diff options
32 files changed, 923 insertions, 185 deletions
diff --git a/moon_gui/package.json b/moon_gui/package.json index 599452e4..45157e5e 100644 --- a/moon_gui/package.json +++ b/moon_gui/package.json @@ -50,5 +50,5 @@ "scripts": { "test": "echo \"Error: no test specified\" && exit 1" }, - "license": "ISC" + "license": "Apache-2.0" } diff --git a/moon_manager/moon_manager/api/assignments.py b/moon_manager/moon_manager/api/assignments.py index 2ff9e218..a1d10ccb 100644 --- a/moon_manager/moon_manager/api/assignments.py +++ b/moon_manager/moon_manager/api/assignments.py @@ -34,14 +34,14 @@ class SubjectAssignments(Resource): @validate_input("get", kwargs_state=[True, False, False,False,False]) @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, + def get(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all subject assignments or a specific one for a given policy :param uuid: uuid of the policy :param perimeter_id: uuid of the subject :param category_id: uuid of the subject category - :param data_id: uuid of the subject scope + :param data_id: uuid of the subject scope (not used here) :param user_id: user ID who do the request :return: { "subject_data_id": { @@ -65,7 +65,7 @@ class SubjectAssignments(Resource): @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, + def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create a subject assignment. @@ -75,15 +75,15 @@ class SubjectAssignments(Resource): :param data_id: uuid of the subject scope (not used here) :param user_id: user ID who do the request :request body: { - "id": "UUID of the subject", - "category_id": "UUID of the category" - "data_id": "UUID of the scope" + "id": "UUID of the subject (mandatory)", + "category_id": "UUID of the category (mandatory)" + "data_id": "UUID of the scope (mandatory)" } :return: { "subject_data_id": { "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", + "subject_id": "ID of the subject (mandatory)", + "category_id": "ID of the category (mandatory)", "assignments": "Assignments list (list of data_id)", } } @@ -105,7 +105,7 @@ class SubjectAssignments(Resource): @validate_input("delete", kwargs_state=[True, True, True, True, False]) @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, + def delete(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a subject assignment for a given policy @@ -147,14 +147,14 @@ class ObjectAssignments(Resource): @validate_input("get", kwargs_state=[True, False, False,False,False]) @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, + def get(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all object assignment or a specific one for a given policy :param uuid: uuid of the policy :param perimeter_id: uuid of the object :param category_id: uuid of the object category - :param data_id: uuid of the object scope + :param data_id: uuid of the object scope (not used here) :param user_id: user ID who do the request :return: { "object_data_id": { @@ -178,7 +178,7 @@ class ObjectAssignments(Resource): @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, + def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create an object assignment. @@ -188,9 +188,9 @@ class ObjectAssignments(Resource): :param data_id: uuid of the object scope (not used here) :param user_id: user ID who do the request :request body: { - "id": "UUID of the action", - "category_id": "UUID of the category" - "data_id": "UUID of the scope" + "id": "UUID of the action (mandatory)", + "category_id": "UUID of the category (mandatory)", + "data_id": "UUID of the scope (mandatory)" } :return: { "object_data_id": { @@ -218,7 +218,7 @@ class ObjectAssignments(Resource): @validate_input("delete", kwargs_state=[True, True, True, True, False]) @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, + def delete(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a object assignment for a given policy @@ -260,7 +260,7 @@ class ActionAssignments(Resource): @validate_input("get", kwargs_state=[True, False, False,False,False]) @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, + def get(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Retrieve all action assignment or a specific one for a given policy @@ -291,7 +291,7 @@ class ActionAssignments(Resource): @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, + def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Create an action assignment. @@ -301,9 +301,9 @@ class ActionAssignments(Resource): :param data_id: uuid of the action scope (not used here) :param user_id: user ID who do the request :request body: { - "id": "UUID of the action", - "category_id": "UUID of the category", - "data_id": "UUID of the scope" + "id": "UUID of the action (mandatory)", + "category_id": "UUID of the category (mandatory)", + "data_id": "UUID of the scope (mandatory)" } :return: { "action_data_id": { @@ -331,7 +331,7 @@ class ActionAssignments(Resource): @validate_input("delete", kwargs_state=[True, True, True, True, False]) @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, + def delete(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): """Delete a action assignment for a given policy diff --git a/moon_manager/moon_manager/api/data.py b/moon_manager/moon_manager/api/data.py index 2bf8d530..4b22f9dc 100644 --- a/moon_manager/moon_manager/api/data.py +++ b/moon_manager/moon_manager/api/data.py @@ -34,8 +34,8 @@ class SubjectData(Resource): @validate_input("get", kwargs_state=[True, False, False, False]) @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all subject categories or a specific one if sid is given + def get(self, uuid, category_id=None, data_id=None, user_id=None): + """Retrieve all subject categories or a specific one if data_id is given for a given policy :param uuid: uuid of the policy @@ -67,15 +67,15 @@ class SubjectData(Resource): @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a subject. :param uuid: uuid of the policy :param category_id: uuid of the subject category - :param data_id: uuid of the subject data + :param data_id: uuid of the subject data (not used here) :param user_id: user ID who do the request :request body: { - "name": "name of the data", + "name": "name of the data (mandatory)", "description": "description of the data (optional)" } :return: { @@ -83,7 +83,7 @@ class SubjectData(Resource): "category_id": "category_id1", "data": { "subject_data_id": { - "name": "name of the data", + "name": "name of the data (mandatory)", "description": "description of the data (optional)" } } @@ -103,7 +103,7 @@ class SubjectData(Resource): @validate_input("delete", kwargs_state=[True, False, False, False]) @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + def delete(self, uuid, category_id=None, data_id=None, user_id=None): """Delete a subject for a given policy :param uuid: uuid of the policy @@ -142,7 +142,7 @@ class ObjectData(Resource): @validate_input("get", kwargs_state=[True, False, False, False]) @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): + def get(self, uuid, category_id=None, data_id=None, user_id=None): """Retrieve all object categories or a specific one if sid is given for a given policy @@ -175,15 +175,15 @@ class ObjectData(Resource): @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a object. :param uuid: uuid of the policy :param category_id: uuid of the object category - :param data_id: uuid of the object data + :param data_id: uuid of the object data (not used here) :param user_id: user ID who do the request :request body: { - "name": "name of the data", + "name": "name of the data (mandatory)", "description": "description of the data (optional)" } :return: { @@ -211,7 +211,7 @@ class ObjectData(Resource): @validate_input("delete", kwargs_state=[True, False, False, False]) @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + def delete(self, uuid, category_id=None, data_id=None, user_id=None): """Delete a object for a given policy :param uuid: uuid of the policy @@ -250,7 +250,7 @@ class ActionData(Resource): @validate_input("get", kwargs_state=[True, False, False, False]) @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): + def get(self, uuid, category_id=None, data_id=None, user_id=None): """Retrieve all action categories or a specific one if sid is given for a given policy @@ -283,7 +283,7 @@ class ActionData(Resource): @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a action. :param uuid: uuid of the policy @@ -291,8 +291,8 @@ class ActionData(Resource): :param data_id: uuid of the action data :param user_id: user ID who do the request :request body: { - "name": "name of the data", - "description": "description of the data" + "name": "name of the data (mandatory)", + "description": "description of the data (optional)" } :return: { "policy_id": "policy_id1", @@ -319,7 +319,7 @@ class ActionData(Resource): @validate_input("delete", kwargs_state=[True, False, False, False]) @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + def delete(self, uuid, category_id=None, data_id=None, user_id=None): """Delete a action for a given policy :param uuid: uuid of the policy diff --git a/moon_manager/moon_manager/api/meta_data.py b/moon_manager/moon_manager/api/meta_data.py index ab5702e4..f3b22d29 100644 --- a/moon_manager/moon_manager/api/meta_data.py +++ b/moon_manager/moon_manager/api/meta_data.py @@ -62,7 +62,7 @@ class SubjectCategories(Resource): :param category_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the category", + "name": "name of the category (mandatory)", "description": "description of the category (optional)" } :return: { @@ -148,7 +148,7 @@ class ObjectCategories(Resource): :param category_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the category", + "name": "name of the category (mandatory)", "description": "description of the category (optional)" } :return: { @@ -234,7 +234,7 @@ class ActionCategories(Resource): :param category_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the category", + "name": "name of the category (mandatory)", "description": "description of the category (optional)" } :return: { diff --git a/moon_manager/moon_manager/api/meta_rules.py b/moon_manager/moon_manager/api/meta_rules.py index 7bec2ddf..afc11eba 100644 --- a/moon_manager/moon_manager/api/meta_rules.py +++ b/moon_manager/moon_manager/api/meta_rules.py @@ -65,14 +65,14 @@ class MetaRules(Resource): def post(self, meta_rule_id=None, user_id=None): """Add a meta rule - :param meta_rule_id: Meta rule ID + :param meta_rule_id: Meta rule ID (not used here) :param user_id: user ID who do the request :request body: post = { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", + "name": "name of the meta rule (mandatory)", + "subject_categories": ["subject_category_id1 (mandatory)", "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] + "object_categories": ["object_category_id1 (mandatory)"], + "action_categories": ["action_category_id1 (mandatory)"] } :return: { "meta_rules": { @@ -98,7 +98,7 @@ class MetaRules(Resource): @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, True]) @check_auth - def patch(self, meta_rule_id=None, user_id=None): + def patch(self, meta_rule_id, user_id=None): """Update a meta rule :param meta_rule_id: Meta rule ID @@ -134,18 +134,11 @@ class MetaRules(Resource): @validate_input("delete", kwargs_state=[True, False]) @check_auth - def delete(self, meta_rule_id=None, user_id=None): + def delete(self, meta_rule_id, user_id=None): """Delete a meta rule :param meta_rule_id: Meta rule ID :param user_id: user ID who do the request - :request body: delete = { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } :return: { "meta_rules": { "meta_rule_id1": { diff --git a/moon_manager/moon_manager/api/models.py b/moon_manager/moon_manager/api/models.py index 37e96e47..440a4d2b 100644 --- a/moon_manager/moon_manager/api/models.py +++ b/moon_manager/moon_manager/api/models.py @@ -62,14 +62,14 @@ class Models(Resource): :param uuid: uuid of the model (not used here) :param user_id: user ID who do the request :request body: { - "name": "...", - "description": "... (optional)", + "name": "name of the model (mandatory)", + "description": "description of the model (optional)", "meta_rules": ["meta_rule_id1", ] } :return: { "model_id1": { - "name": "...", - "description": "... (optional)", + "name": "name of the model", + "description": "description of the model (optional)", "meta_rules": ["meta_rule_id1", ] } } @@ -86,7 +86,7 @@ class Models(Resource): @validate_input("delete", kwargs_state=[True, False]) @check_auth - def delete(self, uuid=None, user_id=None): + def delete(self, uuid, user_id=None): """Delete a model :param uuid: uuid of the model to delete @@ -107,14 +107,14 @@ class Models(Resource): @validate_input("patch", kwargs_state=[True, False], body_state=[True, False, True]) @check_auth - def patch(self, uuid=None, user_id=None): + def patch(self, uuid, user_id=None): """Update a model :param uuid: uuid of the model to update :param user_id: user ID who do the request :return: { "model_id1": { - "name": "...", + "name": "name of the model", "description": "... (optional)", "meta_rules": ["meta_rule_id1", ] } diff --git a/moon_manager/moon_manager/api/pdp.py b/moon_manager/moon_manager/api/pdp.py index 5ffd2ab0..fd20c85f 100644 --- a/moon_manager/moon_manager/api/pdp.py +++ b/moon_manager/moon_manager/api/pdp.py @@ -130,10 +130,10 @@ class PDP(Resource): :param uuid: uuid of the pdp (not used here) :param user_id: user ID who do the request :request body: { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "... (optional)", + "name": "name of the PDP (mandatory)", + "security_pipeline": ["may be empty"], + "keystone_project_id": "keystone_project_id1 (may be empty)", + "description": "description of the PDP (optional)", } :return: { "pdp_id1": { @@ -166,7 +166,7 @@ class PDP(Resource): @validate_input("delete", kwargs_state=[True, False]) @check_auth - def delete(self, uuid=None, user_id=None): + def delete(self, uuid, user_id=None): """Delete a pdp :param uuid: uuid of the pdp to delete @@ -188,17 +188,17 @@ class PDP(Resource): @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, False]) @check_auth - def patch(self, uuid=None, user_id=None): + def patch(self, uuid, user_id=None): """Update a pdp :param uuid: uuid of the pdp to update :param user_id: user ID who do the request :return: { "pdp_id1": { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "... (optional)", + "name": "name of the PDP", + "security_pipeline": ["may be empty"], + "keystone_project_id": "keystone_project_id1 (may be empty)", + "description": "description of the PDP (optional)", } } :internal_api: update_pdp diff --git a/moon_manager/moon_manager/api/perimeter.py b/moon_manager/moon_manager/api/perimeter.py index 15f0dac3..014aa4b9 100644 --- a/moon_manager/moon_manager/api/perimeter.py +++ b/moon_manager/moon_manager/api/perimeter.py @@ -76,7 +76,7 @@ class Subjects(Resource): :param perimeter_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the subject", + "name": "name of the subject (mandatory)", "description": "description of the subject (optional)", "password": "password for the subject (optional)", "email": "email address of the subject (optional)" @@ -112,7 +112,7 @@ class Subjects(Resource): @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): + def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a subject. :param uuid: uuid of the policy @@ -158,8 +158,8 @@ class Subjects(Resource): def delete(self, uuid=None, perimeter_id=None, user_id=None): """Delete a subject for a given policy - :param uuid: uuid of the policy - :param perimeter_id: uuid of the subject + :param uuid: uuid of the policy (mandatory if perimeter_id is not set) + :param perimeter_id: uuid of the subject (mandatory if uuid is not set) :param user_id: user ID who do the request :return: { "subject_id": { @@ -234,7 +234,7 @@ class Objects(Resource): :param perimeter_id: must not be used here :param user_id: user ID who do the request :request body: { - "object_name": "name of the object", + "object_name": "name of the object (mandatory)", "object_description": "description of the object (optional)" } :return: { @@ -263,7 +263,7 @@ class Objects(Resource): @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): + def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a object. :param uuid: uuid of the policy @@ -302,8 +302,8 @@ class Objects(Resource): def delete(self, uuid=None, perimeter_id=None, user_id=None): """Delete a object for a given policy - :param uuid: uuid of the policy - :param perimeter_id: uuid of the object + :param uuid: uuid of the policy (mandatory if perimeter_id is not set) + :param perimeter_id: uuid of the object (mandatory if uuid is not set) :param user_id: user ID who do the request :return: { "object_id": { @@ -372,7 +372,7 @@ class Actions(Resource): :param perimeter_id: must not be used here :param user_id: user ID who do the request :request body: { - "name": "name of the action", + "name": "name of the action (mandatory)", "description": "description of the action (optional)" } :return: { @@ -401,7 +401,7 @@ class Actions(Resource): @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): + def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a action. :param uuid: uuid of the policy @@ -440,8 +440,8 @@ class Actions(Resource): def delete(self, uuid=None, perimeter_id=None, user_id=None): """Delete a action for a given policy - :param uuid: uuid of the policy - :param perimeter_id: uuid of the action + :param uuid: uuid of the policy (mandatory if perimeter_id is not set) + :param perimeter_id: uuid of the action (mandatory if uuid is not set) :param user_id: user ID who do the request :return: { "action_id": { diff --git a/moon_manager/moon_manager/api/policies.py b/moon_manager/moon_manager/api/policies.py index 3447beb1..1a9e0bae 100644 --- a/moon_manager/moon_manager/api/policies.py +++ b/moon_manager/moon_manager/api/policies.py @@ -38,10 +38,10 @@ class Policies(Resource): :param user_id: user ID who do the request :return: { "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } } :internal_api: get_policies @@ -58,20 +58,20 @@ class Policies(Resource): def post(self, uuid=None, user_id=None): """Create policy. - :param uuid: uuid of the policy (not used here) + :param uuid: uuid of the policy (not used here if a new policy is created) :param user_id: user ID who do the request :request body: { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } :return: { "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } } :internal_api: add_policy @@ -86,7 +86,7 @@ class Policies(Resource): return {"policies": data} @check_auth - def delete(self, uuid=None, user_id=None): + def delete(self, uuid, user_id=None): """Delete a policy :param uuid: uuid of the policy to delete @@ -106,17 +106,17 @@ class Policies(Resource): return {"result": True} @check_auth - def patch(self, uuid=None, user_id=None): + def patch(self, uuid, user_id=None): """Update a policy :param uuid: uuid of the policy to update :param user_id: user ID who do the request :return: { "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "... (optional)", - "description": "... (optional)", + "name": "name of the policy (mandatory)", + "model_id": "ID of the model linked to this policy", + "genre": "authz of admin (optional, default to authz)", + "description": "description of the policy (optional)", } } :internal_api: update_policy diff --git a/moon_manager/moon_manager/api/rules.py b/moon_manager/moon_manager/api/rules.py index 32c10030..ecb066d9 100644 --- a/moon_manager/moon_manager/api/rules.py +++ b/moon_manager/moon_manager/api/rules.py @@ -65,12 +65,12 @@ class Rules(Resource): """Add a rule to a meta rule :param uuid: policy ID - :param rule_id: rule ID + :param rule_id: rule ID (not used here) :param user_id: user ID who do the request :request body: post = { - "meta_rule_id": "meta_rule_id1", - "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], - "instructions": ( + "meta_rule_id": "meta_rule_id1", # mandatory + "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], # mandatory + "instructions": ( # mandatory {"decision": "grant"}, ) "enabled": True diff --git a/moon_orchestrator/moon_orchestrator/api/pods.py b/moon_orchestrator/moon_orchestrator/api/pods.py index 3a01c3a9..389fa5b0 100644 --- a/moon_orchestrator/moon_orchestrator/api/pods.py +++ b/moon_orchestrator/moon_orchestrator/api/pods.py @@ -52,27 +52,29 @@ class Pods(Resource): for _pod_key, _pod_values in self.driver.get_pods().items(): pods[_pod_key] = [] for _pod_value in _pod_values: - if _pod_value['namespace'] != "moon": + if "namespace" in _pod_value and _pod_value['namespace'] != "moon": continue pods[_pod_key].append(_pod_value) return {"pods": pods} except Exception as e: return {"result": False, "message": str(e)}, 500 - def __get_pod_with_keystone_pid(self, keystone_pid): + def __validate_pod_with_keystone_pid(self, keystone_pid): for pod_key, pod_values in self.driver.get_pods().items(): - if pod_values[0]['keystone_project_id'] == keystone_pid: + if pod_values and "keystone_project_id" in pod_values[0] \ + and pod_values[0]['keystone_project_id'] == keystone_pid: return True - def __get_wrapper(self, slave_name): + def __is_slave_exist(self, slave_name): for slave in self.driver.get_slaves(): - if slave_name == slave["name"] \ - and slave["configured"]: + if "name" in slave and "configured" in slave \ + and slave_name == slave["name"] and slave["configured"]: return True def __get_slave_names(self): for slave in self.driver.get_slaves(): - yield slave["name"] + if "name" in slave : + yield slave["name"] @check_auth def post(self, uuid=None, user_id=None): @@ -98,27 +100,24 @@ class Pods(Resource): } } """ - pods = {} if "security_pipeline" in request.json: - if self.__get_pod_with_keystone_pid(request.json.get("keystone_project_id")): + if self.__validate_pod_with_keystone_pid(request.json.get("keystone_project_id")): raise exceptions.PipelineConflict + if not request.json.get("pdp_id"): + raise exceptions.PdpUnknown + if not request.json.get("security_pipeline"): + raise exceptions.PolicyUnknown self.driver.create_pipeline( request.json.get("keystone_project_id"), request.json.get("pdp_id"), request.json.get("security_pipeline"), manager_data=request.json, slave_name=request.json.get("slave_name")) - for _pod_key, _pod_values in self.driver.get_pods().items(): - pods[_pod_key] = [] - for _pod_value in _pod_values: - if _pod_value['namespace'] != "moon": - continue - pods[_pod_key].append(_pod_value) else: logger.info("------------------------------------") logger.info(list(self.__get_slave_names())) logger.info("------------------------------------") - if self.__get_wrapper(request.json.get("slave_name")): + if self.__is_slave_exist(request.json.get("slave_name")): raise exceptions.WrapperConflict if request.json.get("slave_name") not in self.__get_slave_names(): raise exceptions.SlaveNameUnknown @@ -144,8 +143,11 @@ class Pods(Resource): return {'result': True} except exceptions.PipelineUnknown: for slave in self.driver.get_slaves(): - if uuid in (slave['name'], slave["wrapper_name"]): - self.driver.delete_wrapper(name=slave["wrapper_name"]) + if "name" in slave and "wrapper_name" in slave: + if uuid in (slave['name'], slave["wrapper_name"]): + self.driver.delete_wrapper(name=slave["wrapper_name"]) + else : + raise exceptions.SlaveNameUnknown except Exception as e: return {"result": False, "message": str(e)}, 500 diff --git a/moon_orchestrator/moon_orchestrator/drivers.py b/moon_orchestrator/moon_orchestrator/drivers.py index bb0d0c2c..4519f3aa 100644 --- a/moon_orchestrator/moon_orchestrator/drivers.py +++ b/moon_orchestrator/moon_orchestrator/drivers.py @@ -203,13 +203,14 @@ class K8S(Driver): for key, value in pods.items(): # logger.info("ctx={}".format(active_context)) # logger.info("value={}".format(value)) - if active_context["name"] == value[0].get('slave_name'): - data = dict(active_context) - data["wrapper_name"] = value[0]['name'] - data["ip"] = value[0].get("ip", "NC") - data["port"] = value[0].get("external_port", "NC") - slaves.append(data) - break + if "name" in active_context and value and "name" in value[0]: + if active_context["name"] == value[0].get('slave_name'): + data = dict(active_context) + data["wrapper_name"] = value[0]['name'] + data["ip"] = value[0].get("ip", "NC") + data["port"] = value[0].get("external_port", "NC") + slaves.append(data) + break return slaves for ctx in contexts: data = dict(ctx) @@ -217,12 +218,13 @@ class K8S(Driver): for key, value in pods.items(): # logger.info("ctx={}".format(ctx)) # logger.info("value={}".format(value)) - if ctx["name"] == value[0].get('slave_name'): - data["wrapper_name"] = value[0]['name'] - data["ip"] = value[0].get("ip", "NC") - data["port"] = value[0].get("external_port", "NC") - data["configured"] = True - break + if "name" in ctx and value and "name" in value[0]: + if ctx["name"] == value[0].get('slave_name'): + data["wrapper_name"] = value[0]['name'] + data["ip"] = value[0].get("ip", "NC") + data["port"] = value[0].get("external_port", "NC") + data["configured"] = True + break slaves.append(data) return slaves diff --git a/moon_orchestrator/tests/unit_python/mock_pods.py b/moon_orchestrator/tests/unit_python/mock_pods.py index 84e6c7ea..59e1b3c0 100644 --- a/moon_orchestrator/tests/unit_python/mock_pods.py +++ b/moon_orchestrator/tests/unit_python/mock_pods.py @@ -208,12 +208,25 @@ def patch_k8s(monkeypatch): 'create_namespaced_deployment', create_namespaced_deployment_mockreturn) + def delete_namespaced_deployment_mockreturn(*args, **kwargs): + return None + + monkeypatch.setattr(client.ExtensionsV1beta1Api, + 'delete_namespaced_deployment', + delete_namespaced_deployment_mockreturn) + def create_namespaced_service_mockreturn(*args, **kwargs): return {} monkeypatch.setattr(client.CoreV1Api, 'create_namespaced_service', create_namespaced_service_mockreturn) + def delete_namespaced_service_mockreturn(*args, **kwargs): + return {} + monkeypatch.setattr(client.CoreV1Api, + 'delete_namespaced_service', + delete_namespaced_service_mockreturn) + def register_pods(m): """ Modify the response from Requests module diff --git a/moon_orchestrator/tests/unit_python/test_pods.py b/moon_orchestrator/tests/unit_python/test_pods.py index 678645be..5e1b3767 100644 --- a/moon_orchestrator/tests/unit_python/test_pods.py +++ b/moon_orchestrator/tests/unit_python/test_pods.py @@ -15,6 +15,7 @@ def test_get_pods(context, monkeypatch): data = get_json(req.data) assert isinstance(data, dict) assert "pods" in data + assert data["pods"] def test_get_pods_failure(context, monkeypatch): @@ -30,6 +31,7 @@ def test_get_pods_failure(context, monkeypatch): assert isinstance(data, dict) assert not data["pods"] +############################ /post ############################ def test_add_pods_with_pipeline(context, monkeypatch): patch_k8s(monkeypatch) @@ -52,7 +54,7 @@ def test_add_pods_with_pipeline(context, monkeypatch): assert data["pods"] -def test_add_pods_without_pipeline_with_bad_slave_name(context, monkeypatch): +def test_add_pods_without_pipeline_with_bad_slave_name_failure(context, monkeypatch): patch_k8s(monkeypatch) import moon_orchestrator.server @@ -89,7 +91,7 @@ def test_add_pods_without_pipeline_with_good_slave_name(context, monkeypatch): assert data["pods"] -def test_add_pods_without_pipeline_without_slave_name(context, monkeypatch): +def test_add_pods_without_pipeline_without_slave_name_failure(context, monkeypatch): patch_k8s(monkeypatch) import moon_orchestrator.server @@ -106,7 +108,7 @@ def test_add_pods_without_pipeline_without_slave_name(context, monkeypatch): assert 'The slave is unknown.' in data['message'] -def test_add_pods_with_no_data(context, monkeypatch): +def test_add_pods_with_no_data_failure(context, monkeypatch): patch_k8s(monkeypatch) import moon_orchestrator.server server = moon_orchestrator.server.create_server() @@ -140,6 +142,146 @@ def test_add_pods_with_no_policies_no_models(context, monkeypatch, no_requests): assert req.status_code == 200 -def test_delete_pods(context, monkeypatch): - # TODO - pass +def test_add_pods_with_empty_pdp_id_and_keystone_project_id_failure(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "keystone_project_id": "", + "pdp_id": "", + "security_pipeline": context.get('security_pipeline'), + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert req.data + data = get_json(req.data) + assert "The pdp is unknown." in data['message'] + + +def test_add_pods_with_empty_security_pipeline_failure(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "keystone_project_id": context.get('project_id'), + "pdp_id": context.get('pdp_id'), + "security_pipeline": "", + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert req.data + data = get_json(req.data) + assert 'The policy is unknown.' in data['message'] + + +def test_add_different_pods_with_same_pdp_id(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "keystone_project_id": context.get('project_id'), + "pdp_id": context.get('pdp_id'), + "security_pipeline": context.get('security_pipeline'), + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + data["keystone_project_id"] = data["keystone_project_id"] + "x" + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 200 + + +def test_add_different_pods_with_same_keystone_project_id_failure(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "keystone_project_id": context.get('project_id'), + "pdp_id": context.get('pdp_id'), + "security_pipeline": context.get('security_pipeline'), + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + data["pdp_id"] = data["pdp_id"] + "xyz" + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 409 + data = get_json(req.data) + assert isinstance(data, dict) + assert 'A Pipeline already exist for the specified slave.' in data['message'] + + +def test_add_pod_with_slave_more_than_once_failure(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "slave_name": "active_context", + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 409 + assert req.data + data = get_json(req.data) + assert isinstance(data, dict) + assert 'A Wrapper already exist for the specified slave.' in data['message'] + +############################ /delete ############################ + +def test_delete_pod_valid_uuid(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + data = { + "keystone_project_id": context.get('project_id'), + "pdp_id": context.get('pdp_id'), + "security_pipeline": context.get('security_pipeline'), + } + req = _client.post("/pods", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 200 + assert req.data + data = get_json(req.data) + for key in data["pods"]: + req = _client.delete("/pods/{}".format(key)) + assert req.status_code == 200 + +def test_delete_pod_Invalid_uuid_failure(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + + req = _client.delete("/pods/invalid") + assert req.status_code == 400 + data = get_json(req.data) + assert 'The slave is unknown.' in data['message'] + +def test_delete_pod_without_uuid_failure(context, monkeypatch): + patch_k8s(monkeypatch) + + import moon_orchestrator.server + server = moon_orchestrator.server.create_server() + _client = server.app.test_client() + + req = _client.delete("/pods/") + assert req.status_code == 400 + data = get_json(req.data) + assert 'The slave is unknown.' in data['message']
\ No newline at end of file diff --git a/python_moonclient/tests/unit_python/mock_config.py b/python_moonclient/tests/unit_python/mock_config.py index 135964ab..b6c42d76 100644 --- a/python_moonclient/tests/unit_python/mock_config.py +++ b/python_moonclient/tests/unit_python/mock_config.py @@ -37,4 +37,28 @@ def register_consul(m): m.register_uri( 'GET', 'http://manager:30001', json={} - )
\ No newline at end of file + ) + m.register_uri( + 'GET', 'http://keystone:5000/v3', + json={} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'DELETE', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users/', + json={"users": [{"id": "1111111111111"}]} + ) diff --git a/python_moondb/Changelog b/python_moondb/Changelog index 19cd0ac0..acd72883 100644 --- a/python_moondb/Changelog +++ b/python_moondb/Changelog @@ -69,3 +69,7 @@ CHANGES 1.2.8 ----- - Add unique constraints on db tables + +1.2.9 +----- +- Add some verifications when deleting some elements in database diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py index b266a9d4..287558f7 100644 --- a/python_moondb/python_moondb/__init__.py +++ b/python_moondb/python_moondb/__init__.py @@ -3,5 +3,5 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.2.8" +__version__ = "1.2.9" diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py index 57857cd2..f5858662 100644 --- a/python_moondb/python_moondb/api/model.py +++ b/python_moondb/python_moondb/api/model.py @@ -9,7 +9,6 @@ from python_moonutilities import exceptions from python_moonutilities.security_functions import filter_input, enforce from python_moondb.api.managers import Managers - logger = logging.getLogger("moon.db.api.model") @@ -30,6 +29,10 @@ class ModelManager(Managers): if model_id not in self.driver.get_models(model_id=model_id): raise exceptions.ModelUnknown # TODO (asteroide): check that no policy is connected to this model + policies = Managers.PolicyManager.get_policies(user_id=user_id) + for policy in policies: + if policies[policy]['model_id'] == model_id: + raise exceptions.DeleteModelWithPolicy return self.driver.delete_model(model_id=model_id) @enforce(("read", "write"), "models") @@ -65,6 +68,10 @@ class ModelManager(Managers): if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleUnknown # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule + models = self.get_models(user_id=user_id) + for model_id in models: + if models[model_id]['meta_rules'] == meta_rule_id: + raise exceptions.DeleteMetaRuleWithModel return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id) @enforce("read", "meta_data") @@ -83,6 +90,13 @@ class ModelManager(Managers): # TODO (asteroide): delete all meta_rules linked to that category if category_id not in self.driver.get_subject_categories(category_id=category_id): raise exceptions.SubjectCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: + if subject_category_id == category_id: + raise exceptions.DeleteCategoryWithMetaRule + if self.driver.is_subject_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData return self.driver.delete_subject_category(category_id=category_id) @enforce("read", "meta_data") @@ -101,6 +115,13 @@ class ModelManager(Managers): # TODO (asteroide): delete all meta_rules linked to that category if category_id not in self.driver.get_object_categories(category_id=category_id): raise exceptions.ObjectCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for object_category_id in meta_rules[meta_rule_id]['object_categories']: + if object_category_id == category_id: + raise exceptions.DeleteCategoryWithMetaRule + if self.driver.is_object_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData return self.driver.delete_object_category(category_id=category_id) @enforce("read", "meta_data") @@ -118,6 +139,12 @@ class ModelManager(Managers): # TODO (asteroide): delete all data linked to that category # TODO (asteroide): delete all meta_rules linked to that category if category_id not in self.driver.get_action_categories(category_id=category_id): - raise exceptions.ActionCategoryExisting + raise exceptions.ActionCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for action_category_id in meta_rules[meta_rule_id]['action_categories']: + if action_category_id == category_id: + raise exceptions.DeleteCategoryWithMetaRule + if self.driver.is_action_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData return self.driver.delete_action_category(category_id=category_id) - diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index 9e7ad96c..69392e6d 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -8,6 +8,7 @@ import logging from python_moonutilities.security_functions import enforce from python_moondb.api.managers import Managers from python_moonutilities import exceptions +# from python_moondb.core import PDPManager logger = logging.getLogger("moon.db.api.policy") @@ -46,6 +47,11 @@ class PolicyManager(Managers): # TODO (asteroide): unmap PDP linked to that policy if policy_id not in self.driver.get_policies(policy_id=policy_id): raise exceptions.PolicyUnknown + pdps = self.PDPManager.get_pdp(user_id=user_id) + for pdp in pdps: + for policy_id in pdps[pdp]['security_pipeline']: + if policy_id == policy_id: + raise exceptions.DeletePolicyWithPdp return self.driver.delete_policy(policy_id=policy_id) @enforce(("read", "write"), "policies") @@ -147,6 +153,9 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def delete_subject_data(self, user_id, policy_id, data_id): # TODO (asteroide): check and/or delete assignments linked to that data + subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id, subject_id=data_id) + if subject_assignments: + raise exceptions.DeleteData return self.driver.delete_subject_data(policy_id=policy_id, data_id=data_id) @enforce("read", "data") @@ -175,6 +184,9 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def delete_object_data(self, user_id, policy_id, data_id): # TODO (asteroide): check and/or delete assignments linked to that data + object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id, object_id=data_id) + if object_assignments: + raise exceptions.DeleteData return self.driver.delete_object_data(policy_id=policy_id, data_id=data_id) @enforce("read", "data") @@ -203,6 +215,9 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def delete_action_data(self, user_id, policy_id, data_id): # TODO (asteroide): check and/or delete assignments linked to that data + action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id, action_id=data_id) + if action_assignments: + raise exceptions.DeleteData return self.driver.delete_action_data(policy_id=policy_id, data_id=data_id) @enforce("read", "assignments") diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py index a838a854..366ed7de 100644 --- a/python_moondb/python_moondb/backends/sql.py +++ b/python_moondb/python_moondb/backends/sql.py @@ -548,6 +548,16 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_action(self, policy_id, perimeter_id): self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id) + def __is_perimeter_data_exist(self, ClassType ,data_id=None, category_id=None): + logger.info("driver {} {}".format( data_id, category_id)) + with self.get_session_for_read() as session: + query = session.query(ClassType) + query = query.filter_by(category_id=category_id) + ref_list = query.all() + if ref_list: + return True + return False + def __get_perimeter_data(self, ClassType, policy_id, data_id=None, category_id=None): logger.info("driver {} {} {}".format(policy_id, data_id, category_id)) with self.get_session_for_read() as session: @@ -602,6 +612,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): if ref: session.delete(ref) + def is_subject_data_exist(self, data_id=None, category_id=None): + return self.__is_perimeter_data_exist(SubjectData, data_id=data_id, category_id=category_id) + def get_subject_data(self, policy_id, data_id=None, category_id=None): return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) @@ -614,6 +627,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_subject_data(self, policy_id, data_id): return self.__delete_perimeter_data(SubjectData, policy_id, data_id) + def is_object_data_exist(self, data_id=None, category_id=None): + return self.__is_perimeter_data_exist(ObjectData, data_id=data_id, category_id=category_id) + def get_object_data(self, policy_id, data_id=None, category_id=None): return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) @@ -626,6 +642,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_object_data(self, policy_id, data_id): return self.__delete_perimeter_data(ObjectData, policy_id, data_id) + def is_action_data_exist(self, data_id=None,category_id=None): + return self.__is_perimeter_data_exist(ActionData, data_id=data_id, category_id=category_id) + def get_action_data(self, policy_id, data_id=None, category_id=None): return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id) diff --git a/python_moondb/tests/unit_python/models/test_categories.py b/python_moondb/tests/unit_python/models/test_categories.py index 111538b4..8782f172 100644 --- a/python_moondb/tests/unit_python/models/test_categories.py +++ b/python_moondb/tests/unit_python/models/test_categories.py @@ -1,6 +1,11 @@ -import pytest -import logging -from python_moonutilities.exceptions import * +# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from .test_meta_rules import * +import policies.mock_data as mock_data +import policies.test_data as test_data logger = logging.getLogger("moon.db.tests.models.test_categories") @@ -12,10 +17,86 @@ def add_subject_category(cat_id=None, value=None): def test_add_subject_category_twice(): - category = add_subject_category(value={"name":"category name", "description":"description 1"}) + category = add_subject_category(value={"name": "category name", "description": "description 1"}) + category_id = list(category.keys())[0] + assert category is not None + with pytest.raises(SubjectCategoryExisting): + add_subject_category(category_id, value={"name": "category name", "description": "description 2"}) + + +def test_add_subject_category_twice_with_same_name(): + category = add_subject_category(value={"name": "category name", "description": "description 1"}) assert category is not None with pytest.raises(SubjectCategoryExisting): - add_subject_category(value={"name":"category name", "description":"description 2"}) + add_subject_category(value={"name": "category name", "description": "description 2"}) + + +def get_subject_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_subject_categories(user_id=None, category_id=cat_id) + return category + + +def test_get_subject_categories(): + added_category = add_subject_category(value={"name": "category name", "description": "description 1"}) + category_id = list(added_category.keys())[0] + subject_category = get_subject_category(category_id) + assert subject_category == added_category + + +def test_get_subject_categories_with_invalid_id(): + category_id = "invalid_id" + subject_category = get_subject_category(category_id) + assert len(subject_category) == 0 + category = add_subject_category(value={"name": "category name", "description": "description 1"}) + assert category is not None + with pytest.raises(SubjectCategoryExisting): + add_subject_category(value={"name": "category name", "description": "description 2"}) + + +def delete_subject_category(cat_id=None): + from python_moondb.core import ModelManager + ModelManager.delete_subject_category(user_id=None, category_id=cat_id) + + +def test_delete_subject_category(db): + category = add_subject_category(value={"name": "category name", "description": "description 1"}) + delete_subject_category(list(category.keys())[0]) + + +def test_delete_subject_category_with_invalid_id(db): + with pytest.raises(SubjectCategoryUnknown) as exception_info: + delete_subject_category(-1) + + +def test_delete_subject_category_with_meta_rule(db): + category = add_subject_category(value={"name": "category name", "description": "description 1"}) + subject_category_id = list(category.keys())[0] + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + add_meta_rule(value=value) + with pytest.raises(DeleteCategoryWithMetaRule): + delete_subject_category(subject_category_id) + + +def test_delete_subject_category_with_data(db): + category = add_subject_category(value={"name": "category name", "description": "description 1"}) + subject_category_id = list(category.keys())[0] + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + category_id = subject_category_id + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + test_data.add_subject_data(policy_id, data_id, category_id, value) + with pytest.raises(DeleteCategoryWithData): + delete_subject_category(subject_category_id) def add_object_category(cat_id=None, value=None): @@ -25,10 +106,86 @@ def add_object_category(cat_id=None, value=None): def test_add_object_category_twice(): - category = add_object_category(value={"name":"category name", "description":"description 1"}) + category = add_object_category(value={"name": "category name", "description": "description 1"}) + category_id = list(category.keys())[0] + assert category is not None + with pytest.raises(ObjectCategoryExisting): + add_object_category(category_id, value={"name": "category name", "description": "description 2"}) + + +def test_add_object_category_twice_with_same_name(): + category = add_object_category(value={"name": "category name", "description": "description 1"}) + assert category is not None + with pytest.raises(ObjectCategoryExisting): + add_object_category(value={"name": "category name", "description": "description 2"}) + + +def get_object_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_object_categories(user_id=None, category_id=cat_id) + return category + + +def test_get_object_categories(): + added_category = add_object_category(value={"name": "category name", "description": "description 1"}) + category_id = list(added_category.keys())[0] + object_category = get_object_category(category_id) + assert object_category == added_category + + +def test_get_object_categories_with_invalid_id(): + category_id = "invalid_id" + object_category = get_object_category(category_id) + assert len(object_category) == 0 + category = add_object_category(value={"name": "category name", "description": "description 1"}) assert category is not None with pytest.raises(ObjectCategoryExisting): - add_object_category(value={"name":"category name", "description":"description 2"}) + add_object_category(value={"name": "category name", "description": "description 2"}) + + +def delete_object_category(cat_id=None): + from python_moondb.core import ModelManager + ModelManager.delete_object_category(user_id=None, category_id=cat_id) + + +def test_delete_object_category(db): + category = add_object_category(value={"name": "category name", "description": "description 1"}) + delete_object_category(list(category.keys())[0]) + + +def test_delete_object_category_with_invalid_id(db): + with pytest.raises(ObjectCategoryUnknown) as exception_info: + delete_object_category(-1) + + +def test_delete_object_category_with_meta_rule(db): + category = add_object_category(value={"name": "category name", "description": "description 1"}) + object_category_id = list(category.keys())[0] + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["subject_id_1"], + "object_categories": [object_category_id], + "action_categories": ["action_type_id_1"] + } + add_meta_rule(value=value) + with pytest.raises(DeleteCategoryWithMetaRule): + delete_object_category(object_category_id) + + +def test_delete_object_category_with_data(db): + policy_id = mock_data.get_policy_id() + category = add_object_category(value={"name": "category name", "description": "description 1"}) + object_category_id = list(category.keys())[0] + data_id = "data_id_1" + category_id = object_category_id + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + test_data.add_object_data(policy_id, data_id, category_id, value) + with pytest.raises(DeleteCategoryWithData): + delete_object_category(object_category_id) def add_action_category(cat_id=None, value=None): @@ -38,7 +195,83 @@ def add_action_category(cat_id=None, value=None): def test_add_action_category_twice(): - category = add_action_category(value={"name":"category name", "description":"description 1"}) + category = add_action_category(value={"name": "category name", "description": "description 1"}) + category_id = list(category.keys())[0] + assert category is not None + with pytest.raises(ActionCategoryExisting): + add_action_category(category_id, value={"name": "category name", "description": "description 2"}) + + +def test_add_action_category_twice_with_same_name(): + category = add_action_category(value={"name": "category name", "description": "description 1"}) + assert category is not None + with pytest.raises(ActionCategoryExisting): + add_action_category(value={"name": "category name", "description": "description 2"}) + + +def get_action_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_action_categories(user_id=None, category_id=cat_id) + return category + + +def test_get_action_categories(): + added_category = add_action_category(value={"name": "category name", "description": "description 1"}) + category_id = list(added_category.keys())[0] + action_category = get_action_category(category_id) + assert action_category == added_category + + +def test_get_action_categories_with_invalid_id(): + category_id = "invalid_id" + action_category = get_action_category(category_id) + assert len(action_category) == 0 + category = add_action_category(value={"name": "category name", "description": "description 1"}) assert category is not None with pytest.raises(ActionCategoryExisting): - add_action_category(value={"name":"category name", "description":"description 2"}) + add_action_category(value={"name": "category name", "description": "description 2"}) + + +def delete_action_category(cat_id=None): + from python_moondb.core import ModelManager + ModelManager.delete_action_category(user_id=None, category_id=cat_id) + + +def test_delete_action_category(db): + category = add_action_category(value={"name": "category name", "description": "description 1"}) + delete_action_category(list(category.keys())[0]) + + +def test_delete_action_category_with_invalid_id(db): + with pytest.raises(ActionCategoryUnknown) as exception_info: + delete_action_category(-1) + + +def test_delete_action_category_with_meta_rule(db): + category = add_action_category(value={"name": "category name", "description": "description 1"}) + action_category_id = list(category.keys())[0] + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["subject_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": [action_category_id] + } + add_meta_rule(value=value) + with pytest.raises(DeleteCategoryWithMetaRule): + delete_action_category(action_category_id) + + +def test_delete_action_category_with_data(db): + category = add_action_category(value={"name": "category name", "description": "description 1"}) + action_category_id = list(category.keys())[0] + policy_id = mock_data.get_policy_id() + data_id = "data_id_1" + category_id = action_category_id + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + test_data.add_action_data(policy_id, data_id, category_id, value) + with pytest.raises(DeleteCategoryWithData): + delete_action_category(action_category_id) diff --git a/python_moondb/tests/unit_python/models/test_meta_rules.py b/python_moondb/tests/unit_python/models/test_meta_rules.py index 585274d9..4e60e11a 100644 --- a/python_moondb/tests/unit_python/models/test_meta_rules.py +++ b/python_moondb/tests/unit_python/models/test_meta_rules.py @@ -1,4 +1,9 @@ -import pytest +# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from .test_models import * def set_meta_rule(meta_rule_id, value=None): @@ -36,6 +41,7 @@ def delete_meta_rules(meta_rule_id=None): from python_moondb.core import ModelManager ModelManager.delete_meta_rule(user_id=None, meta_rule_id=meta_rule_id) + def test_set_not_exist_meta_rule_error(db): # set not existing meta rule and expect to raise and error with pytest.raises(Exception) as exception_info: @@ -51,7 +57,7 @@ def test_add_new_meta_rule_success(db): "object_categories": ["vm_security_level_id_1"], "action_categories": ["action_type_id_1"] } - metaRules = add_meta_rule(); + metaRules = add_meta_rule() assert isinstance(metaRules, dict) assert metaRules assert len(metaRules) is 1 @@ -61,6 +67,21 @@ def test_add_new_meta_rule_success(db): assert metaRules[meta_rule_id][key] == value[key] +def test_add_new_meta_rule_with_same_name_twice(db): + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_security_level_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + meta_rules = add_meta_rule(value=value) + assert isinstance(meta_rules, dict) + assert meta_rules + with pytest.raises(Exception) as exc_info: + add_meta_rule(value=value) + + def test_set_meta_rule_succes(db): # arrange meta_rules = add_meta_rule() @@ -116,7 +137,7 @@ def test_get_meta_rule_success(db): # action meta_rules = get_meta_rules() # assert - assert isinstance(meta_rules , dict) + assert isinstance(meta_rules, dict) assert meta_rules assert len(meta_rules) is 2 for meta_rule_id in meta_rules: @@ -127,7 +148,7 @@ def test_get_meta_rule_success(db): def test_get_specific_meta_rule_success(db): # arrange - added_meta_rules = add_meta_rule() + added_meta_rules = add_meta_rule() added_meta_rule_id = list(added_meta_rules.keys())[0] # action meta_rules = get_meta_rules(meta_rule_id=added_meta_rule_id) @@ -172,3 +193,26 @@ def test_delete_invalid_meta_rules_error(db): with pytest.raises(Exception) as exception_info: delete_meta_rules("INVALID_META_RULE_ID") assert str(exception_info.value) == '400: Sub Meta Rule Unknown' + + +def test_delete_meta_rule_with_assigned_model(db): + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": ["user_security_level_id_1"], + "object_categories": ["vm_security_level_id_1"], + "action_categories": ["action_type_id_1"] + } + metaRules = add_meta_rule() + assert isinstance(metaRules, dict) + assert metaRules + assert len(metaRules) is 1 + meta_rule_id = list(metaRules.keys())[0] + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": meta_rule_id + } + add_model(value=model_value1) + with pytest.raises(DeleteMetaRuleWithModel) as exception_info: + delete_meta_rules(meta_rule_id) diff --git a/python_moondb/tests/unit_python/models/test_models.py b/python_moondb/tests/unit_python/models/test_models.py index 54c45e77..251792c5 100644 --- a/python_moondb/tests/unit_python/models/test_models.py +++ b/python_moondb/tests/unit_python/models/test_models.py @@ -1,11 +1,19 @@ +# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + import pytest from python_moonutilities.exceptions import * import logging +import policies.test_policies as test_policies + logger = logging.getLogger("moon.db.tests.test_model") + def get_models(model_id=None): from python_moondb.core import ModelManager - return ModelManager.get_models(user_id= None , model_id= model_id) + return ModelManager.get_models(user_id=None, model_id=model_id) def add_model(model_id=None, value=None): @@ -62,6 +70,7 @@ def test_get_model(db): assert len(models) is 1 delete_all_models() + def test_get_specific_model(db): # prepare add_model(model_id="mls_model_id") @@ -74,6 +83,7 @@ def test_get_specific_model(db): assert len(models) is 1 delete_all_models() + def test_add_model(db): # act model = add_model() @@ -91,7 +101,7 @@ def test_add_same_model_twice(db): with pytest.raises(ModelExisting) as exception_info: add_model(model_id="model_1") delete_all_models() - #assert str(exception_info.value) == '409: Model Error' + # assert str(exception_info.value) == '409: Model Error' def test_add_model_generate_new_uuid(db): @@ -130,6 +140,20 @@ def test_add_models(db): delete_all_models() +def test_add_models_with_same_name_twice(db): + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_1" + } + models = add_model(value=model_value1) + assert isinstance(models, dict) + assert models + with pytest.raises(Exception) as exc_info: + add_model(value=model_value1) + delete_all_models() + + def test_delete_models(db): model_value1 = { "name": "MLS", @@ -175,4 +199,26 @@ def test_update_model(db): for key in ("name", "meta_rules", "description"): assert key in model[model_id] assert model[model_id][key] == new_model_value[key] - delete_all_models()
\ No newline at end of file + delete_all_models() + + +def test_delete_model_assigned_to_policy(db): + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": "meta_rule_mls_1" + } + models = add_model(value=model_value1) + assert isinstance(models, dict) + assert models + assert len(models.keys()) == 1 + model_id = list(models.keys())[0] + value = { + "name": "test_policy", + "model_id": model_id, + "genre": "authz", + "description": "test", + } + test_policies.add_policies(value=value) + with pytest.raises(DeleteModelWithPolicy) as exception_info: + delete_models(uuid=model_id) diff --git a/python_moondb/tests/unit_python/policies/test_data.py b/python_moondb/tests/unit_python/policies/test_data.py index 6a57130e..5e00fe65 100755 --- a/python_moondb/tests/unit_python/policies/test_data.py +++ b/python_moondb/tests/unit_python/policies/test_data.py @@ -1,7 +1,10 @@ +# Copyright 2018 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + import policies.mock_data as mock_data -import pytest -import logging -from python_moonutilities.exceptions import * +from .test_assignments import * logger = logging.getLogger("python_moondb.tests.api.test_data") @@ -178,6 +181,22 @@ def test_delete_action_data(db): assert len(new_action_data[0]['data']) == 0 +def test_delete_action_data_assigned_to_action_assignment(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + data_id = "data_id_1" + category_id = "category_id_1" + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = add_action_data(policy_id, data_id, category_id, value).get('data') + action_data_id = list(action_data.keys())[0] + add_action_assignment(policy_id, "action_id_1", category_id, action_data_id) + with pytest.raises(DeleteData) as exception_info: + delete_action_data(action_data[action_data_id].get('policy_id'), None) + + def test_get_object_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -253,6 +272,22 @@ def test_delete_object_data(db): assert len(new_object_data[0]['data']) == 0 +def test_delete_object_data_assigned_to_object_assignment(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + data_id = "data_id_1" + category_id = "category_id_1" + value = { + "name": "object-type", + "description": {"vm-action": "", "storage-action": "", }, + } + object_data = add_object_data(policy_id, data_id, category_id, value).get('data') + object_data_id = list(object_data.keys())[0] + add_object_assignment(policy_id, "object_id_1", category_id, object_data_id) + with pytest.raises(DeleteData) as exception_info: + delete_object_data(object_data[object_data_id].get('policy_id'), None) + + def test_get_subject_data(db): policy_id = mock_data.get_policy_id() get_available_metadata(policy_id) @@ -327,6 +362,22 @@ def test_delete_subject_data(db): assert len(new_subject_data[0]['data']) == 0 +def test_delete_subject_data_assigned_to_subject_assignment(db): + policy_id = mock_data.get_policy_id() + get_available_metadata(policy_id) + data_id = "data_id_1" + category_id = "category_id_1" + value = { + "name": "subject-type", + "description": {"vm-action": "", "storage-action": "", }, + } + subject_data = add_subject_data(policy_id, data_id, category_id, value).get('data') + subject_data_id = list(subject_data.keys())[0] + add_subject_assignment(policy_id, "object_id_1", category_id, subject_data_id) + with pytest.raises(DeleteData) as exception_info: + delete_subject_data(subject_data[subject_data_id].get('policy_id'), None) + + def test_get_actions(db): policy_id = mock_data.get_policy_id() value = { @@ -372,7 +423,9 @@ def test_add_action_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - action = add_action(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value) + action = add_action( + mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", + category_prefix="_"), perimeter_id, value) logger.info("action : {}".format(action)) assert action action_id = list(action.keys())[0] @@ -444,7 +497,9 @@ def test_add_objects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - added_object = add_object(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value) + added_object = add_object( + mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", + category_prefix="_"), perimeter_id, value) assert added_object object_id = list(added_object.keys())[0] assert len(added_object[object_id].get('policy_list')) == 2 @@ -515,7 +570,9 @@ def test_add_subjects_multiple_times(db): "description": "test", "policy_list": ['policy_id_3', 'policy_id_4'] } - subject = add_subject(mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", category_prefix="_"), perimeter_id, value) + subject = add_subject( + mock_data.get_policy_id(model_name="test_model2", policy_name="policy_2", meta_rule_name="meta_rule2", + category_prefix="_"), perimeter_id, value) assert subject subject_id = list(subject.keys())[0] assert len(subject[subject_id].get('policy_list')) == 2 diff --git a/python_moondb/tests/unit_python/policies/test_policies.py b/python_moondb/tests/unit_python/policies/test_policies.py index f81f0d39..f1dd258f 100755 --- a/python_moondb/tests/unit_python/policies/test_policies.py +++ b/python_moondb/tests/unit_python/policies/test_policies.py @@ -7,6 +7,7 @@ import pytest import policies.mock_data as mock_data from python_moonutilities.exceptions import * + def get_policies(): from python_moondb.core import PolicyManager return PolicyManager.get_policies("admin") @@ -99,7 +100,20 @@ def test_add_policies_twice_with_same_id(db): add_policies(policy_id, value) with pytest.raises(PolicyExisting) as exception_info: add_policies(policy_id, value) - #assert str(exception_info.value) == '409: Policy Error' + # assert str(exception_info.value) == '409: Policy Error' + + +def test_add_policies_twice_with_same_name(db): + value = { + "name": "test_policy", + "model_id": "", + "genre": "authz", + "description": "test", + } + add_policies(value=value) + with pytest.raises(Exception) as exception_info: + add_policies(value=value) + # assert str(exception_info.value) == '409: Policy Error' def test_delete_policies(db): @@ -129,7 +143,29 @@ def test_delete_policies_with_invalid_id(db): policy_id = 'policy_id_1' with pytest.raises(PolicyUnknown) as exception_info: delete_policies(policy_id) - #assert str(exception_info.value) == '400: Policy Unknown' + # assert str(exception_info.value) == '400: Policy Unknown' + + +def test_delete_policies_with_pdp(db): + from python_moondb.core import PDPManager + value = { + "name": "test_policy1", + "model_id": "", + "genre": "authz", + "description": "test", + } + policies = add_policies(value=value) + policy_id1 = list(policies.keys())[0] + pdp_id = "pdp_id1" + value = { + "name": "test_pdp", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + PDPManager.add_pdp(user_id="admin" ,pdp_id=pdp_id, value=value) + with pytest.raises(DeletePolicyWithPdp) as exception_info: + delete_policies(policy_id1) def test_update_policy(db): @@ -158,7 +194,7 @@ def test_update_policy_with_invalid_id(db): } with pytest.raises(PolicyUnknown) as exception_info: update_policy(policy_id, value) - #assert str(exception_info.value) == '400: Policy Unknown' + # assert str(exception_info.value) == '400: Policy Unknown' def test_get_policy_from_meta_rules(db): @@ -173,7 +209,7 @@ def test_get_policy_from_meta_rules(db): policy = add_policies(value=value) assert policy policy_id = list(policy.keys())[0] - pdp_ids = [policy_id,] + pdp_ids = [policy_id, ] pdp_obj = mock_data.create_pdp(pdp_ids) test_pdp.add_pdp(value=pdp_obj) matched_policy_id = get_policy_from_meta_rules(meta_rule_id) @@ -199,7 +235,7 @@ def test_get_policy_from_meta_rules_with_no_policies(db): import test_pdp as test_pdp meta_rule_id = 'meta_rule_id' policy_id = 'invalid' - pdp_ids = [policy_id,] + pdp_ids = [policy_id, ] pdp_obj = mock_data.create_pdp(pdp_ids) test_pdp.add_pdp(value=pdp_obj) with pytest.raises(Exception) as exception_info: @@ -217,7 +253,7 @@ def test_get_policy_from_meta_rules_with_no_models(db): policy = add_policies(value=value) assert policy policy_id = list(policy.keys())[0] - pdp_ids = [policy_id,] + pdp_ids = [policy_id, ] pdp_obj = mock_data.create_pdp(pdp_ids) test_pdp.add_pdp(value=pdp_obj) with pytest.raises(Exception) as exception_info: diff --git a/python_moondb/tests/unit_python/test_pdp.py b/python_moondb/tests/unit_python/test_pdp.py index 5134c0fb..942d98a3 100755 --- a/python_moondb/tests/unit_python/test_pdp.py +++ b/python_moondb/tests/unit_python/test_pdp.py @@ -93,6 +93,19 @@ def test_add_pdp_twice_with_same_id(db): assert str(exception_info.value) == '409: Pdp Error' +def test_add_pdp_twice_with_same_name(db): + value = { + "name": "test_pdp", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + add_pdp(value=value) + with pytest.raises(Exception) as exception_info: + add_pdp(value=value) + assert str(exception_info.value) == '409: Pdp Error' + + def test_get_pdp(db): pdp_id = "pdp_id1" value = { diff --git a/python_moonutilities/Changelog b/python_moonutilities/Changelog index e6ab2f6e..61225b2b 100644 --- a/python_moonutilities/Changelog +++ b/python_moonutilities/Changelog @@ -89,4 +89,8 @@ CHANGES 1.4.8 ----- -- Add SubjectScopeExisting, ObjectScopeExisting, ActionScopeExisting exceptions
\ No newline at end of file +- Add SubjectScopeExisting, ObjectScopeExisting, ActionScopeExisting exceptions + +1.4.9 +----- +- Add some exceptions when deletion of elements is impossible diff --git a/python_moonutilities/Jenkinsfile b/python_moonutilities/Jenkinsfile new file mode 100644 index 00000000..95939e9b --- /dev/null +++ b/python_moonutilities/Jenkinsfile @@ -0,0 +1,10 @@ +pipeline { + agent { docker { image 'python:3.5.1' } } + stages { + stage('build') { + steps { + sh 'python --version' + } + } + } +}
\ No newline at end of file diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py index cabb4c52..d313ecc3 100644 --- a/python_moonutilities/python_moonutilities/__init__.py +++ b/python_moonutilities/python_moonutilities/__init__.py @@ -3,6 +3,6 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.4.8" +__version__ = "1.4.9" diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index f1dcd31e..bb2d35b7 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -651,3 +651,52 @@ class PolicyExisting(MoonError): code = 409 title = 'Policy Error' logger = "Error" + + +class DeleteData(MoonError): + description = _("Cannot delete data with assignment") + code = 400 + title = 'Data Error' + logger = "Error" + + +class DeleteCategoryWithData(MoonError): + description = _("Cannot delete category with data") + code = 400 + title = 'Category Error' + logger = "Error" + + +class DeleteCategoryWithMetaRule(MoonError): + description = _("Cannot delete category with meta rule") + code = 400 + title = 'Category Error' + logger = "Error" + + +class DeleteCategoryWithData(MoonError): + description = _("Cannot delete category with data") + code = 400 + title = 'Category Error' + logger = "Error" + + +class DeleteModelWithPolicy(MoonError): + description = _("Cannot delete model with policy") + code = 400 + title = 'Model Error' + logger = "Error" + + +class DeletePolicyWithPdp(MoonError): + description = _("Cannot delete policy with pdp") + code = 400 + title = 'Policy Error' + logger = "Error" + + +class DeleteMetaRuleWithModel(MoonError): + description = _("Cannot delete meta rule with model") + code = 400 + title = 'Meta rule Error' + logger = "Error" diff --git a/tests/functional/run_tests.sh b/tests/functional/run_tests.sh index c5cbabbb..cf55c3bd 100644..100755 --- a/tests/functional/run_tests.sh +++ b/tests/functional/run_tests.sh @@ -1,13 +1,18 @@ #!/usr/bin/env bash -echo "starting Moon Functional Tests" +MOON_HOME=${1:-.} -COMPONENTS="moon_authz, moon_interface, moon_manager, moon_orchestrator, moon_wrapper" +echo "Starting Moon Functional Tests on ${MOON_HOME}" + +cd ${MOON_HOME} + +COMPONENTS="moon_manager moon_wrapper" for dir in ${COMPONENTS}; do echo "Testing component ${dir}" cd ${MOON_HOME}/${dir} - docker run --rm --volume $(pwd):/data wukongsun/moon_forming:latest /bin/bash /root/switch.sh functest + bash ../tests/functional/run_tests_for_component.sh + cd - done # TODO: download tests results diff --git a/tools/moon_kubernetes/templates/db.yaml b/tools/moon_kubernetes/templates/db.yaml index a055507e..5a0e5e98 100644 --- a/tools/moon_kubernetes/templates/db.yaml +++ b/tools/moon_kubernetes/templates/db.yaml @@ -14,7 +14,7 @@ spec: spec: containers: - name: db - image: mysql:latest + image: mysql:5.7 env: - name: MYSQL_DATABASE value: "moon" |