aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--INFO13
-rw-r--r--moon_authz/Dockerfile2
-rw-r--r--moon_gui/package.json2
-rw-r--r--moon_interface/Dockerfile2
-rw-r--r--moon_manager/Dockerfile2
-rw-r--r--moon_manager/MANIFEST.in2
-rw-r--r--moon_manager/moon_manager/http_server.py4
-rw-r--r--moon_manager/tests/functional_pod/run_functional_tests.sh7
-rw-r--r--moon_manager/tests/unit_python/api/import_export_utilities.py2
-rw-r--r--moon_manager/tests/unit_python/api/test_import.py2
-rw-r--r--moon_manager/tests/unit_python/api/test_policies.py13
-rw-r--r--moon_manager/tests/unit_python/api/test_unit_models.py (renamed from moon_manager/tests/unit_python/api/test_models.py)14
-rw-r--r--moon_orchestrator/Dockerfile2
-rw-r--r--moon_wrapper/Dockerfile2
-rw-r--r--python_moondb/Changelog4
-rw-r--r--python_moondb/python_moondb/__init__.py2
-rw-r--r--python_moondb/python_moondb/api/model.py9
-rw-r--r--python_moondb/python_moondb/api/policy.py2
-rw-r--r--python_moondb/python_moondb/backends/sql.py300
-rw-r--r--python_moondb/python_moondb/migrate_repo/versions/001_moon.py36
-rw-r--r--python_moondb/tests/unit_python/models/test_categories.py44
-rw-r--r--python_moondb/tests/unit_python/models/test_meta_rules.py1
-rw-r--r--python_moondb/tests/unit_python/models/test_models.py33
-rw-r--r--python_moondb/tests/unit_python/policies/mock_data.py28
-rwxr-xr-xpython_moondb/tests/unit_python/policies/test_assignments.py13
-rwxr-xr-xpython_moondb/tests/unit_python/policies/test_data.py29
-rwxr-xr-xpython_moondb/tests/unit_python/policies/test_policies.py17
-rw-r--r--python_moonutilities/Changelog6
-rw-r--r--python_moonutilities/python_moonutilities/__init__.py2
-rw-r--r--python_moonutilities/python_moonutilities/exceptions.py41
-rw-r--r--tools/moon_kubernetes/init_k8s_moon.sh2
31 files changed, 479 insertions, 159 deletions
diff --git a/INFO b/INFO
index 965671d3..d0886418 100644
--- a/INFO
+++ b/INFO
@@ -2,8 +2,8 @@ Project: Security Management Module (Moon)
Project Creation Date: 07 Mai 2015
Project Category: Collaborative Development
Lifecycle State: Incubation
-Primary Contact: ruan.he@orange.com
-Project Lead: ruan.he@orange.com
+Primary Contact: thomas.duval@orange.com
+Project Lead: thomas.duval@orange.com
Jira Project Name: Security Management Module
Jira Project Prefix: MOON
Mailing list tag: [moon]
@@ -11,18 +11,21 @@ IRC: #opnfv-moon
Repository: moon
Contributors:
-ruan.he@orange.com
+rebirthmonkey@gmail.com
jamil.chawki@orange.com
thomas.duval@orange.com
loic.lagadec@ensta-bretagne.fr
ad5939@att.com
marcel.winandy@huawei.com
pyegani@juniper.net
+jonathan.gourdin@orange.com
+rhanafy.ext@orange.com
+rfawzy.ext@orange.com
+mmagraby.ext@orange.com
+francois.cellier@orange.com
Committers:
-ruan (Linux Foundation ID) ruan.he@orange.com
asteroide (Linux Foundation ID) thomas.duval@orange.com: nomination July 3rd 2015
-WuKong (Linux Foundation ID) rebirthmonkey@gmail.com: nomination July 3rd 2015
Link to TSC approval of the project: http://meetbot.opnfv.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-05-12-13.59.html
Link(s) to approval of additional committers:
diff --git a/moon_authz/Dockerfile b/moon_authz/Dockerfile
index fea9555d..c44d7c23 100644
--- a/moon_authz/Dockerfile
+++ b/moon_authz/Dockerfile
@@ -3,6 +3,8 @@ FROM python:3
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi
RUN pip3 install .
CMD ["python3", "-m", "moon_authz"] \ No newline at end of file
diff --git a/moon_gui/package.json b/moon_gui/package.json
index 599452e4..45157e5e 100644
--- a/moon_gui/package.json
+++ b/moon_gui/package.json
@@ -50,5 +50,5 @@
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
- "license": "ISC"
+ "license": "Apache-2.0"
}
diff --git a/moon_interface/Dockerfile b/moon_interface/Dockerfile
index f4de15eb..069346c3 100644
--- a/moon_interface/Dockerfile
+++ b/moon_interface/Dockerfile
@@ -3,6 +3,8 @@ FROM python:3
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi
RUN pip3 install .
CMD ["python3", "-m", "moon_interface"] \ No newline at end of file
diff --git a/moon_manager/Dockerfile b/moon_manager/Dockerfile
index b5eb4e02..630c275b 100644
--- a/moon_manager/Dockerfile
+++ b/moon_manager/Dockerfile
@@ -3,6 +3,8 @@ FROM python:3
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi
RUN pip3 install .
CMD ["python3", "-m", "moon_manager"] \ No newline at end of file
diff --git a/moon_manager/MANIFEST.in b/moon_manager/MANIFEST.in
index 1f674d50..cf4d2e4e 100644
--- a/moon_manager/MANIFEST.in
+++ b/moon_manager/MANIFEST.in
@@ -3,7 +3,7 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-include README.rst
+include README.md
include LICENSE
include setup.py
include requirements.txt
diff --git a/moon_manager/moon_manager/http_server.py b/moon_manager/moon_manager/http_server.py
index 128d5b74..a7258a75 100644
--- a/moon_manager/moon_manager/http_server.py
+++ b/moon_manager/moon_manager/http_server.py
@@ -100,7 +100,7 @@ class Root(Resource):
if _method in dir(item):
_methods.append(_method)
tree[item.__name__]["methods"] = _methods
- tree[item.__name__]["description"] = item.__doc__.strip()
+ tree[item.__name__]["description"] = item.__doc__.strip() if item.__doc__ else ""
return {
"version": __version__,
"tree": tree
@@ -147,7 +147,7 @@ class HTTPServer(Server):
while True:
try:
PDPManager.get_pdp(user_id="admin", pdp_id=None)
- except sqlalchemy.exc.ProgrammingError:
+ except (sqlalchemy.exc.ProgrammingError, sqlalchemy.exc.InternalError):
time.sleep(1)
if first:
logger.warning("Waiting for the database...")
diff --git a/moon_manager/tests/functional_pod/run_functional_tests.sh b/moon_manager/tests/functional_pod/run_functional_tests.sh
index 7a95a491..960e9480 100644
--- a/moon_manager/tests/functional_pod/run_functional_tests.sh
+++ b/moon_manager/tests/functional_pod/run_functional_tests.sh
@@ -1,4 +1,11 @@
#!/usr/bin/env bash
+if [ -d /data/dist ];
+then
+ pip install /data/dist/*.tar.gz --upgrade
+ pip install /data/dist/*.whl --upgrade
+fi
+
+
cd /data/tests/functional_pod
pytest .
diff --git a/moon_manager/tests/unit_python/api/import_export_utilities.py b/moon_manager/tests/unit_python/api/import_export_utilities.py
index 98586d02..3c921e21 100644
--- a/moon_manager/tests/unit_python/api/import_export_utilities.py
+++ b/moon_manager/tests/unit_python/api/import_export_utilities.py
@@ -4,7 +4,7 @@
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
import api.utilities as utilities
-import api.test_models as test_models
+import api.test_unit_models as test_models
import api.test_policies as test_policies
import api.test_perimeter as test_perimeter
import api.meta_data_test as test_categories
diff --git a/moon_manager/tests/unit_python/api/test_import.py b/moon_manager/tests/unit_python/api/test_import.py
index 4e970a0e..3c45f8a1 100644
--- a/moon_manager/tests/unit_python/api/test_import.py
+++ b/moon_manager/tests/unit_python/api/test_import.py
@@ -4,7 +4,7 @@
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
import api.utilities as utilities
-import api.test_models as test_models
+import api.test_unit_models as test_models
import api.test_policies as test_policies
import api.test_perimeter as test_perimeter
import api.meta_data_test as test_categories
diff --git a/moon_manager/tests/unit_python/api/test_policies.py b/moon_manager/tests/unit_python/api/test_policies.py
index 4d4e387e..40be35e6 100644
--- a/moon_manager/tests/unit_python/api/test_policies.py
+++ b/moon_manager/tests/unit_python/api/test_policies.py
@@ -1,5 +1,11 @@
+# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
import json
import api.utilities as utilities
+from uuid import uuid4
def get_policies(client):
@@ -45,13 +51,14 @@ def test_get_policies():
def test_add_policies():
client = utilities.register_client()
- req, policies = add_policies(client, "testuser")
+ policy_name = "testuser" + uuid4().hex
+ req, policies = add_policies(client, policy_name)
assert req.status_code == 200
assert isinstance(policies, dict)
value = list(policies["policies"].values())[0]
assert "policies" in policies
- assert value['name'] == "testuser"
- assert value["description"] == "description of {}".format("testuser")
+ assert value['name'] == policy_name
+ assert value["description"] == "description of {}".format(policy_name)
assert value["model_id"] == "modelId"
assert value["genre"] == "genre"
diff --git a/moon_manager/tests/unit_python/api/test_models.py b/moon_manager/tests/unit_python/api/test_unit_models.py
index 3c205d1d..6f97b1ae 100644
--- a/moon_manager/tests/unit_python/api/test_models.py
+++ b/moon_manager/tests/unit_python/api/test_unit_models.py
@@ -1,3 +1,8 @@
+# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
import json
import api.utilities as utilities
@@ -34,6 +39,14 @@ def delete_models_without_id(client):
return req
+def clean_models():
+ client = utilities.register_client()
+ req, models= get_models(client)
+ for key, value in models['models'].items():
+ print(key)
+ print(value)
+ client.delete("/models/{}".format(key))
+
def test_get_models():
client = utilities.register_client()
req, models= get_models(client)
@@ -43,6 +56,7 @@ def test_get_models():
def test_add_models():
+ clean_models()
client = utilities.register_client()
req, models = add_models(client, "testuser")
assert req.status_code == 200
diff --git a/moon_orchestrator/Dockerfile b/moon_orchestrator/Dockerfile
index e9f83094..4d75d6d7 100644
--- a/moon_orchestrator/Dockerfile
+++ b/moon_orchestrator/Dockerfile
@@ -3,6 +3,8 @@ FROM python:3
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi
RUN pip3 install .
CMD ["python3", "-m", "moon_orchestrator"] \ No newline at end of file
diff --git a/moon_wrapper/Dockerfile b/moon_wrapper/Dockerfile
index 77ffaee9..00aeb3f1 100644
--- a/moon_wrapper/Dockerfile
+++ b/moon_wrapper/Dockerfile
@@ -3,6 +3,8 @@ FROM python:3
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi
+RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi
RUN pip3 install .
CMD ["python3", "-m", "moon_wrapper"]
diff --git a/python_moondb/Changelog b/python_moondb/Changelog
index 44ae7fa8..19cd0ac0 100644
--- a/python_moondb/Changelog
+++ b/python_moondb/Changelog
@@ -65,3 +65,7 @@ CHANGES
1.2.7
-----
- Fix some bugs
+
+1.2.8
+-----
+- Add unique constraints on db tables
diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py
index bebaca8a..b266a9d4 100644
--- a/python_moondb/python_moondb/__init__.py
+++ b/python_moondb/python_moondb/__init__.py
@@ -3,5 +3,5 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.2.7"
+__version__ = "1.2.8"
diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py
index bd475365..57857cd2 100644
--- a/python_moondb/python_moondb/api/model.py
+++ b/python_moondb/python_moondb/api/model.py
@@ -58,9 +58,6 @@ class ModelManager(Managers):
def add_meta_rule(self, user_id, meta_rule_id=None, value=None):
if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
raise exceptions.MetaRuleExisting
- if not meta_rule_id:
- meta_rule_id = uuid4().hex
- logger.info("add_meta_rule {}".format(value))
return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
@enforce(("read", "write"), "meta_rules")
@@ -78,8 +75,6 @@ class ModelManager(Managers):
def add_subject_category(self, user_id, category_id=None, value=None):
if category_id in self.driver.get_subject_categories(category_id=category_id):
raise exceptions.SubjectCategoryExisting
- # if not category_id:
- # category_id = uuid4().hex
return self.driver.add_subject_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
@@ -98,8 +93,6 @@ class ModelManager(Managers):
def add_object_category(self, user_id, category_id=None, value=None):
if category_id in self.driver.get_object_categories(category_id=category_id):
raise exceptions.ObjectCategoryExisting
- # if not category_id:
- # category_id = uuid4().hex
return self.driver.add_object_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
@@ -118,8 +111,6 @@ class ModelManager(Managers):
def add_action_category(self, user_id, category_id=None, value=None):
if category_id in self.driver.get_action_categories(category_id=category_id):
raise exceptions.ActionCategoryExisting
- # if not category_id:
- # category_id = uuid4().hex
return self.driver.add_action_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py
index cde3ab77..9e7ad96c 100644
--- a/python_moondb/python_moondb/api/policy.py
+++ b/python_moondb/python_moondb/api/policy.py
@@ -115,8 +115,6 @@ class PolicyManager(Managers):
logger.info("add_action {}".format(policy_id))
if not self.get_policies(user_id=user_id, policy_id=policy_id):
raise exceptions.PolicyUnknown
- if not perimeter_id:
- perimeter_id = uuid4().hex
return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
@enforce(("read", "write"), "perimeter")
diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py
index c0670951..a838a854 100644
--- a/python_moondb/python_moondb/backends/sql.py
+++ b/python_moondb/python_moondb/backends/sql.py
@@ -16,6 +16,7 @@ from sqlalchemy import types as sql_types
from python_moonutilities import configuration
from python_moonutilities.exceptions import *
from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver
+import sqlalchemy
logger = logging.getLogger("moon.db.driver.sql")
Base = declarative_base()
@@ -61,13 +62,14 @@ class JsonBlob(sql_types.TypeDecorator):
class Model(Base, DictBase):
__tablename__ = 'models'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
+ "name": self.name,
"description": self.value.get("description", ""),
"meta_rules": self.value.get("meta_rules", list()),
}
@@ -75,30 +77,34 @@ class Model(Base, DictBase):
class Policy(Base, DictBase):
__tablename__ = 'policies'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'model_id', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ model_id = sql.Column(sql.String(64), nullable=True, default="")
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
"description": self.value.get("description", ""),
- "model_id": self.value.get("model_id", ""),
"genre": self.value.get("genre", ""),
+ "model_id": self.model_id,
+ "name": self.name
}
class PDP(Base, DictBase):
__tablename__ = 'pdp'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'keystone_project_id', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ keystone_project_id = sql.Column(sql.String(64), nullable=True, default="")
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value.get("name"),
+ "name": self.name,
"description": self.value.get("description", ""),
- "keystone_project_id": self.value.get("keystone_project_id", ""),
+ "keystone_project_id": self.keystone_project_id,
"security_pipeline": self.value.get("security_pipeline", []),
}
@@ -123,17 +129,18 @@ class ActionCategory(Base, PerimeterCategoryBase):
class PerimeterBase(DictBase):
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
__mapper_args__ = {'concrete': True}
def __repr__(self):
- return "{}: {}".format(self.id, json.dumps(self.value))
+ return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value))
def to_return(self):
return {
'id': self.id,
- 'name': self.value.get("name", ""),
+ 'name': self.name,
'description': self.value.get("description", ""),
'email': self.value.get("email", ""),
'extra': self.value.get("extra", dict()),
@@ -141,12 +148,13 @@ class PerimeterBase(DictBase):
}
def to_dict(self):
+ dict_value = copy.deepcopy(self.value)
+ dict_value["name"] = self.name
return {
'id': self.id,
- 'value': self.value
+ 'value': dict_value
}
-
class Subject(Base, PerimeterBase):
__tablename__ = 'subjects'
@@ -160,8 +168,9 @@ class Action(Base, PerimeterBase):
class PerimeterDataBase(DictBase):
- attributes = ['id', 'value', 'category_id', 'policy_id']
+ attributes = ['id', 'name', 'value', 'category_id', 'policy_id']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
value = sql.Column(JsonBlob(), nullable=True)
@declared_attr
def policy_id(cls):
@@ -170,7 +179,7 @@ class PerimeterDataBase(DictBase):
def to_dict(self):
return {
'id': self.id,
- 'name': self.value.get("name", ""),
+ 'name': self.name,
'description': self.value.get("description", ""),
'category_id': self.category_id,
'policy_id': self.policy_id
@@ -243,17 +252,21 @@ class ActionAssignment(Base, PerimeterAssignmentBase):
class MetaRule(Base, DictBase):
__tablename__ = 'meta_rules'
- attributes = ['id', 'value']
+ attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', 'value']
id = sql.Column(sql.String(64), primary_key=True)
+ name = sql.Column(sql.String(256), nullable=False)
+ subject_categories = sql.Column(JsonBlob(), nullable=True)
+ object_categories = sql.Column(JsonBlob(), nullable=True)
+ action_categories = sql.Column(JsonBlob(), nullable=True)
value = sql.Column(JsonBlob(), nullable=True)
def to_dict(self):
return {
- "name": self.value["name"],
+ "name": self.name,
"description": self.value.get("description", ""),
- "subject_categories": self.value.get("subject_categories", list()),
- "object_categories": self.value.get("object_categories", list()),
- "action_categories": self.value.get("action_categories", list()),
+ "subject_categories": self.subject_categories,
+ "object_categories": self.object_categories,
+ "action_categories": self.action_categories,
}
@@ -323,15 +336,23 @@ class BaseConnector(object):
class PDPConnector(BaseConnector, PDPDriver):
def update_pdp(self, pdp_id, value):
- with self.get_session_for_write() as session:
- query = session.query(PDP)
- query = query.filter_by(id=pdp_id)
- ref = query.first()
- if ref:
- d = dict(ref.value)
- d.update(value)
- setattr(ref, "value", d)
- return {ref.id: ref.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ query = session.query(PDP)
+ query = query.filter_by(id=pdp_id)
+ ref = query.first()
+ if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ ref.name = value["name"]
+ ref.keystone_project_id = value["keystone_project_id"]
+ d = dict(ref.value)
+ d.update(value_wo_name)
+ setattr(ref, "value", d)
+ return {ref.id: ref.to_dict()}
+ except sqlalchemy.exc.IntegrityError:
+ raise PdpExisting
def delete_pdp(self, pdp_id):
with self.get_session_for_write() as session:
@@ -339,13 +360,21 @@ class PDPConnector(BaseConnector, PDPDriver):
session.delete(ref)
def add_pdp(self, pdp_id=None, value=None):
- with self.get_session_for_write() as session:
- new = PDP.from_dict({
- "id": pdp_id if pdp_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ value_wo_name.pop("keystone_project_id", None)
+ new = PDP.from_dict({
+ "id": pdp_id if pdp_id else uuid4().hex,
+ "name": value["name"],
+ "keystone_project_id": value["keystone_project_id"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError:
+ raise PdpExisting
def get_pdp(self, pdp_id=None):
with self.get_session_for_read() as session:
@@ -364,8 +393,13 @@ class PolicyConnector(BaseConnector, PolicyDriver):
query = query.filter_by(id=policy_id)
ref = query.first()
if ref:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
+ ref.name = value["name"]
+ ref.model_id= value["model_id"]
d = dict(ref.value)
- d.update(value)
+ d.update(value_wo_other_info)
setattr(ref, "value", d)
return {ref.id: ref.to_dict()}
@@ -376,9 +410,14 @@ class PolicyConnector(BaseConnector, PolicyDriver):
def add_policy(self, policy_id=None, value=None):
with self.get_session_for_write() as session:
+ value_wo_other_info = copy.deepcopy(value)
+ value_wo_other_info.pop("name", None)
+ value_wo_other_info.pop("model_id", None)
new = Policy.from_dict({
"id": policy_id if policy_id else uuid4().hex,
- "value": value
+ "name": value["name"],
+ "model_id": value["model_id"],
+ "value": value_wo_other_info
})
session.add(new)
return {new.id: new.to_dict()}
@@ -412,21 +451,26 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return {_ref.id: _ref.to_return() for _ref in results}
return {_ref.id: _ref.to_return() for _ref in ref_list}
- def __set_perimeter(self, ClassType, policy_id, perimeter_id=None, value=None):
+ def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, value=None):
_perimeter = None
with self.get_session_for_write() as session:
if perimeter_id:
query = session.query(ClassType)
query = query.filter_by(id=perimeter_id)
_perimeter = query.first()
+ logger.info("+++++++++++++ {}".format(_perimeter))
if not _perimeter:
if "policy_list" not in value or type(value["policy_list"]) is not list:
value["policy_list"] = []
if policy_id and policy_id not in value["policy_list"]:
value["policy_list"] = [policy_id, ]
+
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name",None)
new = ClassType.from_dict({
- "id": perimeter_id if perimeter_id else uuid4().hex,
- "value": value
+ "id": uuid4().hex,
+ "name": value["name"],
+ "value": value_wo_name
})
session.add(new)
return {new.id: new.to_return()}
@@ -436,9 +480,19 @@ class PolicyConnector(BaseConnector, PolicyDriver):
_value["value"]["policy_list"] = []
if policy_id and policy_id not in _value["value"]["policy_list"]:
_value["value"]["policy_list"].append(policy_id)
- new_perimeter = ClassType.from_dict(_value)
- # setattr(_subject, "value", _value["value"])
- setattr(_perimeter, "value", getattr(new_perimeter, "value"))
+ logger.info("-------------_value- {}".format(_value))
+
+ name = _value["value"]["name"]
+ _value["value"].pop("name")
+ new_perimeter = ClassType.from_dict({
+ "id": _value["id"],
+ "name": name,
+ "value": _value["value"]
+ })
+ logger.info("-------------- new {}".format(new_perimeter))
+ logger.info("-------------- old {}".format(_perimeter))
+ _perimeter.value = new_perimeter.value
+ _perimeter.name = new_perimeter.name
return {_perimeter.id: _perimeter.to_return()}
def __delete_perimeter(self,ClassType, ClassUnknownException, policy_id, perimeter_id):
@@ -462,7 +516,10 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return self.__get_perimeters(Subject, policy_id, perimeter_id)
def set_subject(self, policy_id, perimeter_id=None, value=None):
- return self.__set_perimeter(Subject, policy_id, perimeter_id=perimeter_id, value=value)
+ try:
+ return self.__set_perimeter(Subject, SubjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise SubjectExisting
def delete_subject(self, policy_id, perimeter_id):
self.__delete_perimeter(Subject, SubjectUnknown, policy_id, perimeter_id)
@@ -471,7 +528,10 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return self.__get_perimeters(Object, policy_id, perimeter_id)
def set_object(self, policy_id, perimeter_id=None, value=None):
- return self.__set_perimeter(Object, policy_id, perimeter_id=perimeter_id, value=value)
+ try:
+ return self.__set_perimeter(Object, ObjectExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ObjectExisting
def delete_object(self, policy_id, perimeter_id):
self.__delete_perimeter(Object, ObjectUnknown, policy_id, perimeter_id)
@@ -480,7 +540,10 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return self.__get_perimeters(Action, policy_id, perimeter_id)
def set_action(self, policy_id, perimeter_id=None, value=None):
- return self.__set_perimeter(Action, policy_id, perimeter_id=perimeter_id, value=value)
+ try:
+ return self.__set_perimeter(Action, ActionExisting, policy_id, perimeter_id=perimeter_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ActionExisting
def delete_action(self, policy_id, perimeter_id):
self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id)
@@ -507,10 +570,13 @@ class PolicyConnector(BaseConnector, PolicyDriver):
query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
ref = query.first()
if not ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
new_ref = ClassTypeData.from_dict(
{
"id": data_id if data_id else uuid4().hex,
- 'value': value,
+ 'name': value["name"],
+ 'value': value_wo_name,
'category_id': category_id,
'policy_id': policy_id,
}
@@ -540,7 +606,10 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id)
def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
- return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ try:
+ return self.__set_perimeter_data(Subject, SubjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise SubjectScopeExisting
def delete_subject_data(self, policy_id, data_id):
return self.__delete_perimeter_data(SubjectData, policy_id, data_id)
@@ -549,7 +618,10 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id)
def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
- return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ try:
+ return self.__set_perimeter_data(Object, ObjectData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ObjectScopeExisting
def delete_object_data(self, policy_id, data_id):
return self.__delete_perimeter_data(ObjectData, policy_id, data_id)
@@ -558,7 +630,10 @@ class PolicyConnector(BaseConnector, PolicyDriver):
return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id)
def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
- return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ try:
+ return self.__set_perimeter_data(Action, ActionData, policy_id, data_id=data_id, category_id=category_id, value=value)
+ except sqlalchemy.exc.IntegrityError:
+ raise ActionScopeExisting
def delete_action_data(self, policy_id, data_id):
return self.__delete_perimeter_data(ActionData, policy_id, data_id)
@@ -587,6 +662,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise SubjectAssignmentExisting
else:
ref = SubjectAssignment.from_dict(
{
@@ -640,6 +717,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise ObjectAssignmentExisting
else:
ref = ObjectAssignment.from_dict(
{
@@ -693,6 +772,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if data_id not in assignments:
assignments.append(data_id)
setattr(ref, "assignments", assignments)
+ else:
+ raise ActionAssignmentExisting
else:
ref = ActionAssignment.from_dict(
{
@@ -746,13 +827,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
}
def add_rule(self, policy_id, meta_rule_id, value):
- with self.get_session_for_write() as session:
- query = session.query(Rule)
- query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id)
- ref_list = query.all()
- rules = list(map(lambda x: x.rule, ref_list))
- if not rules or value not in rules:
- logger.info("add_rule IN IF")
+ try:
+ with self.get_session_for_write() as session:
ref = Rule.from_dict(
{
"id": uuid4().hex,
@@ -763,7 +839,8 @@ class PolicyConnector(BaseConnector, PolicyDriver):
)
session.add(ref)
return {ref.id: ref.to_dict()}
- return {}
+ except sqlalchemy.exc.IntegrityError:
+ raise RuleExisting
def delete_rule(self, policy_id, rule_id):
with self.get_session_for_write() as session:
@@ -783,8 +860,11 @@ class ModelConnector(BaseConnector, ModelDriver):
query = query.filter_by(id=model_id)
ref = query.first()
if ref:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ setattr(ref, "name", value["name"])
d = dict(ref.value)
- d.update(value)
+ d.update(value_wo_name)
setattr(ref, "value", d)
return {ref.id: ref.to_dict()}
@@ -794,13 +874,19 @@ class ModelConnector(BaseConnector, ModelDriver):
session.delete(ref)
def add_model(self, model_id=None, value=None):
- with self.get_session_for_write() as session:
- new = Model.from_dict({
- "id": model_id if model_id else uuid4().hex,
- "value": value
- })
- session.add(new)
- return {new.id: new.to_dict()}
+ try:
+ with self.get_session_for_write() as session:
+ value_wo_name = copy.deepcopy(value)
+ value_wo_name.pop("name", None)
+ new = Model.from_dict({
+ "id": model_id if model_id else uuid4().hex,
+ "name": value["name"],
+ "value": value_wo_name
+ })
+ session.add(new)
+ return {new.id: new.to_dict()}
+ except sqlalchemy.exc.IntegrityError as e:
+ raise ModelExisting
def get_models(self, model_id=None):
with self.get_session_for_read() as session:
@@ -809,23 +895,41 @@ class ModelConnector(BaseConnector, ModelDriver):
ref_list = query.filter(Model.id == model_id)
else:
ref_list = query.all()
- return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+ r = {_ref.id: _ref.to_dict() for _ref in ref_list}
+ return r
def set_meta_rule(self, meta_rule_id, value):
with self.get_session_for_write() as session:
- query = session.query(MetaRule)
- query = query.filter_by(id=meta_rule_id)
- ref = query.first()
- if not ref:
- ref = MetaRule.from_dict(
- {
- "id": meta_rule_id if meta_rule_id else uuid4().hex,
- "value": value
- }
- )
- session.add(ref)
+ value_wo_other_data = copy.deepcopy(value)
+ value_wo_other_data.pop("name", None)
+ value_wo_other_data.pop("subject_categories", None)
+ value_wo_other_data.pop("object_categories", None)
+ value_wo_other_data.pop("action_categories", None)
+ if meta_rule_id is None:
+ try:
+ ref = MetaRule.from_dict(
+ {
+ "id": uuid4().hex,
+ "name": value["name"],
+ "subject_categories": value["subject_categories"],
+ "object_categories": value["object_categories"],
+ "action_categories": value["action_categories"],
+ "value": value_wo_other_data
+ }
+ )
+ session.add(ref)
+ except sqlalchemy.exc.IntegrityError as e:
+ raise MetaRuleExisting
else:
- setattr(ref, "value", value)
+ query = session.query(MetaRule)
+ query = query.filter_by(id=meta_rule_id)
+ ref = query.first()
+ setattr(ref, "name", value["name"])
+ setattr(ref, "subject_categories", value["subject_categories"])
+ setattr(ref, "object_categories", value["object_categories"])
+ setattr(ref, "action_categories", value["action_categories"])
+ setattr(ref, "value", value_wo_other_data)
return {ref.id: ref.to_dict()}
def get_meta_rules(self, meta_rule_id=None):
@@ -854,18 +958,14 @@ class ModelConnector(BaseConnector, ModelDriver):
def __add_perimeter_category(self, ClassType, name, description, uuid=None):
with self.get_session_for_write() as session:
- query = session.query(ClassType)
- query = query.filter_by(name=name)
- ref = query.first()
- if not ref:
- ref = ClassType.from_dict(
- {
- "id": uuid if uuid else uuid4().hex,
- "name": name,
- "description": description
- }
- )
- session.add(ref)
+ ref = ClassType.from_dict(
+ {
+ "id": uuid if uuid else uuid4().hex,
+ "name": name,
+ "description": description
+ }
+ )
+ session.add(ref)
return {ref.id: ref.to_dict()}
def __delete_perimeter_category(self, ClassType, category_id):
@@ -880,7 +980,10 @@ class ModelConnector(BaseConnector, ModelDriver):
return self.__get_perimeter_categories(SubjectCategory, category_id=category_id)
def add_subject_category(self, name, description, uuid=None):
- return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid)
+ try:
+ return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise SubjectCategoryExisting()
def delete_subject_category(self, category_id):
self.__delete_perimeter_category(SubjectCategory, category_id)
@@ -889,16 +992,23 @@ class ModelConnector(BaseConnector, ModelDriver):
return self.__get_perimeter_categories(ObjectCategory, category_id=category_id)
def add_object_category(self, name, description, uuid=None):
- return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid)
+ try:
+ return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise ObjectCategoryExisting()
def delete_object_category(self, category_id):
self.__delete_perimeter_category(ObjectCategory, category_id)
def get_action_categories(self, category_id=None):
+
return self.__get_perimeter_categories(ActionCategory, category_id=category_id)
def add_action_category(self, name, description, uuid=None):
- return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid)
+ try:
+ return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid)
+ except sql.exc.IntegrityError as e:
+ raise ActionCategoryExisting()
def delete_action_category(self, category_id):
self.__delete_perimeter_category(ActionCategory, category_id)
diff --git a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
index 2cc36140..f69d708d 100644
--- a/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
+++ b/python_moondb/python_moondb/migrate_repo/versions/001_moon.py
@@ -14,7 +14,10 @@ def upgrade(migrate_engine):
'pdp',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
table.create(migrate_engine, checkfirst=True)
@@ -23,7 +26,10 @@ def upgrade(migrate_engine):
'policies',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('model_id', sql.String(64), nullable=True, default=""),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
table.create(migrate_engine, checkfirst=True)
@@ -32,7 +38,9 @@ def upgrade(migrate_engine):
'models',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_models'),
mysql_engine='InnoDB',
mysql_charset='utf8')
table.create(migrate_engine, checkfirst=True)
@@ -43,6 +51,8 @@ def upgrade(migrate_engine):
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_subject_categories'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subject_categories_table.create(migrate_engine, checkfirst=True)
@@ -53,6 +63,8 @@ def upgrade(migrate_engine):
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_object_categories'),
mysql_engine='InnoDB',
mysql_charset='utf8')
object_categories_table.create(migrate_engine, checkfirst=True)
@@ -63,6 +75,8 @@ def upgrade(migrate_engine):
sql.Column('id', sql.String(64), primary_key=True),
sql.Column('name', sql.String(256), nullable=False),
sql.Column('description', sql.String(256), nullable=True),
+
+ sql.UniqueConstraint('name', name='unique_constraint_action_categories'),
mysql_engine='InnoDB',
mysql_charset='utf8')
action_categories_table.create(migrate_engine, checkfirst=True)
@@ -71,7 +85,9 @@ def upgrade(migrate_engine):
'subjects',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_subjects'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subjects_table.create(migrate_engine, checkfirst=True)
@@ -80,7 +96,9 @@ def upgrade(migrate_engine):
'objects',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_objects'),
mysql_engine='InnoDB',
mysql_charset='utf8')
objects_table.create(migrate_engine, checkfirst=True)
@@ -89,7 +107,9 @@ def upgrade(migrate_engine):
'actions',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_actions'),
mysql_engine='InnoDB',
mysql_charset='utf8')
actions_table.create(migrate_engine, checkfirst=True)
@@ -98,9 +118,11 @@ def upgrade(migrate_engine):
'subject_data',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_subject_data'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subject_data_table.create(migrate_engine, checkfirst=True)
@@ -109,9 +131,11 @@ def upgrade(migrate_engine):
'object_data',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_object_data'),
mysql_engine='InnoDB',
mysql_charset='utf8')
object_data_table.create(migrate_engine, checkfirst=True)
@@ -120,9 +144,11 @@ def upgrade(migrate_engine):
'action_data',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+ sql.UniqueConstraint('name', 'category_id', 'policy_id', name='unique_constraint_action_data'),
mysql_engine='InnoDB',
mysql_charset='utf8')
action_data_table.create(migrate_engine, checkfirst=True)
@@ -135,6 +161,7 @@ def upgrade(migrate_engine):
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'subject_id', 'category_id', name='unique_constraint_subject_assignment'),
mysql_engine='InnoDB',
mysql_charset='utf8')
subject_assignments_table.create(migrate_engine, checkfirst=True)
@@ -147,6 +174,7 @@ def upgrade(migrate_engine):
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'object_id', 'category_id', name='unique_constraint_object_assignment'),
mysql_engine='InnoDB',
mysql_charset='utf8')
object_assignments_table.create(migrate_engine, checkfirst=True)
@@ -159,6 +187,7 @@ def upgrade(migrate_engine):
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False),
sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
+ sql.UniqueConstraint('policy_id', 'action_id', 'category_id', name='unique_constraint_action_assignment'),
mysql_engine='InnoDB',
mysql_charset='utf8')
action_assignments_table.create(migrate_engine, checkfirst=True)
@@ -167,7 +196,13 @@ def upgrade(migrate_engine):
'meta_rules',
meta,
sql.Column('id', sql.String(64), primary_key=True),
+ sql.Column('name', sql.String(256), nullable=False),
+ sql.Column('subject_categories', sql.Text(), nullable=False),
+ sql.Column('object_categories', sql.Text(), nullable=False),
+ sql.Column('action_categories', sql.Text(), nullable=False),
sql.Column('value', sql.Text(), nullable=True),
+ sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'),
+ sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'),
mysql_engine='InnoDB',
mysql_charset='utf8')
meta_rules_table.create(migrate_engine, checkfirst=True)
@@ -179,6 +214,7 @@ def upgrade(migrate_engine):
sql.Column('rule', sql.Text(), nullable=True),
sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False),
+ sql.UniqueConstraint('rule', 'policy_id', 'meta_rule_id', name='unique_constraint_rule'),
mysql_engine='InnoDB',
mysql_charset='utf8')
rules_table.create(migrate_engine, checkfirst=True)
diff --git a/python_moondb/tests/unit_python/models/test_categories.py b/python_moondb/tests/unit_python/models/test_categories.py
new file mode 100644
index 00000000..111538b4
--- /dev/null
+++ b/python_moondb/tests/unit_python/models/test_categories.py
@@ -0,0 +1,44 @@
+import pytest
+import logging
+from python_moonutilities.exceptions import *
+
+logger = logging.getLogger("moon.db.tests.models.test_categories")
+
+
+def add_subject_category(cat_id=None, value=None):
+ from python_moondb.core import ModelManager
+ category = ModelManager.add_subject_category(user_id=None, category_id=cat_id, value=value)
+ return category
+
+
+def test_add_subject_category_twice():
+ category = add_subject_category(value={"name":"category name", "description":"description 1"})
+ assert category is not None
+ with pytest.raises(SubjectCategoryExisting):
+ add_subject_category(value={"name":"category name", "description":"description 2"})
+
+
+def add_object_category(cat_id=None, value=None):
+ from python_moondb.core import ModelManager
+ category = ModelManager.add_object_category(user_id=None, category_id=cat_id, value=value)
+ return category
+
+
+def test_add_object_category_twice():
+ category = add_object_category(value={"name":"category name", "description":"description 1"})
+ assert category is not None
+ with pytest.raises(ObjectCategoryExisting):
+ add_object_category(value={"name":"category name", "description":"description 2"})
+
+
+def add_action_category(cat_id=None, value=None):
+ from python_moondb.core import ModelManager
+ category = ModelManager.add_action_category(user_id=None, category_id=cat_id, value=value)
+ return category
+
+
+def test_add_action_category_twice():
+ category = add_action_category(value={"name":"category name", "description":"description 1"})
+ assert category is not None
+ with pytest.raises(ActionCategoryExisting):
+ add_action_category(value={"name":"category name", "description":"description 2"})
diff --git a/python_moondb/tests/unit_python/models/test_meta_rules.py b/python_moondb/tests/unit_python/models/test_meta_rules.py
index d8b61365..585274d9 100644
--- a/python_moondb/tests/unit_python/models/test_meta_rules.py
+++ b/python_moondb/tests/unit_python/models/test_meta_rules.py
@@ -127,7 +127,6 @@ def test_get_meta_rule_success(db):
def test_get_specific_meta_rule_success(db):
# arrange
- add_meta_rule()
added_meta_rules = add_meta_rule()
added_meta_rule_id = list(added_meta_rules.keys())[0]
# action
diff --git a/python_moondb/tests/unit_python/models/test_models.py b/python_moondb/tests/unit_python/models/test_models.py
index e56fea6b..54c45e77 100644
--- a/python_moondb/tests/unit_python/models/test_models.py
+++ b/python_moondb/tests/unit_python/models/test_models.py
@@ -1,5 +1,7 @@
import pytest
-
+from python_moonutilities.exceptions import *
+import logging
+logger = logging.getLogger("moon.db.tests.test_model")
def get_models(model_id=None):
from python_moondb.core import ModelManager
@@ -9,8 +11,9 @@ def get_models(model_id=None):
def add_model(model_id=None, value=None):
from python_moondb.core import ModelManager
if not value:
+ name = "MLS" if model_id is None else "MLS " + model_id
value = {
- "name": "MLS",
+ "name": name,
"description": "test",
"meta_rules": "meta_rule_mls_1"
}
@@ -27,6 +30,14 @@ def delete_models(uuid=None, name=None):
ModelManager.delete_model(user_id=None, model_id=uuid)
+def delete_all_models():
+ from python_moondb.core import ModelManager
+ models_values = get_models()
+ print(models_values)
+ for model_id, model_value in models_values.items():
+ ModelManager.delete_model(user_id=None, model_id=model_id)
+
+
def update_model(model_id=None, value=None):
from python_moondb.core import ModelManager
return ModelManager.update_model(user_id=None, model_id=model_id, value=value)
@@ -49,7 +60,7 @@ def test_get_model(db):
assert isinstance(models, dict)
assert models # assert model is not empty
assert len(models) is 1
-
+ delete_all_models()
def test_get_specific_model(db):
# prepare
@@ -61,7 +72,7 @@ def test_get_specific_model(db):
assert isinstance(models, dict)
assert models # assert model is not empty
assert len(models) is 1
-
+ delete_all_models()
def test_add_model(db):
# act
@@ -70,15 +81,17 @@ def test_add_model(db):
assert isinstance(model, dict)
assert model # assert model is not empty
assert len(model) is 1
+ delete_all_models()
def test_add_same_model_twice(db):
# prepare
add_model(model_id="model_1") # add model twice
# act
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(ModelExisting) as exception_info:
add_model(model_id="model_1")
- assert str(exception_info.value) == '409: Model Error'
+ delete_all_models()
+ #assert str(exception_info.value) == '409: Model Error'
def test_add_model_generate_new_uuid(db):
@@ -97,6 +110,7 @@ def test_add_model_generate_new_uuid(db):
model2 = add_model(value=model_value2)
assert list(model1)[0] != list(model2)[0]
+ delete_all_models()
def test_add_models(db):
@@ -113,6 +127,7 @@ def test_add_models(db):
for key in ("name", "meta_rules", "description"):
assert key in models[model_id]
assert models[model_id][key] == model_value1[key]
+ delete_all_models()
def test_delete_models(db):
@@ -135,6 +150,7 @@ def test_delete_models(db):
# assert
models = get_models()
assert id not in models
+ delete_all_models()
def test_update_model(db):
@@ -147,7 +163,7 @@ def test_update_model(db):
model = add_model(value=model_value)
model_id = list(model)[0]
new_model_value = {
- "name": "MLS",
+ "name": "MLS2",
"description": "test",
"meta_rules": "meta_rule_mls_2"
}
@@ -158,4 +174,5 @@ def test_update_model(db):
for key in ("name", "meta_rules", "description"):
assert key in model[model_id]
- assert model[model_id][key] == new_model_value[key] \ No newline at end of file
+ assert model[model_id][key] == new_model_value[key]
+ delete_all_models() \ No newline at end of file
diff --git a/python_moondb/tests/unit_python/policies/mock_data.py b/python_moondb/tests/unit_python/policies/mock_data.py
index 23eeef64..3e9bea93 100644
--- a/python_moondb/tests/unit_python/policies/mock_data.py
+++ b/python_moondb/tests/unit_python/policies/mock_data.py
@@ -1,18 +1,18 @@
-def create_meta_rule():
+def create_meta_rule(meta_rule_name="meta_rule1", category_prefix=""):
meta_rule_value = {
- "name": "meta_rule1",
+ "name": meta_rule_name,
"algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
+ "subject_categories": [category_prefix + "subject_category_id1",
+ category_prefix + "subject_category_id2"],
+ "object_categories": [category_prefix +"object_category_id1"],
+ "action_categories": [category_prefix +"action_category_id1"]
}
return meta_rule_value
-def create_model(meta_rule_id):
+def create_model(meta_rule_id, model_name="test_model"):
value = {
- "name": "test_model",
+ "name": model_name,
"description": "test",
"meta_rules": [meta_rule_id]
@@ -20,9 +20,9 @@ def create_model(meta_rule_id):
return value
-def create_policy(model_id):
+def create_policy(model_id, policy_name="policy_1"):
value = {
- "name": "policy_1",
+ "name": policy_name,
"model_id": model_id,
"genre": "authz",
"description": "test",
@@ -40,15 +40,15 @@ def create_pdp(pdp_ids):
return value
-def get_policy_id():
+def get_policy_id(model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1", category_prefix=""):
import policies.test_policies as test_policies
import models.test_models as test_models
import models.test_meta_rules as test_meta_rules
- meta_rule = test_meta_rules.add_meta_rule(value=create_meta_rule())
+ meta_rule = test_meta_rules.add_meta_rule(value=create_meta_rule(meta_rule_name, category_prefix))
meta_rule_id = list(meta_rule.keys())[0]
- model = test_models.add_model(value=create_model(meta_rule_id))
+ model = test_models.add_model(value=create_model(meta_rule_id, model_name))
model_id = list(model.keys())[0]
- value = create_policy(model_id)
+ value = create_policy(model_id, policy_name)
policy = test_policies.add_policies(value=value)
assert policy
policy_id = list(policy.keys())[0]
diff --git a/python_moondb/tests/unit_python/policies/test_assignments.py b/python_moondb/tests/unit_python/policies/test_assignments.py
index 707632b0..1ca140e6 100755
--- a/python_moondb/tests/unit_python/policies/test_assignments.py
+++ b/python_moondb/tests/unit_python/policies/test_assignments.py
@@ -1,5 +1,6 @@
import policies.mock_data as mock_data
-
+from python_moonutilities.exceptions import *
+import pytest
def get_action_assignments(policy_id, action_id=None, category_id=None):
from python_moondb.core import PolicyManager
@@ -93,11 +94,13 @@ def test_add_action_assignments(db):
assert len(action_assignments[action_id_1].get("assignments")) == 1
assert data_id in action_assignments[action_id_1].get("assignments")
+ with pytest.raises(ActionAssignmentExisting) as exception_info:
+ add_action_assignment(policy_id, action_id, category_id, data_id)
def test_delete_action_assignment(db):
policy_id = mock_data.get_policy_id()
add_action_assignment(policy_id, "", "", "")
- policy_id = mock_data.get_policy_id()
+ policy_id = mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_")
action_id = "action_id_2"
category_id = "category_id_2"
data_id = "data_id_2"
@@ -161,6 +164,9 @@ def test_add_object_assignments(db):
assert len(object_assignments[object_id_1].get("assignments")) == 1
assert data_id in object_assignments[object_id_1].get("assignments")
+ with pytest.raises(ObjectAssignmentExisting):
+ add_object_assignment(policy_id, object_id, category_id, data_id)
+
def test_delete_object_assignment(db):
policy_id = mock_data.get_policy_id()
@@ -228,6 +234,9 @@ def test_add_subject_assignments(db):
assert len(subject_assignments[subject_id_1].get("assignments")) == 1
assert data_id in subject_assignments[subject_id_1].get("assignments")
+ with pytest.raises(SubjectAssignmentExisting):
+ add_subject_assignment(policy_id, subject_id, category_id, data_id)
+
def test_delete_subject_assignment(db):
policy_id = mock_data.get_policy_id()
diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py
index 67fa44fb..6a57130e 100755
--- a/python_moondb/tests/unit_python/policies/test_data.py
+++ b/python_moondb/tests/unit_python/policies/test_data.py
@@ -1,5 +1,9 @@
import policies.mock_data as mock_data
import pytest
+import logging
+from python_moonutilities.exceptions import *
+
+logger = logging.getLogger("python_moondb.tests.api.test_data")
def get_action_data(policy_id, data_id=None, category_id=None):
@@ -142,6 +146,9 @@ def test_add_action_data(db):
action_data_id = list(action_data.keys())[0]
assert action_data[action_data_id].get('policy_id') == policy_id
+ with pytest.raises(ActionScopeExisting) as exception_info:
+ add_action_data(policy_id, category_id=category_id, value=value).get('data')
+
def test_add_action_data_with_invalid_category_id(db):
policy_id = mock_data.get_policy_id()
@@ -214,6 +221,9 @@ def test_add_object_data(db):
object_data_id = list(object_data.keys())[0]
assert object_data[object_data_id].get('policy_id') == policy_id
+ with pytest.raises(ObjectScopeExisting) as exception_info:
+ add_object_data(policy_id, category_id=category_id, value=value).get('data')
+
def test_add_object_data_with_invalid_category_id(db):
policy_id = mock_data.get_policy_id()
@@ -285,6 +295,8 @@ def test_add_subject_data(db):
assert subject_data
subject_data_id = list(subject_data.keys())[0]
assert subject_data[subject_data_id].get('policy_id') == policy_id
+ with pytest.raises(SubjectScopeExisting):
+ add_subject_data(policy_id, category_id=category_id, value=value).get('data')
def test_add_subject_data_with_no_category_id(db):
@@ -340,6 +352,9 @@ def test_add_action(db):
action_id = list(action.keys())[0]
assert len(action[action_id].get('policy_list')) == 1
+ with pytest.raises(ActionExisting):
+ add_action(policy_id=policy_id, value=value)
+
def test_add_action_multiple_times(db):
policy_id = mock_data.get_policy_id()
@@ -348,6 +363,7 @@ def test_add_action_multiple_times(db):
"description": "test",
}
action = add_action(policy_id=policy_id, value=value)
+ logger.info("action : {}".format(action))
action_id = list(action.keys())[0]
perimeter_id = action[action_id].get('id')
assert action
@@ -356,7 +372,8 @@ def test_add_action_multiple_times(db):
"description": "test",
"policy_list": ['policy_id_3', 'policy_id_4']
}
- action = add_action(mock_data.get_policy_id(), perimeter_id, value)
+ action = add_action(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value)
+ logger.info("action : {}".format(action))
assert action
action_id = list(action.keys())[0]
assert len(action[action_id].get('policy_list')) == 2
@@ -408,6 +425,9 @@ def test_add_object(db):
object_id = list(added_object.keys())[0]
assert len(added_object[object_id].get('policy_list')) == 1
+ with pytest.raises(ObjectExisting):
+ add_object(policy_id=policy_id, value=value)
+
def test_add_objects_multiple_times(db):
policy_id = mock_data.get_policy_id()
@@ -424,7 +444,7 @@ def test_add_objects_multiple_times(db):
"description": "test",
"policy_list": ['policy_id_3', 'policy_id_4']
}
- added_object = add_object(mock_data.get_policy_id(), perimeter_id, value)
+ added_object = add_object(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value)
assert added_object
object_id = list(added_object.keys())[0]
assert len(added_object[object_id].get('policy_list')) == 2
@@ -476,6 +496,9 @@ def test_add_subject(db):
subject_id = list(subject.keys())[0]
assert len(subject[subject_id].get('policy_list')) == 1
+ with pytest.raises(SubjectExisting):
+ add_subject(policy_id=policy_id, value=value)
+
def test_add_subjects_multiple_times(db):
policy_id = mock_data.get_policy_id()
@@ -492,7 +515,7 @@ def test_add_subjects_multiple_times(db):
"description": "test",
"policy_list": ['policy_id_3', 'policy_id_4']
}
- subject = add_subject(mock_data.get_policy_id(), perimeter_id, value)
+ subject = add_subject(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value)
assert subject
subject_id = list(subject.keys())[0]
assert len(subject[subject_id].get('policy_list')) == 2
diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py
index 148034ef..f81f0d39 100755
--- a/python_moondb/tests/unit_python/policies/test_policies.py
+++ b/python_moondb/tests/unit_python/policies/test_policies.py
@@ -5,7 +5,7 @@
import pytest
import policies.mock_data as mock_data
-
+from python_moonutilities.exceptions import *
def get_policies():
from python_moondb.core import PolicyManager
@@ -97,9 +97,9 @@ def test_add_policies_twice_with_same_id(db):
"description": "test",
}
add_policies(policy_id, value)
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(PolicyExisting) as exception_info:
add_policies(policy_id, value)
- assert str(exception_info.value) == '409: Policy Error'
+ #assert str(exception_info.value) == '409: Policy Error'
def test_delete_policies(db):
@@ -127,9 +127,9 @@ def test_delete_policies(db):
def test_delete_policies_with_invalid_id(db):
policy_id = 'policy_id_1'
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(PolicyUnknown) as exception_info:
delete_policies(policy_id)
- assert str(exception_info.value) == '400: Policy Unknown'
+ #assert str(exception_info.value) == '400: Policy Unknown'
def test_update_policy(db):
@@ -156,9 +156,9 @@ def test_update_policy_with_invalid_id(db):
"genre": "authz",
"description": "test-3",
}
- with pytest.raises(Exception) as exception_info:
+ with pytest.raises(PolicyUnknown) as exception_info:
update_policy(policy_id, value)
- assert str(exception_info.value) == '400: Policy Unknown'
+ #assert str(exception_info.value) == '400: Policy Unknown'
def test_get_policy_from_meta_rules(db):
@@ -271,6 +271,9 @@ def test_add_rule(db):
assert key in rules[rule_id]
assert rules[rule_id][key] == value[key]
+ with pytest.raises(RuleExisting):
+ add_rule(policy_id, meta_rule_id, value)
+
def test_delete_rule(db):
value = {
diff --git a/python_moonutilities/Changelog b/python_moonutilities/Changelog
index 4c08f10c..e6ab2f6e 100644
--- a/python_moonutilities/Changelog
+++ b/python_moonutilities/Changelog
@@ -85,4 +85,8 @@ CHANGES
1.4.7
-----
-- Delete the auth.py file to remove some code duplication \ No newline at end of file
+- Delete the auth.py file to remove some code duplication
+
+1.4.8
+-----
+- Add SubjectScopeExisting, ObjectScopeExisting, ActionScopeExisting exceptions \ No newline at end of file
diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py
index 43f8645f..cabb4c52 100644
--- a/python_moonutilities/python_moonutilities/__init__.py
+++ b/python_moonutilities/python_moonutilities/__init__.py
@@ -3,6 +3,6 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.4.7"
+__version__ = "1.4.8"
diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py
index f3763428..f1dcd31e 100644
--- a/python_moonutilities/python_moonutilities/exceptions.py
+++ b/python_moonutilities/python_moonutilities/exceptions.py
@@ -282,6 +282,26 @@ class ActionUnknown(AdminPerimeter):
logger = "ERROR"
+class SubjectExisting(AdminPerimeter):
+ description = _("The given subject is existing.")
+ code = 409
+ title = 'Subject Existing'
+ logger = "ERROR"
+
+
+class ObjectExisting(AdminPerimeter):
+ description = _("The given object is existing.")
+ code = 409
+ title = 'Object Existing'
+ logger = "ERROR"
+
+
+class ActionExisting(AdminPerimeter):
+ description = _("The given action is existing.")
+ code = 409
+ title = 'Action Existing'
+ logger = "ERROR"
+
class SubjectNameExisting(AdminPerimeter):
description = _("The given subject name is existing.")
code = 400
@@ -338,6 +358,27 @@ class ActionScopeUnknown(AdminScope):
logger = "ERROR"
+class SubjectScopeExisting(AdminScope):
+ description = _("The given subject scope is existing.")
+ code = 409
+ title = 'Subject Scope Existing'
+ logger = "ERROR"
+
+
+class ObjectScopeExisting(AdminScope):
+ description = _("The given object scope is existing.")
+ code = 409
+ title = 'Object Scope Existing'
+ logger = "ERROR"
+
+
+class ActionScopeExisting(AdminScope):
+ description = _("The given action scope is existing.")
+ code = 409
+ title = 'Action Scope Existing'
+ logger = "ERROR"
+
+
class SubjectScopeNameExisting(AdminScope):
description = _("The given subject scope name is existing.")
code = 400
diff --git a/tools/moon_kubernetes/init_k8s_moon.sh b/tools/moon_kubernetes/init_k8s_moon.sh
index 00c1b443..0617de86 100644
--- a/tools/moon_kubernetes/init_k8s_moon.sh
+++ b/tools/moon_kubernetes/init_k8s_moon.sh
@@ -108,7 +108,7 @@ function wait_for_moon_forming() {
function wait_for_moon_manager() {
echo "Waiting for moon (manager) ..."
kube_namespace="moon"
- declare -a kube_pods=("manager # 3")
+ declare -a kube_pods=("manager # 1")
check_pods_running "$kube_namespace" "${kube_pods[@]}"
}