta_rule_id): - model = check_model(model_id, check_model_name=False)['models'] - meta_rule_list = model[model_id]["meta_rules"] - if meta_rule_id not in meta_rule_list: - meta_rule_list.append(meta_rule_id) - req = requests.patch(URL.format("/models/{}".format(model_id)), - json={"meta_rules": meta_rule_list}, - headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - model_id = list(result['models'].keys())[0] - if "result" in result: - assert result["result"] - assert "meta_rules" in result['models'][model_id] - assert meta_rule_list == result['models'][model_id]["meta_rules"] diff --git a/templates/moon_forming/utils/pdp.py b/templates/moon_forming/utils/pdp.py deleted file mode 100644 index f3c6df37..00000000 --- a/templates/moon_forming/utils/pdp.py +++ /dev/null @@ -1,163 +0,0 @@ -import logging -import requests -import utils.config - -config = utils.config.get_config_data() -logger = logging.getLogger("moonforming.utils.policies") - -URL = "http://{}:{}".format( - config['components']['manager']['hostname'], - config['components']['manager']['port']) -HEADERS = {"content-type": "application/json"} -KEYSTONE_USER = config['openstack']['keystone']['user'] -KEYSTONE_PASSWORD = config['openstack']['keystone']['password'] -KEYSTONE_PROJECT = config['openstack']['keystone']['project'] -KEYSTONE_SERVER = config['openstack']['keystone']['url'] - -pdp_template = { - "name": "test_pdp", - "security_pipeline": [], - "keystone_project_id": None, - "description": "test", -} - - -def get_keystone_projects(): - - HEADERS = { - "Content-Type": "application/json" - } - - data_auth = { - "auth": { - "identity": { - "methods": [ - "password" - ], - "password": { - "user": { - "name": KEYSTONE_USER, - "domain": { - "name": "Default" - }, - "password": KEYSTONE_PASSWORD - } - } - } - } - } - - req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) - logger.debug("{}/auth/tokens".format(KEYSTONE_SERVER)) - logger.debug(req.text) - assert req.status_code in (200, 201) - TOKEN = req.headers['X-Subject-Token'] - HEADERS['X-Auth-Token'] = TOKEN - req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) - if req.status_code not in (200, 201): - data_auth["auth"]["scope"] = { - "project": { - "name": KEYSTONE_PROJECT, - "domain": { - "id": "default" - } - } - } - req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) - assert req.status_code in (200, 201) - TOKEN = req.headers['X-Subject-Token'] - HEADERS['X-Auth-Token'] = TOKEN - req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS) - assert req.status_code in (200, 201) - return req.json() - - -def check_pdp(pdp_id=None, keystone_project_id=None, moon_url=None): - _URL = URL - if moon_url: - _URL = moon_url - req = requests.get(_URL + "/pdp") - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - if pdp_id: - assert result["pdps"] - assert pdp_id in result['pdps'] - assert "name" in result['pdps'][pdp_id] - assert pdp_template["name"] == result['pdps'][pdp_id]["name"] - if keystone_project_id: - assert result["pdps"] - assert pdp_id in result['pdps'] - assert "keystone_project_id" in result['pdps'][pdp_id] - assert keystone_project_id == result['pdps'][pdp_id]["keystone_project_id"] - return result - - -def add_pdp(name="test_pdp", policy_id=None): - pdp_template['name'] = name - if policy_id: - pdp_template['security_pipeline'].append(policy_id) - req = requests.post(URL + "/pdp", json=pdp_template, headers=HEADERS) - logger.debug(req.status_code) - logger.debug(req) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - pdp_id = list(result['pdps'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['pdps'][pdp_id] - assert pdp_template["name"] == result['pdps'][pdp_id]["name"] - return pdp_id - - -def update_pdp(pdp_id, policy_id=None): - req = requests.get(URL + "/pdp/{}".format(pdp_id)) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - assert pdp_id in result['pdps'] - pipeline = result['pdps'][pdp_id]["security_pipeline"] - if policy_id not in pipeline: - pipeline.append(policy_id) - req = requests.patch(URL + "/pdp/{}".format(pdp_id), - json={"security_pipeline": pipeline}) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - assert pdp_id in result['pdps'] - - req = requests.get(URL + "/pdp/{}".format(pdp_id)) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "pdps" in result - assert pdp_id in result['pdps'] - assert policy_id in pipeline - - -def map_to_keystone(pdp_id, keystone_project_id): - req = requests.patch(URL + "/pdp/{}".format(pdp_id), json={"keystone_project_id": keystone_project_id}, - headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - if "result" in result: - assert result["result"] - assert pdp_id in result['pdps'] - assert "name" in result['pdps'][pdp_id] - assert pdp_template["name"] == result['pdps'][pdp_id]["name"] - return pdp_id - - -def delete_pdp(pdp_id): - req = requests.delete(URL + "/pdp/{}".format(pdp_id)) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - diff --git a/templates/moon_forming/utils/policies.py b/templates/moon_forming/utils/policies.py deleted file mode 100644 index bd08291a..00000000 --- a/templates/moon_forming/utils/policies.py +++ /dev/null @@ -1,635 +0,0 @@ -import logging -import requests -import utils.config - -config = utils.config.get_config_data() -logger = logging.getLogger("moonforming.utils.policies") - -URL = "http://{}:{}".format(config['components']['manager']['hostname'], config['components']['manager']['port']) -URL = URL + "{}" -HEADERS = {"content-type": "application/json"} -FILE = open("/tmp/test.log", "w") - -policy_template = { - "name": "test_policy", - "model_id": "", - "genre": "authz", - "description": "test", -} - -subject_template = { - "name": "test_subject", - "description": "test", - "email": "mail", - "password": "my_pass", -} - -object_template = { - "name": "test_subject", - "description": "test" -} - -action_template = { - "name": "test_subject", - "description": "test" -} - -subject_data_template = { - "name": "subject_data1", - "description": "description of the data subject" -} - -object_data_template = { - "name": "object_data1", - "description": "description of the data subject" -} - -action_data_template = { - "name": "action_data1", - "description": "description of the data subject" -} - -subject_assignment_template = { - "id": "", - "category_id": "", - "scope_id": "" -} - - -def check_policy(policy_id=None): - req = requests.get(URL.format("/policies")) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "policies" in result - if policy_id: - assert result["policies"] - assert policy_id in result['policies'] - assert "name" in result['policies'][policy_id] - assert policy_template["name"] == result['policies'][policy_id]["name"] - return result - - -def add_policy(name="test_policy", genre="authz"): - policy_template["name"] = name - policy_template["genre"] = genre - req = requests.post(URL.format("/policies"), json=policy_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - policy_id = list(result['policies'].keys())[0] - if "result" in result: - assert result["result"] - assert "name" in result['policies'][policy_id] - assert policy_template["name"] == result['policies'][policy_id]["name"] - return policy_id - - -def update_policy(policy_id, model_id): - req = requests.patch(URL.format("/policies/{}".format(policy_id)), - json={"model_id": model_id}, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - policy_id = list(result['policies'].keys())[0] - if "result" in result: - assert result["result"] - assert "model_id" in result['policies'][policy_id] - assert model_id == result['policies'][policy_id]["model_id"] - - -def delete_policy(policy_id): - req = requests.delete(URL.format("/policies/{}".format(policy_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - -def add_subject(policy_id=None, name="test_subject"): - subject_template['name'] = name - if policy_id: - logger.debug(URL.format("/policies/{}/subjects".format(policy_id))) - req = requests.post(URL.format("/policies/{}/subjects".format(policy_id)), - json=subject_template, headers=HEADERS) - else: - logger.debug(URL.format("/subjects")) - req = requests.post(URL.format("/subjects"), json=subject_template, headers=HEADERS) - logger.debug(req.text) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - subject_id = list(result['subjects'].keys())[0] - return subject_id - - -def update_subject(subject_id, policy_id=None, description=None): - if policy_id and not description: - req = requests.patch(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id)), - json={}) - elif policy_id and description: - req = requests.patch(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id)), - json={"description": description}) - else: - req = requests.patch(URL.format("/subjects/{}".format(subject_id)), - json={"description": description}) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - assert "name" in result["subjects"][subject_id] - assert subject_template["name"] == result["subjects"][subject_id]["name"] - assert "policy_list" in result["subjects"][subject_id] - if policy_id: - assert policy_id in result["subjects"][subject_id]["policy_list"] - if description: - assert description in result["subjects"][subject_id]["description"] - - -def check_subject(subject_id=None, policy_id=None): - if policy_id: - req = requests.get(URL.format("/policies/{}/subjects".format(policy_id))) - else: - req = requests.get(URL.format("/subjects")) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - assert "name" in result["subjects"][subject_id] - assert subject_template["name"] == result["subjects"][subject_id]["name"] - if policy_id: - assert "policy_list" in result["subjects"][subject_id] - assert policy_id in result["subjects"][subject_id]["policy_list"] - - -def delete_subject(subject_id, policy_id=None): - if policy_id: - req = requests.delete(URL.format("/policies/{}/subjects/{}".format(policy_id, subject_id))) - else: - req = requests.delete(URL.format("/subjects/{}".format(subject_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - if policy_id: - req = requests.get(URL.format("/policies/{}/subjects".format(policy_id))) - else: - req = requests.get(URL.format("/subjects")) - assert req.status_code == 200 - result = req.json() - assert "subjects" in result - if subject_id in result["subjects"]: - assert "name" in result["subjects"][subject_id] - assert subject_template["name"] == result["subjects"][subject_id]["name"] - if policy_id: - assert "policy_list" in result["subjects"][subject_id] - assert policy_id not in result["subjects"][subject_id]["policy_list"] - - -def add_object(policy_id=None, name="test_object"): - object_template['name'] = name - if policy_id: - req = requests.post(URL.format("/policies/{}/objects".format(policy_id)), - json=object_template, headers=HEADERS) - else: - req = requests.post(URL.format("/objects"), json=object_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - object_id = list(result['objects'].keys())[0] - return object_id - - -def update_object(object_id, policy_id): - req = requests.patch(URL.format("/policies/{}/objects/{}".format(policy_id, object_id)), json={}) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - assert "name" in result["objects"][object_id] - assert object_template["name"] == result["objects"][object_id]["name"] - assert "policy_list" in result["objects"][object_id] - assert policy_id in result["objects"][object_id]["policy_list"] - - -def check_object(object_id=None, policy_id=None): - if policy_id: - req = requests.get(URL.format("/policies/{}/objects".format(policy_id))) - else: - req = requests.get(URL.format("/objects")) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - assert "name" in result["objects"][object_id] - assert object_template["name"] == result["objects"][object_id]["name"] - if policy_id: - assert "policy_list" in result["objects"][object_id] - assert policy_id in result["objects"][object_id]["policy_list"] - - -def delete_object(object_id, policy_id=None): - if policy_id: - req = requests.delete(URL.format("/policies/{}/objects/{}".format(policy_id, object_id))) - else: - req = requests.delete(URL.format("/objects/{}".format(object_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - if policy_id: - req = requests.get(URL.format("/policies/{}/objects".format(policy_id))) - else: - req = requests.get(URL.format("/objects")) - assert req.status_code == 200 - result = req.json() - assert "objects" in result - if object_id in result["objects"]: - assert "name" in result["objects"][object_id] - assert object_template["name"] == result["objects"][object_id]["name"] - if policy_id: - assert "policy_list" in result["objects"][object_id] - assert policy_id not in result["objects"][object_id]["policy_list"] - - -def add_action(policy_id=None, name="test_action"): - action_template['name'] = name - if policy_id: - req = requests.post(URL.format("/policies/{}/actions".format(policy_id)), - json=action_template, headers=HEADERS) - else: - req = requests.post(URL.format("/actions"), json=action_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - action_id = list(result['actions'].keys())[0] - return action_id - - -def update_action(action_id, policy_id): - req = requests.patch(URL.format("/policies/{}/actions/{}".format(policy_id, action_id)), json={}) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - assert "name" in result["actions"][action_id] - assert action_template["name"] == result["actions"][action_id]["name"] - assert "policy_list" in result["actions"][action_id] - assert policy_id in result["actions"][action_id]["policy_list"] - - -def check_action(action_id=None, policy_id=None): - if policy_id: - req = requests.get(URL.format("/policies/{}/actions".format(policy_id))) - else: - req = requests.get(URL.format("/actions")) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - assert "name" in result["actions"][action_id] - assert action_template["name"] == result["actions"][action_id]["name"] - if policy_id: - assert "policy_list" in result["actions"][action_id] - assert policy_id in result["actions"][action_id]["policy_list"] - - -def delete_action(action_id, policy_id=None): - if policy_id: - req = requests.delete(URL.format("/policies/{}/actions/{}".format(policy_id, action_id))) - else: - req = requests.delete(URL.format("/actions/{}".format(action_id))) - assert req.status_code == 200 - result = req.json() - assert type(result) is dict - assert "result" in result - assert result["result"] - - if policy_id: - req = requests.get(URL.format("/policies/{}/actions".format(policy_id))) - else: - req = requests.get(URL.format("/actions")) - assert req.status_code == 200 - result = req.json() - assert "actions" in result - if action_id in result["actions"]: - assert "name" in result["actions"][action_id] - assert action_template["name"] == result["actions"][action_id]["name"] - if policy_id: - assert "policy_list" in result["actions"][action_id] - assert policy_id not in result["actions"][action_id]["policy_list"] - - -def add_subject_data(policy_id, category_id, name="subject_data1"): - subject_data_template['name'] = name - req = requests.post(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id)), - json=subject_data_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "subject_data" in result - subject_id = list(result['subject_data']['data'].keys())[0] - return subject_id - - -def check_subject_data(policy_id, data_id, category_id): - req = requests.get(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_data" in result - for _data in result['subject_data']: - assert data_id in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def delete_subject_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/subject_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) - assert req.status_code == 200 - req = requests.get(URL.format("/policies/{}/subject_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_data" in result - for _data in result['subject_data']: - assert data_id not in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def add_object_data(policy_id, category_id, name="object_data1"): - object_data_template['name'] = name - req = requests.post(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id)), - json=object_data_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "object_data" in result - object_id = list(result['object_data']['data'].keys())[0] - return object_id - - -def check_object_data(policy_id, data_id, category_id): - req = requests.get(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "object_data" in result - for _data in result['object_data']: - assert data_id in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def delete_object_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/object_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) - assert req.status_code == 200 - req = requests.get(URL.format("/policies/{}/object_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "object_data" in result - for _data in result['object_data']: - assert data_id not in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def add_action_data(policy_id, category_id, name="action_data1"): - action_data_template['name'] = name - req = requests.post(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id)), - json=action_data_template, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "action_data" in result - action_id = list(result['action_data']['data'].keys())[0] - return action_id - - -def check_action_data(policy_id, data_id, category_id): - req = requests.get(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "action_data" in result - for _data in result['action_data']: - assert data_id in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def delete_action_data(policy_id, category_id, data_id): - req = requests.delete(URL.format("/policies/{}/action_data/{}/{}".format(policy_id, category_id, data_id)), - headers=HEADERS) - assert req.status_code == 200 - req = requests.get(URL.format("/policies/{}/action_data/{}".format(policy_id, category_id))) - assert req.status_code == 200 - result = req.json() - assert "action_data" in result - for _data in result['action_data']: - assert data_id not in list(_data['data'].keys()) - assert category_id == _data["category_id"] - - -def add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id): - req = requests.post(URL.format("/policies/{}/subject_assignments".format(policy_id)), - json={ - "id": subject_id, - "category_id": subject_cat_id, - "data_id": subject_data_id - }, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "subject_assignments" in result - assert result["subject_assignments"] - - -def check_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id): - req = requests.get(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( - policy_id, subject_id, subject_cat_id, subject_data_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_assignments" in result - assert result["subject_assignments"] - for key in result["subject_assignments"]: - assert "subject_id" in result["subject_assignments"][key] - assert "category_id" in result["subject_assignments"][key] - assert "assignments" in result["subject_assignments"][key] - if result["subject_assignments"][key]['subject_id'] == subject_id and \ - result["subject_assignments"][key]["category_id"] == subject_cat_id: - assert subject_data_id in result["subject_assignments"][key]["assignments"] - - -def check_object_assignments(policy_id, object_id, object_cat_id, object_data_id): - req = requests.get(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( - policy_id, object_id, object_cat_id, object_data_id))) - assert req.status_code == 200 - result = req.json() - assert "object_assignments" in result - assert result["object_assignments"] - for key in result["object_assignments"]: - assert "object_id" in result["object_assignments"][key] - assert "category_id" in result["object_assignments"][key] - assert "assignments" in result["object_assignments"][key] - if result["object_assignments"][key]['object_id'] == object_id and \ - result["object_assignments"][key]["category_id"] == object_cat_id: - assert object_data_id in result["object_assignments"][key]["assignments"] - - -def check_action_assignments(policy_id, action_id, action_cat_id, action_data_id): - req = requests.get(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( - policy_id, action_id, action_cat_id, action_data_id))) - assert req.status_code == 200 - result = req.json() - assert "action_assignments" in result - assert result["action_assignments"] - for key in result["action_assignments"]: - assert "action_id" in result["action_assignments"][key] - assert "category_id" in result["action_assignments"][key] - assert "assignments" in result["action_assignments"][key] - if result["action_assignments"][key]['action_id'] == action_id and \ - result["action_assignments"][key]["category_id"] == action_cat_id: - assert action_data_id in result["action_assignments"][key]["assignments"] - - -def add_object_assignments(policy_id, object_id, object_cat_id, object_data_id): - req = requests.post(URL.format("/policies/{}/object_assignments".format(policy_id)), - json={ - "id": object_id, - "category_id": object_cat_id, - "data_id": object_data_id - }, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "object_assignments" in result - assert result["object_assignments"] - - -def add_action_assignments(policy_id, action_id, action_cat_id, action_data_id): - req = requests.post(URL.format("/policies/{}/action_assignments".format(policy_id)), - json={ - "id": action_id, - "category_id": action_cat_id, - "data_id": action_data_id - }, headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "action_assignments" in result - assert result["action_assignments"] - - -def delete_subject_assignment(policy_id, subject_id, subject_cat_id, subject_data_id): - req = requests.delete(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( - policy_id, subject_id, subject_cat_id, subject_data_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/subject_assignments/{}/{}/{}".format( - policy_id, subject_id, subject_cat_id, subject_data_id))) - assert req.status_code == 200 - result = req.json() - assert "subject_assignments" in result - assert result["subject_assignments"] - for key in result["subject_assignments"]: - assert "subject_id" in result["subject_assignments"][key] - assert "category_id" in result["subject_assignments"][key] - assert "assignments" in result["subject_assignments"][key] - if result["subject_assignments"][key]['subject_id'] == subject_id and \ - result["subject_assignments"][key]["category_id"] == subject_cat_id: - assert subject_data_id not in result["subject_assignments"][key]["assignments"] - - -def delete_object_assignment(policy_id, object_id, object_cat_id, object_data_id): - req = requests.delete(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( - policy_id, object_id, object_cat_id, object_data_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/object_assignments/{}/{}/{}".format( - policy_id, object_id, object_cat_id, object_data_id))) - assert req.status_code == 200 - result = req.json() - assert "object_assignments" in result - assert result["object_assignments"] - for key in result["object_assignments"]: - assert "object_id" in result["object_assignments"][key] - assert "category_id" in result["object_assignments"][key] - assert "assignments" in result["object_assignments"][key] - if result["object_assignments"][key]['object_id'] == object_id and \ - result["object_assignments"][key]["category_id"] == object_cat_id: - assert object_data_id not in result["object_assignments"][key]["assignments"] - - -def delete_action_assignment(policy_id, action_id, action_cat_id, action_data_id): - req = requests.delete(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( - policy_id, action_id, action_cat_id, action_data_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/action_assignments/{}/{}/{}".format( - policy_id, action_id, action_cat_id, action_data_id))) - assert req.status_code == 200 - result = req.json() - assert "action_assignments" in result - assert result["action_assignments"] - for key in result["action_assignments"]: - assert "action_id" in result["action_assignments"][key] - assert "category_id" in result["action_assignments"][key] - assert "assignments" in result["action_assignments"][key] - if result["action_assignments"][key]['action_id'] == action_id and \ - result["action_assignments"][key]["category_id"] == action_cat_id: - assert action_data_id not in result["action_assignments"][key]["assignments"] - - -def add_rule(policy_id, meta_rule_id, rule, instructions={"chain": [{"security_pipeline": "rbac"}]}): - req = requests.post(URL.format("/policies/{}/rules".format(policy_id)), - json={ - "meta_rule_id": meta_rule_id, - "rule": rule, - "instructions": instructions, - "enabled": True - }, - headers=HEADERS) - assert req.status_code == 200 - result = req.json() - assert "rules" in result - try: - rule_id = list(result["rules"].keys())[0] - except Exception as e: - return False - assert "policy_id" in result["rules"][rule_id] - assert policy_id == result["rules"][rule_id]["policy_id"] - assert "meta_rule_id" in result["rules"][rule_id] - assert meta_rule_id == result["rules"][rule_id]["meta_rule_id"] - assert rule == result["rules"][rule_id]["rule"] - return rule_id - - -def check_rule(policy_id, meta_rule_id, rule_id, rule): - req = requests.get(URL.format("/policies/{}/rules".format(policy_id))) - assert req.status_code == 200 - result = req.json() - assert "rules" in result - assert "policy_id" in result["rules"] - assert policy_id == result["rules"]["policy_id"] - for item in result["rules"]["rules"]: - assert "meta_rule_id" in item - if meta_rule_id == item["meta_rule_id"]: - if rule_id == item["id"]: - assert rule == item["rule"] - - -def delete_rule(policy_id, rule_id): - req = requests.delete(URL.format("/policies/{}/rules/{}".format(policy_id, rule_id))) - assert req.status_code == 200 - result = req.json() - assert "result" in result - assert result["result"] - - req = requests.get(URL.format("/policies/{}/rules".format(policy_id))) - assert req.status_code == 200 - result = req.json() - assert "rules" in result - assert "policy_id" in result["rules"] - assert policy_id == result["rules"]["policy_id"] - found_rule = False - for item in result["rules"]["rules"]: - if rule_id == item["id"]: - found_rule = True - assert not found_rule diff --git a/tests/scenario/delegation.py b/tests/functional/scenario_available/delegation.py index 839e74ce..839e74ce 100644 --- a/tests/scenario/delegation.py +++ b/tests/functional/scenario_available/delegation.py diff --git a/templates/moon_forming/conf/mls.py b/tests/functional/scenario_available/mls.py index 0e6285c9..0e6285c9 100644 --- a/templates/moon_forming/conf/mls.py +++ b/tests/functional/scenario_available/mls.py diff --git a/templates/moon_forming/conf/rbac.py b/tests/functional/scenario_available/rbac.py index 25c010fd..25c010fd 100644 --- a/templates/moon_forming/conf/rbac.py +++ b/tests/functional/scenario_available/rbac.py diff --git a/tests/scenario/rbac_custom_100.py b/tests/functional/scenario_available/rbac_custom_100.py index 9ee55dbd..9ee55dbd 100644 --- a/tests/scenario/rbac_custom_100.py +++ b/tests/functional/scenario_available/rbac_custom_100.py diff --git a/tests/scenario/rbac_custom_1000.py b/tests/functional/scenario_available/rbac_custom_1000.py index d6850485..d6850485 100644 --- a/tests/scenario/rbac_custom_1000.py +++ b/tests/functional/scenario_available/rbac_custom_1000.py diff --git a/tests/scenario/rbac_custom_50.py b/tests/functional/scenario_available/rbac_custom_50.py index e1437cf4..e1437cf4 100644 --- a/tests/scenario/rbac_custom_50.py +++ b/tests/functional/scenario_available/rbac_custom_50.py diff --git a/tests/scenario/rbac_large.py b/tests/functional/scenario_available/rbac_large.py index ef5dd9b2..ef5dd9b2 100644 --- a/tests/scenario/rbac_large.py +++ b/tests/functional/scenario_available/rbac_large.py diff --git a/tests/scenario/rbac_mls.py b/tests/functional/scenario_available/rbac_mls.py index 8a5362ea..8a5362ea 100644 --- a/tests/scenario/rbac_mls.py +++ b/tests/functional/scenario_available/rbac_mls.py diff --git a/tests/scenario/session.py b/tests/functional/scenario_available/session.py index 97d7aec3..97d7aec3 100644 --- a/tests/scenario/session.py +++ b/tests/functional/scenario_available/session.py diff --git a/tests/scenario/session_large.py b/tests/functional/scenario_available/session_large.py index 5b4a64b6..5b4a64b6 100644 --- a/tests/scenario/session_large.py +++ b/tests/functional/scenario_available/session_large.py diff --git a/tests/functional/scenario_enabled/mls.py b/tests/functional/scenario_enabled/mls.py new file mode 120000 index 00000000..6acd75ce --- /dev/null +++ b/tests/functional/scenario_enabled/mls.py @@ -0,0 +1 @@ +../scenario_available/mls.py
\ No newline at end of file diff --git a/tests/functional/scenario_enabled/rbac.py b/tests/functional/scenario_enabled/rbac.py new file mode 120000 index 00000000..0edc905a --- /dev/null +++ b/tests/functional/scenario_enabled/rbac.py @@ -0,0 +1 @@ +../scenario_available/rbac.py
\ No newline at end of file diff --git a/tests/scenario/mls.py b/tests/functional/scenario_tests/mls.py index 3a3ded43..0e6285c9 100644 --- a/tests/scenario/mls.py +++ b/tests/functional/scenario_tests/mls.py @@ -1,9 +1,10 @@ -pdp_name = "pdp1" +pdp_name = "pdp_mls" policy_name = "MLS Policy example" model_name = "MLS" +policy_genre = "authz" -subjects = {"user0": "", "user1": "", "user2": "", } +subjects = {"adminuser": "", "user1": "", "user2": "", } objects = {"vm0": "", "vm1": "", } actions = {"start": "", "stop": ""} @@ -20,7 +21,7 @@ object_data = { action_data = {"action-type": {"vm-action": "", "storage-action": "", }} subject_assignments = { - "user0": {"subject-security-level": "high"}, + "adminuser": {"subject-security-level": "high"}, "user1": {"subject-security-level": "medium"}, } object_assignments = { @@ -33,21 +34,25 @@ action_assignments = { } meta_rule = { - "mls": {"id": "", "value": ("subject-security-level", "object-security-level", "action-type")}, + "mls": { + "id": "", + "value": ("subject-security-level", + "object-security-level", + "action-type")}, } rules = { "mls": ( { - "rules": ("high", "medium", "vm-action"), + "rule": ("high", "medium", "vm-action"), "instructions": ({"decision": "grant"}) }, { - "rules": ("high", "low", "vm-action"), + "rule": ("high", "low", "vm-action"), "instructions": ({"decision": "grant"}) }, { - "rules": ("medium", "low", "vm-action"), + "rule": ("medium", "low", "vm-action"), "instructions": ({"decision": "grant"}) }, ) diff --git a/tests/scenario/rbac.py b/tests/functional/scenario_tests/rbac.py index 89fd7de8..1d2cabee 100644 --- a/tests/scenario/rbac.py +++ b/tests/functional/scenario_tests/rbac.py @@ -1,10 +1,10 @@ -pdp_name = "pdp1" +pdp_name = "pdp_rbac1" policy_name = "RBAC policy example" model_name = "RBAC" policy_genre = "authz" -subjects = {"user0": "", "user1": "", } +subjects = {"adminuser": "", "user1": "", } objects = {"vm0": "", "vm1": "", } actions = {"start": "", "stop": ""} @@ -16,9 +16,24 @@ subject_data = {"role": {"admin": "", "employee": "", "*": ""}} object_data = {"id": {"vm0": "", "vm1": "", "*": ""}} action_data = {"action-type": {"vm-action": "", "*": ""}} -subject_assignments = {"user0": ({"role": "employee"}, {"role": "*"}), "user1": ({"role": "employee"}, {"role": "*"}), } -object_assignments = {"vm0": ({"id": "vm0"}, {"id": "*"}), "vm1": ({"id": "vm1"}, {"id": "*"})} -action_assignments = {"start": ({"action-type": "vm-action"}, {"action-type": "*"}), "stop": ({"action-type": "vm-action"}, {"action-type": "*"})} +subject_assignments = { + "adminuser": + ({"role": "admin"}, {"role": "employee"}, {"role": "*"}), + "user1": + ({"role": "employee"}, {"role": "*"}), +} +object_assignments = { + "vm0": + ({"id": "vm0"}, {"id": "*"}), + "vm1": + ({"id": "vm1"}, {"id": "*"}) +} +action_assignments = { + "start": + ({"action-type": "vm-action"}, {"action-type": "*"}), + "stop": + ({"action-type": "vm-action"}, {"action-type": "*"}) +} meta_rule = { "rbac": {"id": "", "value": ("role", "id", "action-type")}, @@ -29,7 +44,9 @@ rules = { { "rule": ("admin", "vm0", "vm-action"), "instructions": ( - {"decision": "grant"}, # "grant" to immediately exit, "continue" to wait for the result of next policy + {"decision": "grant"}, + # "grant" to immediately exit, + # "continue" to wait for the result of next policy ) }, { diff --git a/tests/get_keystone_projects.py b/tests/get_keystone_projects.py deleted file mode 100644 index 9b5d87cd..00000000 --- a/tests/get_keystone_projects.py +++ /dev/null @@ -1,16 +0,0 @@ -from python_moonclient import parse, models, policies, pdp - - -if __name__ == "__main__": - args = parse.parse() - consul_host = args.consul_host - consul_port = args.consul_port - - models.init(consul_host, consul_port) - policies.init(consul_host, consul_port) - pdp.init(consul_host, consul_port) - - projects = pdp.get_keystone_projects() - - for _project in projects['projects']: - print("{} {}".format(_project['id'], _project['name'])) diff --git a/tests/performance/README.md b/tests/performance/README.md index 52613d2c..fcb80589 100644 --- a/tests/performance/README.md +++ b/tests/performance/README.md @@ -1,69 +1,80 @@ -# Moon Yardstick and Bottlenecks Performance Tests +# Moon Yardstick/Bottlenecks Performance Tests The main objective of this document is to describe the performance tests for the Moon project/module. -Moon is a security managment platform which provides a set of security functions to project the underlying OPNFV infrastructure and/or VNFs. -Moon is consisted of 2 parts: a master and a set of slaves. The master holds all security-related information and each slave only fetches and holds -related informations for its local usage from master. +Moon is a security management platform which provides a set of security functions to project the underlying OPNFV infrastructure and/or VNFs. +It is consisted of 2 parts: a master and a set of slaves. The master holds all security-related information and each slave only fetches and holds +related information for its local usage from master. -## Moon Master Performance Tests -In this test, we should: +## Master Performance Tests +### Pre-requisite - setup a Moon master service on a physical server -- create a tenant/scope through the Moon master service -- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant +- create a project in OpenStack/Keystone +- create a MSL PDP with a model of 4 subject security levels and 4 object security levels, the MLS policy will be defined later -- increase N to find the limit of the security policy (implemented in format of a Docker) - - create N users and N resources (VMs in our case) in this tenant - - simulate 2 operation requests per user per second to Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, determine the capacity limit for one Docker +### Policy Size Test +Increase the number of users and resources N to find the limit of the security policy +- create N users and N resources (VMs in our case) in this MLS security policy +- sends 5 authz requests/second +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal number of N to support 5 requests/second -- setup 20 user and 20 resources (VMs in our case) for one tenant - - increase the number of tenants to test the maximal number of tenants on the server +### PDP Number Test +- setup 20 user and 20 resources (VMs in our case) for each MLS PDP +- sends 5 authz requests/second for each MLS PDP +- increase the number of PDP to test the maximal number of PDP on the master -- setup 5 tenants of N users and N resources (VMs in our case) in each tenant - - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server +### Policy Size Test for 5 PDPs +- setup 5 PDPs of N users and N resources (VMs in our case) +- sends 5 authz requests/second for each MLS PDP +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal user/resource number of these 5 PDPs -- setup 10 tenants of N users and N resources (VMs in our case) in each tenant - - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server +### Policy Size Test for 10 PDPs +- setup 10 PDPs of N users and N resources (VMs in our case) +- sends 5 authz requests/second for each MLS PDP +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal user/resource number of these 10 PDPs -- setup 20 tenants of N users and N resources (VMs in our case) in each tenant - - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint - - gather performance metrics like CPU, memory, network usages - - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server - -## Moon Slave Performace Tests -In this test, we should: -- setup a Moon master service on a physical server -- setup a Moon slave service on a physical server -- create a tenant/scope through the Moon master service -- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant through the Moon master service +### Policy Size Test for 20 PDPs +- setup 20 PDPs of N users and N resources (VMs in our case) +- sends 5 authz requests/second for each MLS PDP +- gather performance metrics like CPU, memory, network usages +Through the iteration, determine the maximal user/resource number of these 20 PDPs -- increase N to find the limit of the security policy (implemented in format of a Docker) - - create N users and N resources (VMs in our case) in this tenant - - simulate 2 operation requests per user per second to Moon slave's authorizatoin endpoint - - gather performance metrics like CPU, memory, network usages of Moon slave - - throught the iteration, dermine the capacity limit for one Docker of Moon slave - -- setup 20 user and 20 resources (VMs in our case) for one tenant through the Moon slave service - - increate the number of tenants to test the maximal number of tenants on the server of the Moon slave - -- setup 5 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service - - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint - - gather performance metrics like CPU, memory, network usages of both Moon master and Moon slave - - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server of Moon slave -- setup 10 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service - - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint - - gather performance metrics like CPU, memory, network usages of both Moon master and slave - - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server of the Moon slave +## Master-Slave Performance Tests +### Pre-requisite +- setup a Moon master on a physical server +- setup a Moon slave on a physical server +- create a project in OpenStack/Keystone +- create a MSL PDP with a model of 4 subject security levels and 4 object security levels, the MLS policy will be defined later on the master + +### Slave Policy Size Test +Increase the number of users and resources N to find the limit of the security policy +- create N users and N resources (VMs in our case) in this MLS security policy on the master +- sends 5 authz requests/second to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal number of N to support 5 requests/second of the slave + +### Slave PDP Number Test +- setup 20 user and 20 resources (VMs in our case) for each MLS PDP on the master +- sends 5 authz requests/second for each MLS PDP to the slave +Through the iteration, determine the maximal number of PDP to support 5 requests/second of the slave -- setup 20 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service - - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint - - gather performance metrics like CPU, memory, network usages of both Moon master and slave - - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server of the Moon slave +### Slave Policy Size Test for 5 PDPs +- setup 5 PDPs of N users and N resources (VMs in our case) on the master +- sends 5 authz requests/second for each MLS PDP to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal user/resource number of these 5 PDPs +### Slave Policy Size Test for 10 PDPs +- setup 10 PDPs of N users and N resources (VMs in our case) on the master +- sends 5 authz requests/second for each MLS PDP to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal user/resource number of these 10 PDPs +### Slave Policy Size Test for 20 PDPs +- setup 20 PDPs of N users and N resources (VMs in our case) on the master +- sends 5 authz requests/second for each MLS PDP to the slave +- gather performance metrics like CPU, memory, network usages of the slave +Through the iteration, determine the maximal user/resource number of these 20 PDPs diff --git a/tests/populate_default_values.py b/tests/populate_default_values.py deleted file mode 100644 index d5a5769b..00000000 --- a/tests/populate_default_values.py +++ /dev/null @@ -1,37 +0,0 @@ -import logging -from importlib.machinery import SourceFileLoader -from python_moonclient import parse, models, policies, pdp - -logger = logging.getLogger("moonforming") - - -if __name__ == "__main__": - requests_log = logging.getLogger("requests.packages.urllib3") - requests_log.setLevel(logging.WARNING) - requests_log.propagate = True - - args = parse.parse() - consul_host = args.consul_host - consul_port = args.consul_port - project_id = args.keystone_pid - - models.init(consul_host, consul_port) - policies.init(consul_host, consul_port) - pdp.init(consul_host, consul_port) - - if args.filename: - print("Loading: {}".format(args.filename[0])) - m = SourceFileLoader("scenario", args.filename[0]) - scenario = m.load_module() - - _models = models.check_model() - for _model_id, _model_value in _models['models'].items(): - if _model_value['name'] == scenario.model_name: - model_id = _model_id - meta_rule_list = _model_value['meta_rules'] - models.create_model(scenario, model_id) - break - else: - model_id, meta_rule_list = models.create_model(scenario) - policy_id = policies.create_policy(scenario, model_id, meta_rule_list) - pdp_id = pdp.create_pdp(scenario, policy_id=policy_id, project_id=project_id) diff --git a/tests/send_authz.py b/tests/send_authz.py deleted file mode 100644 index b4ed1d2f..00000000 --- a/tests/send_authz.py +++ /dev/null @@ -1,32 +0,0 @@ -from importlib.machinery import SourceFileLoader -from python_moonclient import config, parse, models, policies, pdp, authz - - -if __name__ == "__main__": - args = parse.parse() - consul_host = args.consul_host - consul_port = args.consul_port - - models.init(consul_host, consul_port) - policies.init(consul_host, consul_port) - pdp.init(consul_host, consul_port) - - if args.filename: - print("Loading: {}".format(args.filename[0])) - m = SourceFileLoader("scenario", args.filename[0]) - scenario = m.load_module() - - keystone_project_id = pdp.get_keystone_id(args.pdp) - time_data = authz.send_requests( - scenario, - args.authz_host, - args.authz_port, - keystone_project_id, - request_second=args.request_second, - limit=args.limit, - dry_run=args.dry_run, - stress_test=args.stress_test, - destination=args.destination - ) - if not args.dry_run: - authz.save_data(args.write, time_data) diff --git a/bin/README.md b/tools/bin/README.md index 3125c468..3125c468 100644 --- a/bin/README.md +++ b/tools/bin/README.md diff --git a/bin/bootstrap.py b/tools/bin/bootstrap.py index 6f2a5e03..6f2a5e03 100644 --- a/bin/bootstrap.py +++ b/tools/bin/bootstrap.py diff --git a/bin/build_all.sh b/tools/bin/build_all.sh index 5bbf6a19..5bbf6a19 100644 --- a/bin/build_all.sh +++ b/tools/bin/build_all.sh diff --git a/bin/build_all_pip.sh b/tools/bin/build_all_pip.sh index 2b415bf0..2b415bf0 100644 --- a/bin/build_all_pip.sh +++ b/tools/bin/build_all_pip.sh diff --git a/bin/delete_orchestrator.sh b/tools/bin/delete_orchestrator.sh index 95fcfddd..95fcfddd 100644 --- a/bin/delete_orchestrator.sh +++ b/tools/bin/delete_orchestrator.sh diff --git a/bin/moon_lib_update.sh b/tools/bin/moon_lib_update.sh index 3925e336..3925e336 100644 --- a/bin/moon_lib_update.sh +++ b/tools/bin/moon_lib_update.sh diff --git a/bin/set_auth.src b/tools/bin/set_auth.src index d955e30b..d955e30b 100644 --- a/bin/set_auth.src +++ b/tools/bin/set_auth.src diff --git a/bin/start.sh b/tools/bin/start.sh index e95ac393..e95ac393 100755 --- a/bin/start.sh +++ b/tools/bin/start.sh diff --git a/templates/moon_keystone/Dockerfile b/tools/moon_keystone/Dockerfile index 2a43bd92..2a43bd92 100644 --- a/templates/moon_keystone/Dockerfile +++ b/tools/moon_keystone/Dockerfile diff --git a/templates/moon_keystone/README.md b/tools/moon_keystone/README.md index 7027324e..7027324e 100644 --- a/templates/moon_keystone/README.md +++ b/tools/moon_keystone/README.md diff --git a/templates/moon_keystone/run.sh b/tools/moon_keystone/run.sh index 2a61901e..2a61901e 100644 --- a/templates/moon_keystone/run.sh +++ b/tools/moon_keystone/run.sh diff --git a/tools/moon_kubernetes/README.md b/tools/moon_kubernetes/README.md new file mode 100644 index 00000000..73d342fa --- /dev/null +++ b/tools/moon_kubernetes/README.md @@ -0,0 +1,106 @@ +# Moon Platform Setup +## Docker Installation +```bash +apt update +apt install -y docker.io +``` + +## K8S Installation +Choose the right K8S platform +### Minikube +```bash +curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl +chmod +x ./kubectl +sudo mv ./kubectl /usr/local/bin/kubectl +curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.21.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ +``` + +### Kubeadm +see: https://kubernetes.io/docs/setup/independent/install-kubeadm/ +```bash +apt-get update && apt-get install -y apt-transport-https +curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - +cat <<EOF >/etc/apt/sources.list.d/kubernetes.list +deb http://apt.kubernetes.io/ kubernetes-xenial main +EOF +apt-get update +apt-get install -y kubelet kubeadm kubectl +``` + +## Moon Deployment +### Initiate K8S +```bash +cd $MOON_HOME +bash tools/moon_kubernetes/init_k8s.sh +``` + +Wait until all the kubeadm containers are in the `running` state: +```bash +watch kubectl get po --namespace=kube-system +``` + +You must see something like this: + + $ kubectl get po --namespace=kube-system + NAME READY STATUS RESTARTS AGE + calico-etcd-7qgjb 1/1 Running 0 1h + calico-node-f8zvm 2/2 Running 1 1h + calico-policy-controller-59fc4f7888-ns9kv 1/1 Running 0 1h + etcd-varuna 1/1 Running 0 1h + kube-apiserver-varuna 1/1 Running 0 1h + kube-controller-manager-varuna 1/1 Running 0 1h + kube-dns-bfbb49cd7-rgqxn 3/3 Running 0 1h + kube-proxy-x88wg 1/1 Running 0 1h + kube-scheduler-varuna 1/1 Running 0 1h + + +### Deploy Moon +```bash +cd $MOON_HOME +sudo bash tools/moon_kubernetes/start_moon.sh +``` + +Wait until all the Moon containers are in the `running` state: +```bash +watch kubectl get po --namespace=moon +``` + +You must see something like this: + + $ kubectl get po --namespace=moon + NAME READY STATUS RESTARTS AGE + consul-57b6d66975-9qnfx 1/1 Running 0 52m + db-867f9c6666-bq8cf 1/1 Running 0 52m + gui-bc9878b58-q288x 1/1 Running 0 51m + keystone-7d9cdbb69f-bl6ln 1/1 Running 0 52m + manager-5bfbb96988-2nvhd 1/1 Running 0 51m + manager-5bfbb96988-fg8vj 1/1 Running 0 51m + manager-5bfbb96988-w9wnk 1/1 Running 0 51m + orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m + wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m + +### Docker-K8S Port Mapping +```yamlex +manager: + port: 8082 + kport: 30001 +gui: + port: 3000 + kport: 30002 +orchestrator: + port: 8083 + kport: 30003 +consul: + port: 8500 + kport: 30005 +keystone: + port: 5000 + kport: 30006 +wrapper: + port: 8080 + kport: 30010 +interface: + port: 8080 +authz: + port: 8081 +``` diff --git a/templates/moon/moon.conf b/tools/moon_kubernetes/conf/moon.conf index a5a40ad2..a5a40ad2 100644 --- a/templates/moon/moon.conf +++ b/tools/moon_kubernetes/conf/moon.conf diff --git a/kubernetes/conf/password_moon.txt b/tools/moon_kubernetes/conf/password_moon.txt index bb9bcf7d..bb9bcf7d 100644 --- a/kubernetes/conf/password_moon.txt +++ b/tools/moon_kubernetes/conf/password_moon.txt diff --git a/kubernetes/conf/password_root.txt b/tools/moon_kubernetes/conf/password_root.txt index bb9bcf7d..bb9bcf7d 100644 --- a/kubernetes/conf/password_root.txt +++ b/tools/moon_kubernetes/conf/password_root.txt diff --git a/kubernetes/init_k8s.sh b/tools/moon_kubernetes/init_k8s.sh index 6eb94e78..8ec1237c 100644 --- a/kubernetes/init_k8s.sh +++ b/tools/moon_kubernetes/init_k8s.sh @@ -6,8 +6,8 @@ sudo kubeadm reset sudo swapoff -a -sudo kubeadm init --pod-network-cidr=192.168.0.0/16 -#sudo kubeadm init --pod-network-cidr=10.244.0.0/16 +sudo kubeadm init --pod-network-cidr=192.168.0.0/16 # network for Calico +#sudo kubeadm init --pod-network-cidr=10.244.0.0/16 # network for Canal mkdir -p $HOME/.kube sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config @@ -20,9 +20,9 @@ kubectl apply -f http://docs.projectcalico.org/v2.4/getting-started/kubernetes/i #kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml kubectl delete deployment kube-dns --namespace=kube-system -kubectl apply -f kubernetes/templates/kube-dns.yaml +kubectl apply -f tools/moon_kubernetes/templates/kube-dns.yaml -kubectl taint nodes --all node-role.kubernetes.io/master- +kubectl taint nodes --all node-role.kubernetes.io/master- # make the master also as a node kubectl proxy& sleep 5 diff --git a/tools/moon_kubernetes/start_moon.sh b/tools/moon_kubernetes/start_moon.sh new file mode 100644 index 00000000..47d6998b --- /dev/null +++ b/tools/moon_kubernetes/start_moon.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +set -x + +kubectl create namespace moon +kubectl create configmap moon-config --from-file tools/moon_kubernetes/conf/moon.conf -n moon +kubectl create configmap config --from-file ~/.kube/config -n moon +kubectl create configmap moon-policy-templates --from-file tests/functional/scenario_tests -n moon +kubectl create secret generic mysql-root-pass --from-file=tools/moon_kubernetes/conf/password_root.txt -n moon +kubectl create secret generic mysql-pass --from-file=tools/moon_kubernetes/conf/password_moon.txt -n moon + +kubectl create -n moon -f tools/moon_kubernetes/templates/consul.yaml +kubectl create -n moon -f tools/moon_kubernetes/templates/db.yaml +kubectl create -n moon -f tools/moon_kubernetes/templates/keystone.yaml + +echo ========================================= +kubectl get pods -n moon +echo ========================================= + +sleep 10 +kubectl create -n moon -f tools/moon_kubernetes/templates/moon_forming.yaml + +echo Waiting for jobs forming +sleep 5 +kubectl get jobs -n moon +kubectl logs -n moon jobs/forming + +sleep 5 +kubectl create -n moon -f tools/moon_kubernetes/templates/moon_manager.yaml + +sleep 2 +kubectl create -n moon -f tools/moon_kubernetes/templates/moon_orchestrator.yaml + +kubectl create -n moon -f tools/moon_kubernetes/templates/moon_gui.yaml + + diff --git a/kubernetes/templates/consul.yaml b/tools/moon_kubernetes/templates/consul.yaml index f0fb764e..f0fb764e 100644 --- a/kubernetes/templates/consul.yaml +++ b/tools/moon_kubernetes/templates/consul.yaml diff --git a/kubernetes/templates/db.yaml b/tools/moon_kubernetes/templates/db.yaml index 38418643..a055507e 100644 --- a/kubernetes/templates/db.yaml +++ b/tools/moon_kubernetes/templates/db.yaml @@ -1,33 +1,3 @@ -#apiVersion: v1 -#kind: PersistentVolume -#metadata: -# name: local-pv-1 -# labels: -# type: local -#spec: -# capacity: -# storage: 5Gi -# accessModes: -# - ReadWriteOnce -# hostPath: -# path: /tmp/data/pv-1 -#--- -# -#apiVersion: v1 -#kind: PersistentVolumeClaim -#metadata: -# name: mysql-pv-claim -# labels: -# platform: moon -# app: db -#spec: -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 5Gi -#--- - apiVersion: apps/v1beta1 kind: Deployment metadata: @@ -71,6 +41,7 @@ spec: # persistentVolumeClaim: # claimName: mysql-pv-claim --- + apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/templates/keystone.yaml b/tools/moon_kubernetes/templates/keystone.yaml index e4218e4c..e4218e4c 100644 --- a/kubernetes/templates/keystone.yaml +++ b/tools/moon_kubernetes/templates/keystone.yaml diff --git a/kubernetes/templates/kube-dns.yaml b/tools/moon_kubernetes/templates/kube-dns.yaml index c8f18fd8..c8f18fd8 100644 --- a/kubernetes/templates/kube-dns.yaml +++ b/tools/moon_kubernetes/templates/kube-dns.yaml diff --git a/kubernetes/templates/moon_configuration.yaml b/tools/moon_kubernetes/templates/moon_forming.yaml index 3bcaa533..334ee175 100644 --- a/kubernetes/templates/moon_configuration.yaml +++ b/tools/moon_kubernetes/templates/moon_forming.yaml @@ -1,25 +1,30 @@ apiVersion: batch/v1 kind: Job metadata: - name: moonforming + name: forming namespace: moon spec: template: metadata: - name: moonforming + name: forming spec: containers: - - name: moonforming - image: asteroide/moonforming:v1.3 + - name: forming + image: wukongsun/moon_forming:latest env: - name: POPULATE_ARGS value: "--verbose" # debug mode: --debug volumeMounts: - name: config-volume mountPath: /etc/moon + - name: templates-volume + mountPath: /data volumes: - name: config-volume configMap: name: moon-config + - name: templates-volume + configMap: + name: moon-policy-templates restartPolicy: Never #backoffLimit: 4
\ No newline at end of file diff --git a/kubernetes/templates/moon_gui.yaml b/tools/moon_kubernetes/templates/moon_gui.yaml index 2d355216..2d355216 100644 --- a/kubernetes/templates/moon_gui.yaml +++ b/tools/moon_kubernetes/templates/moon_gui.yaml diff --git a/kubernetes/templates/moon_manager.yaml b/tools/moon_kubernetes/templates/moon_manager.yaml index 9d4a09a8..9d4a09a8 100644 --- a/kubernetes/templates/moon_manager.yaml +++ b/tools/moon_kubernetes/templates/moon_manager.yaml diff --git a/kubernetes/templates/moon_orchestrator.yaml b/tools/moon_kubernetes/templates/moon_orchestrator.yaml index 419f2d52..419f2d52 100644 --- a/kubernetes/templates/moon_orchestrator.yaml +++ b/tools/moon_kubernetes/templates/moon_orchestrator.yaml diff --git a/tools/openstack/README.md b/tools/openstack/README.md new file mode 100644 index 00000000..8b5d06e5 --- /dev/null +++ b/tools/openstack/README.md @@ -0,0 +1,73 @@ +# OpenStack +## Installation +For the *Moon* platform, you must have the following OpenStack components installed somewhere: +- *Nova*, see [Nova install](https://docs.openstack.org/mitaka/install-guide-ubuntu/nova-controller-install.html) +- *Glance*, see [Glance install](https://docs.openstack.org/glance/pike/install/) +- *Keystone* is automatically installed and configured in the Moon platform. +After the Moon platform installation, the Keystone server will be available +at: `http://localhost:30005 or http://\<servername\>:30005` + +You can also use your own Keystone server if you want. + +## Configuration +Before updating the configuration of the OpenStack platform, check that the platform +is working without Moon, use the following commands: +```bash +# set authentication +openstack endpoint list +openstack user list +openstack server list +``` + +In order to connect the OpenStack platform with the Moon platform, you must update some +configuration files in Nova and Glance: +- `/etc/nova/policy.json` +- `/etc/glance/policy.json` + +In some installed platform, the `/etc/nova/policy.json` can be absent so you have +to create one. You can find example files in those directory: +- `${MOON}/tools/openstack/nova/policy.json` +- `${MOON}/tools/openstack/glance/policy.json` + +Each line is mapped to an OpenStack API interface, for example, the following line +allows the user to get details for every virtual machines in the cloud +(the corresponding shell command is `openstack server list`): + + "os_compute_api:servers:detail": "", + +This lines indicates that there is no special authorisation to use this API, +every users can use it. If you want that the Moon platform handles that authorisation, +update this line with: + + "os_compute_api:servers:detail": "http://my_hostname:31001/authz" + +1) by replacing `my_hostname` with the hostname (or the IP address) of the Moon platform. +2) by updating the TCP port (default: 31001) with the good one. + +To find this TCP port, use the following command: + + $ kubectl get services -n moon | grep wrapper | cut -d ":" -f 2 | cut -d " " -f 1 + 31002/TCP + +## Tests +Here is a shell script to authenticate to the OpenStack platform as `admin`: +```bash +export OS_USERNAME=admin +export OS_PASSWORD=p4ssw0rd +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://moon_hostname:30006/v3 +export OS_DOMAIN_NAME=Default +export OS_IDENTITY_API_VERSION=3 +``` + +For the `demo_user`, use: +```bash +export OS_USERNAME=demo_user +export OS_PASSWORD=your_secret_password +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=demo +export OS_AUTH_URL=http://moon_hostname:30006/v3 +export OS_DOMAIN_NAME=Default +export OS_IDENTITY_API_VERSION=3 +``` diff --git a/templates/openstack/glance/policy.json b/tools/openstack/glance/policy.json index 5505f67f..5505f67f 100644 --- a/templates/openstack/glance/policy.json +++ b/tools/openstack/glance/policy.json diff --git a/templates/openstack/nova/policy.json b/tools/openstack/nova/policy.json index 29763ce3..29763ce3 100644 --- a/templates/openstack/nova/policy.json +++ b/tools/openstack/nova/policy.json |