aboutsummaryrefslogtreecommitdiffstats
path: root/moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py
diff options
context:
space:
mode:
Diffstat (limited to 'moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py')
-rw-r--r--moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py209
1 files changed, 209 insertions, 0 deletions
diff --git a/moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py b/moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py
new file mode 100644
index 00000000..770e9bb6
--- /dev/null
+++ b/moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py
@@ -0,0 +1,209 @@
+# Software Name: MOON
+
+# Version: 5.4
+
+# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors
+# SPDX-License-Identifier: Apache-2.0
+
+# This software is distributed under the 'Apache License 2.0',
+# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt'
+# or see the "LICENSE" file for more details.
+
+
+import hug
+import json
+import requests
+
+
+def get_subject_object_action():
+ from moon_engine.api.configuration import get_configuration
+ from moon_cache.cache import Cache
+ from moon_utilities.auth_functions import get_api_key_for_user
+
+ auth_headers = {"X-Api-Key": get_api_key_for_user("admin")}
+
+ CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"),
+ incremental=get_configuration("incremental_updates"),
+ manager_api_key=get_configuration("api_token"))
+
+ CACHE.set_current_server(url=get_configuration("management").get("url"),
+ api_key=get_api_key_for_user("admin"))
+
+ # Note: patching the cache for the test
+ CACHE.add_pipeline("b3d3e18a-bf33-40e8-b635-fd49e6634ccd", {
+ "name": "test",
+ "description": "test",
+ "host": "127.0.0.1",
+ "port": 20000,
+ })
+ CACHE.add_pipeline("f8f49a77-9ceb-47b3-ac81-0f01ef71b4e0", {
+ "name": "test",
+ "description": "test",
+ "host": "127.0.0.1",
+ "port": 20000,
+ })
+ response = requests.get("{}/pdp".format(get_configuration("management").get("url")),
+ headers=auth_headers)
+ pdp = response.json()
+ pdp_id = next(iter(pdp['pdps']))
+ policy_id = pdp['pdps'][pdp_id].get("security_pipeline")[0]
+ project_id = pdp['pdps'][pdp_id].get("vim_project_id")
+
+ # response = requests.get("{}/policies".format(get_configuration("management").get("url")),
+ # headers=auth_headers)
+ # policies = response.json()
+ # policy_id = next(iter(policies['policies']))
+
+ response = requests.get("{}/policies/{}/subjects".format(
+ get_configuration("management").get("url"), policy_id), headers=auth_headers)
+ subjects = response.json()
+
+ response = requests.get("{}/policies/{}/objects".format(
+ get_configuration("management").get("url"), policy_id), headers=auth_headers)
+ objects = response.json()
+
+ response = requests.get("{}/policies/{}/actions".format(
+ get_configuration("management").get("url"), policy_id), headers=auth_headers)
+ actions = response.json()
+ return subjects, objects, actions, project_id
+
+
+def test_post_authz():
+ from moon_engine.plugins import oslowrapper
+ from moon_utilities.auth_functions import get_api_key_for_user
+ from moon_cache.cache import Cache
+ from moon_engine.api.configuration import get_configuration
+ CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"),
+ incremental=get_configuration("incremental_updates"),
+ manager_api_key=get_configuration("api_token"))
+
+ CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user(
+ "admin"))
+
+ auth_headers = {"X-Api-Key": get_api_key_for_user("admin")}
+
+ response = requests.get("{}/pdp".format(get_configuration("management").get("url")),
+ headers=auth_headers)
+ pdp = response.json()
+ pdp_id = next(iter(pdp['pdps']))
+ policy_id = pdp['pdps'][pdp_id].get("security_pipeline")[0]
+ project_id = pdp['pdps'][pdp_id].get("vim_project_id")
+
+ response = requests.get("{}/policies/{}/subjects".format(get_configuration(
+ "management").get("url"), policy_id), headers=auth_headers)
+ subjects = response.json()
+
+ response = requests.get("{}/policies/{}/objects".format(get_configuration(
+ "management").get("url"), policy_id), headers=auth_headers)
+ objects = response.json()
+
+ response = requests.get("{}/policies/{}/actions".format(get_configuration(
+ "management").get("url"), policy_id), headers=auth_headers)
+ actions = response.json()
+
+ subjects_name = subjects['subjects'][next(iter(subjects['subjects']))]['name']
+ objects_name = objects['objects'][next(iter(objects['objects']))]['name']
+ actions_name = actions['actions'][next(iter(actions['actions']))]['name']
+
+ # Note: patching the cache for the test
+ from moon_cache.cache import Cache
+ CACHE = Cache.getInstance()
+ CACHE.add_pipeline("b3d3e18abf3340e8b635fd49e6634ccd", {
+ "name": "test",
+ "description": "test",
+ "host": "127.0.0.1",
+ "port": 20000,
+ })
+ CACHE.add_pipeline("f8f49a779ceb47b3ac810f01ef71b4e0", {
+ "name": "test",
+ "description": "test",
+ "host": "127.0.0.1",
+ "port": 20000,
+ })
+
+ _target = {
+ 'target': {
+ "name": objects_name,
+ },
+ "project_id": project_id,
+ "user_id": subjects_name
+ }
+ _credentials = {
+ "project_id": project_id,
+ "user_id": subjects_name
+ }
+
+ authz_data = {
+ 'rule': actions_name,
+ 'target': json.dumps(_target),
+ 'credentials': json.dumps(_credentials)}
+ req = hug.test.post(oslowrapper, "/authz/oslo", authz_data)
+ assert req.status == hug.HTTP_200
+
+
+def test_authz_true():
+ from moon_engine.plugins import oslowrapper
+
+ subjects, objects, actions, project_id = get_subject_object_action()
+
+ _target = {
+ 'target': {
+ "name": objects['objects'][next(iter(objects['objects']))]['name'],
+ },
+ "project_id": project_id,
+ "user_id": subjects['subjects'][next(iter(subjects['subjects']))]['name']
+ }
+ _credentials = {
+ "project_id": project_id,
+ "user_id": subjects['subjects'][next(iter(subjects['subjects']))]['name']
+ }
+ authz_data = {
+ 'rule': actions['actions'][next(iter(actions['actions']))]['name'],
+ 'target': json.dumps(_target),
+ 'credentials': json.dumps(_credentials)}
+
+ req = hug.test.post(oslowrapper, "/authz/oslo", body=authz_data)
+
+ assert req.status == hug.HTTP_200 and req.data is not None and req.data
+
+
+def test_authz_error_response_code():
+ from moon_engine.plugins import oslowrapper
+
+ subjects, objects, actions, project_id = get_subject_object_action()
+
+ _target = {
+ 'target': {
+ "name": objects['objects'][next(iter(objects['objects']))]['name'],
+ },
+ "project_id": "a64beb1cc224474fb4badd431f3e7106", # invalid project id
+ "user_id": subjects['subjects'][next(iter(subjects['subjects']))]['name']
+ }
+ authz_data = {
+ 'rule': actions['actions'][next(iter(actions['actions']))]['name'],
+ 'target': json.dumps(_target),
+ 'credentials': 'null'}
+
+ print(authz_data)
+ req = hug.test.post(oslowrapper, "/authz/oslo", body=authz_data)
+
+ assert req.status != hug.HTTP_200
+
+# def test_authz_error_no_interface_key(context):
+# import moon_wrapper.server
+# server = moon_wrapper.server.main()
+# client = server.app.test_client()
+# _target = {
+# 'target': {
+# "name": context.get('object_name'),
+# },
+# "project_id": context.get('project_with_no_interface_key'),
+# "user_id": context.get('subject_name')
+# }
+# authz_data = {
+# 'rule': context.get('action_name'),
+# 'target': json.dumps(_target),
+# 'credentials': 'null'}
+# req = client.post("/authz/oslo", data=json.dumps(authz_data))
+#
+# assert req.data == b"False"