diff options
Diffstat (limited to 'moon_engine/tests/unit_python')
17 files changed, 2923 insertions, 0 deletions
diff --git a/moon_engine/tests/unit_python/api/__init__.py b/moon_engine/tests/unit_python/api/__init__.py new file mode 100644 index 00000000..1856aa2c --- /dev/null +++ b/moon_engine/tests/unit_python/api/__init__.py @@ -0,0 +1,12 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + diff --git a/moon_engine/tests/unit_python/api/moon.yaml b/moon_engine/tests/unit_python/api/moon.yaml new file mode 100644 index 00000000..9272ccce --- /dev/null +++ b/moon_engine/tests/unit_python/api/moon.yaml @@ -0,0 +1,54 @@ +type: "pipeline" +uuid: "a64beb1c-c224-474f-b4ba-dd43173e7101" +manager_url: "http://127.0.0.1:20000" +incremental_updates: false +api_token: +data: conf/policy_example.json +debug: true +management: + token_file: moon_engine_users.json + +orchestration: + driver: moon_engine.plugins.pyorchestrator + connection: local + port: 20000...20100 + config_dir: /tmp + +authorization: + driver: moon_engine.plugins.authz + +plugins: + directory: /tmp + +logging: + version: 1 + + formatters: + brief: + format: "%(levelname)s %(name)s %(message)-30s" + custom: + format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" + + handlers: + console: + class : logging.StreamHandler + formatter: custom + level : INFO + stream : ext://sys.stdout + file: + class : logging.handlers.RotatingFileHandler + formatter: custom + level : DEBUG + filename: /tmp/moon_engine.log + maxBytes: 1048576 + backupCount: 3 + + loggers: + moon: + level: DEBUG + handlers: [console, file] + propagate: no + + root: + level: ERROR + handlers: [console]
\ No newline at end of file diff --git a/moon_engine/tests/unit_python/api/pipeline/__init__.py b/moon_engine/tests/unit_python/api/pipeline/__init__.py new file mode 100644 index 00000000..582be686 --- /dev/null +++ b/moon_engine/tests/unit_python/api/pipeline/__init__.py @@ -0,0 +1,11 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + diff --git a/moon_engine/tests/unit_python/api/pipeline/test_authz.py b/moon_engine/tests/unit_python/api/pipeline/test_authz.py new file mode 100644 index 00000000..c405ddfd --- /dev/null +++ b/moon_engine/tests/unit_python/api/pipeline/test_authz.py @@ -0,0 +1,37 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import hug + + +def test_get_authz_authorized(): + from moon_engine.api.pipeline import authz + from moon_utilities.auth_functions import get_api_key_for_user + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + # FIXME: https://gitlab.forge.orange-labs.fr/moon/moon_cache/issues/1 + # req = benchmark(hug.test.get, authz, + # "/authz/89ba91c1-8dd5-4abf-bfde-7a66936c51a6/67b8008a-3f8d-4f8e-847e-b628f0f7ca0e/cdb3df22-0dc0" + # "-5a6e-a333-4b994827b068", headers=auth_headers) + # # req = hug.test.get(authz, "/authz/test/test/test", headers=auth_headers) + # assert req.status == hug.HTTP_204 + + +def test_get_authz_unauthorized(): + from moon_engine.api.pipeline import authz + from moon_utilities.auth_functions import get_api_key_for_user + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + # FIXME: https://gitlab.forge.orange-labs.fr/moon/moon_cache/issues/1 + # req = benchmark(hug.test.get, authz, + # "/authz/31fd15ad-1478-4a96-96fc-c887dddbfaf9/67b8008a-3f8d-4f8e-847e-b628f0f7ca0e/cdb3df22-0dc0" + # "-5a6e-a333-4b994827b068", headers=auth_headers) + # # req = hug.test.get(authz, "/authz/test/test/test", headers=auth_headers) + # assert req.status == hug.HTTP_403 diff --git a/moon_engine/tests/unit_python/api/pipeline/test_update.py b/moon_engine/tests/unit_python/api/pipeline/test_update.py new file mode 100644 index 00000000..94d5a4e4 --- /dev/null +++ b/moon_engine/tests/unit_python/api/pipeline/test_update.py @@ -0,0 +1,525 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import hug +import requests +from uuid import uuid4 + + +def test_pipeline_update_policy_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + key = next(iter(policies['policies'])) + policies['policies'][key]['name'] = "new " + policies['policies'][key]['name'] + req = hug.test.put(update, "/update/policy/{}".format(key), + policies['policies'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_update_policy_not_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + key = next(iter(policies['policies'])) + policies['policies'][key]['name'] = "new " + policies['policies'][key]['name'] + req = hug.test.put(update, "/update/policy/{}".format(uuid4().hex), + policies['policies'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_delete_policy(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + policies = response.json() + key = next(iter(policies['policies'])) + req = hug.test.delete(update, "/update/policy/{}".format(key), + headers=auth_headers) + assert req.status == hug.HTTP_202 + + +def test_pipeline_update_pdp_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + + pdps = response.json() + key = next(iter(pdps['pdps'])) + pdps['pdps'][key]['name'] = "new " + pdps['pdps'][key]['name'] + req = hug.test.put(update, "/update/pdp/{}".format(key), + pdps['pdps'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_update_pdp_not_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + + pdps = response.json() + key = next(iter(pdps['pdps'])) + pdps['pdps'][key]['name'] = "new " + pdps['pdps'][key]['name'] + req = hug.test.put(update, "/update/pdp/{}".format(uuid4().hex), + pdps['pdps'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_delete_pdp_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + + pdps = response.json() + key = next(iter(pdps['pdps'])) + req = hug.test.delete(update, "/update/pdp/{}".format(key), headers=auth_headers) + assert req.status == hug.HTTP_202 + + +def test_pipeline_update_perimeter_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + policy_key = next(iter(policies['policies'])) + + subject_response = requests.get("{}/policies/{}/subjects".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + subjects = subject_response.json() + subj_key = next(iter(subjects['subjects'])) + subjects['subjects'][subj_key]['name'] = "updated_" + subjects['subjects'][subj_key]['name'] + + subject_req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(subj_key, policy_key, + "subject"), + subjects['subjects'][subj_key], headers=auth_headers) + assert subject_req.status == hug.HTTP_208 + + """ object category """ + object_response = requests.get("{}/policies/{}/objects".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + objects = object_response.json() + obj_key = next(iter(objects['objects'])) + objects['objects'][obj_key]['name'] = "updated_" + objects['objects'][obj_key]['name'] + + object_req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(obj_key, policy_key, "object") + , objects['objects'][obj_key], headers=auth_headers) + assert object_req.status == hug.HTTP_208 + + """ action category """ + action_response = requests.get("{}/policies/{}/actions".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + actions = action_response.json() + action_key = next(iter(actions['actions'])) + actions['actions'][action_key]['name'] = "updated_" + actions['actions'][action_key]['name'] + + action_req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(action_key, policy_key, + "action"), + actions['actions'][action_key], headers=auth_headers) + assert action_req.status == hug.HTTP_208 + + +def test_pipeline_update_perimeter_not_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + policy_key = next(iter(policies['policies'])) + + subject_response = requests.get("{}/policies/{}/subjects".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + subjects = subject_response.json() + subj_key = next(iter(subjects['subjects'])) + subjects['subjects'][subj_key]['name'] = "updated_" + subjects['subjects'][subj_key]['name'] + + subject_req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(uuid4().hex, policy_key, + "subject"), + subjects['subjects'][subj_key], headers=auth_headers) + assert subject_req.status == hug.HTTP_208 + + """ object category """ + object_response = requests.get("{}/policies/{}/objects".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + objects = object_response.json() + obj_key = next(iter(objects['objects'])) + objects['objects'][obj_key]['name'] = "updated_" + objects['objects'][obj_key]['name'] + + object_req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(uuid4().hex, policy_key, "object") + , objects['objects'][obj_key], headers=auth_headers) + assert object_req.status == hug.HTTP_208 + + """ action category """ + action_response = requests.get("{}/policies/{}/actions".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + actions = action_response.json() + action_key = next(iter(actions['actions'])) + actions['actions'][action_key]['name'] = "updated_" + actions['actions'][action_key]['name'] + + action_req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(uuid4().hex, policy_key, + "action"), + actions['actions'][action_key], headers=auth_headers) + assert action_req.status == hug.HTTP_208 + + +def test_pipeline_delete_perimeter_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + policies_response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = policies_response.json() + policy_key = next(iter(policies['policies'])) + + subject_response = requests.get("{}/policies/{}/subjects".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + subjects = subject_response.json() + subj_key = next(iter(subjects['subjects'])) + subjects['subjects'][subj_key]['name'] = "updated_" + subjects['subjects'][subj_key]['name'] + + delete_subject_response = hug.test.delete(update, "/update/perimeter/{}/{}/{}".format(subj_key, policy_key, + "subject"), + headers=auth_headers) + assert delete_subject_response.status == hug.HTTP_202 + + object_response = requests.get("{}/policies/{}/objects".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + objects = object_response.json() + assert 'objects' in objects and len(objects['objects']) + + for key in objects['objects']: + delete_object_response = hug.test.delete(update, "/update/perimeter/{}/{}/{}".format(key, policy_key, 'object'), + headers=auth_headers) + assert delete_object_response.status == hug.HTTP_202 + + action_response = requests.get("{}/policies/{}/actions".format(get_configuration( + "management").get("url"), policy_key), headers=auth_headers) + actions = action_response.json() + assert 'actions' in actions and len(actions['actions']) + + for key in actions['actions']: + delete_action_response = hug.test.delete(update, "/update/perimeter/{}/{}/{}".format(key, policy_key, 'action'), + headers=auth_headers) + assert delete_action_response.status == hug.HTTP_202 + + +def test_pipeline_delete_assignments(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + policies = response.json() + policy_id = next(iter(policies['policies'])) + + sub_assig_response = requests.get("{}/policies/{}/subject_assignments".format(get_configuration("management").get("url"), + policy_id), headers=auth_headers) + + subject_assignments = sub_assig_response.json() + assert 'subject_assignments' in subject_assignments and len( + subject_assignments['subject_assignments']) + req = hug.test.delete(update, + "/update/assignment/{}/{}/".format(policy_id, "subject"), + headers=auth_headers) + assert req.status == hug.HTTP_202 + + obj_assig_response = requests.get("{}/policies/{}/object_assignments".format(get_configuration( + "management").get("url"), policy_id), + headers=auth_headers) + object_assignments = obj_assig_response.json() + assert 'object_assignments' in object_assignments and len( + object_assignments['object_assignments']) + req = hug.test.delete(update, + "/update/assignment/{}/{}/".format(policy_id, "object"), + headers=auth_headers) + assert req.status == hug.HTTP_202 + + action_assig_response = requests.get("{}/policies/{}/action_assignments".format(get_configuration( + "management").get("url"), policy_id), + headers=auth_headers) + action_assignments = action_assig_response.json() + assert 'action_assignments' in action_assignments and len( + action_assignments['action_assignments']) + req = hug.test.delete(update, + "/update/assignment/{}/{}/".format(policy_id, "action"), + headers=auth_headers) + assert req.status == hug.HTTP_202 + + +def test_pipeline_delete_rule(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + policy_response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + policies = policy_response.json() + policy_id = next(iter(policies['policies'])) + + rules_response = requests.get( + "{}/policies/{}/rules".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + rules = rules_response.json() + + assert len(rules['rules']['rules']) + for i in range(0, len(rules['rules']['rules'])): + req = hug.test.delete(update, "/update/rule/{}/{}".format(policy_id, rules['rules'][ + 'rules'][i]['id']), headers=auth_headers) + assert req.status == hug.HTTP_202 + + +def test_pipeline_update_model_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + model_response = requests.get("{}/models".format(get_configuration("management").get("url")), + headers=auth_headers) + + models = model_response.json() + key = next(iter(models['models'])) + models['models'][key]['name'] = "new " + models['models'][key]['name'] + req = hug.test.put(update, "/update/model/{}".format(key), + models['models'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_update_model_not_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + model_response = requests.get("{}/models".format(get_configuration("management").get("url")), + headers=auth_headers) + + models = model_response.json() + key = next(iter(models['models'])) + models['models'][key]['name'] = "new " + models['models'][key]['name'] + req = hug.test.put(update, "/update/model/{}".format(uuid4().hex), + models['models'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_delete_model_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + model_response = requests.get("{}/models".format(get_configuration("management").get("url")), + headers=auth_headers) + + models = model_response.json() + key = next(iter(models['models'])) + req = hug.test.delete(update, "/update/model/{}".format(key), headers=auth_headers) + assert req.status == hug.HTTP_202 + + +def test_pipeline_delete_category(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + subject_cat_response = requests.get("{}/subject_categories".format(get_configuration( + "management").get("url")), headers=auth_headers) + subject_categories = subject_cat_response.json() + category_id = next(iter(subject_categories['subject_categories'])) + req = hug.test.delete(update, "/update/meta_data/{}/{}".format(category_id, 'subject'), + headers=auth_headers) + assert req.status == hug.HTTP_202 + + action_cat_response = requests.get("{}/action_categories".format(get_configuration( + "management").get("url")), + headers=auth_headers) + action_categories = action_cat_response.json() + category_id = next(iter(action_categories['action_categories'])) + req = hug.test.delete(update, "/update/meta_data/{}/{}".format(category_id, 'action'), + headers=auth_headers) + assert req.status == hug.HTTP_202 + + obj_cat_response = requests.get("{}/object_categories".format(get_configuration( + "management").get("url")), + headers=auth_headers) + object_categories = obj_cat_response.json() + category_id = next(iter(object_categories['object_categories'])) + req = hug.test.delete(update, "/update/meta_data/{}/{}".format(category_id, 'object'), + headers=auth_headers) + assert req.status == hug.HTTP_202 + + +def test_pipeline_update_meta_rule_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + meta_rules_response = requests.get("{}/meta_rules".format(get_configuration("management").get("url")), + headers=auth_headers) + + meta_rules = meta_rules_response.json() + key = next(iter(meta_rules['meta_rules'])) + meta_rules['meta_rules'][key]['name'] = "new " + meta_rules['meta_rules'][key]['name'] + req = hug.test.put(update, "/update/meta_rule/{}".format(key), + meta_rules['meta_rules'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_update_meta_rule_not_existed(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + meta_rules_response = requests.get("{}/meta_rules".format(get_configuration("management").get("url")), + headers=auth_headers) + + meta_rules = meta_rules_response.json() + key = next(iter(meta_rules['meta_rules'])) + meta_rules['meta_rules'][key]['name'] = "new " + meta_rules['meta_rules'][key]['name'] + req = hug.test.put(update, "/update/meta_rule/{}".format(uuid4().hex), + meta_rules['meta_rules'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_pipeline_delete_meta_rule(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + meta_rules_response = requests.get("{}/meta_rules".format(get_configuration("management").get("url")), + headers=auth_headers) + + meta_rules = meta_rules_response.json() + key = next(iter(meta_rules['meta_rules'])) + req = hug.test.delete(update, "/update/meta_rule/{}".format(key), headers=auth_headers) + assert req.status == hug.HTTP_202 + + +def test_pipeline_delete_data(): + from moon_engine.api.pipeline import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_engine.api.configuration import get_configuration + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + policies_response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = policies_response.json() + policy_id = next(iter(policies['policies'])) + + subject_data_response = requests.get( + "{}/policies/{}/subject_data".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + subject_data_id = next(iter(subject_data_response.json()['subject_data'][0]['data'])) + delete_subject_data_response = hug.test.delete(update, "/update/data/{}/{}".format(subject_data_id, 'subject'), + headers=auth_headers) + assert delete_subject_data_response.status == hug.HTTP_202 + + object_data_response = requests.get( + "{}/policies/{}/object_data".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + object_data_id = next(iter(object_data_response.json()['object_data'][0]['data'])) + delete_object_data_response = hug.test.delete(update, "/update/data/{}/{}".format(object_data_id, 'object'), + headers=auth_headers) + assert delete_object_data_response.status == hug.HTTP_202 + + action_data_response = requests.get( + "{}/policies/{}/action_data".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + action_data_id = next(iter(action_data_response.json()['action_data'][0]['data'])) + delete_action_data_response = hug.test.delete(update, "/update/data/{}/{}".format(action_data_id, 'action'), + headers=auth_headers) + assert delete_action_data_response.status == hug.HTTP_202 + + +# def test_pipeline_delete_attributes(): +# from moon_engine.api.pipeline import update +# from moon_utilities.auth_functions import get_api_key_for_user +# from moon_engine.api.configuration import get_configuration +# +# auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} +# +# attributes_response = requests.get( +# "{}/attributes".format(get_configuration("management").get("url")), +# headers=auth_headers) +# +# attributes = attributes_response.json() +# key = next(iter(attributes['attributes'])) +# req = hug.test.delete(update, "/update/attributes/{}".format(key), headers=auth_headers) +# assert req.status == hug.HTTP_202 + + diff --git a/moon_engine/tests/unit_python/api/test_status.py b/moon_engine/tests/unit_python/api/test_status.py new file mode 100644 index 00000000..e38f35e6 --- /dev/null +++ b/moon_engine/tests/unit_python/api/test_status.py @@ -0,0 +1,21 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import hug + + +def test_status(benchmark): + from moon_engine.api import status + + # Fixme: Add tests on enforce function to have a benchmark on enforce rapidity + req = benchmark(hug.test.get, status, "/status") + assert isinstance(req.data, dict) diff --git a/moon_engine/tests/unit_python/api/wrapper/__init__.py b/moon_engine/tests/unit_python/api/wrapper/__init__.py new file mode 100644 index 00000000..582be686 --- /dev/null +++ b/moon_engine/tests/unit_python/api/wrapper/__init__.py @@ -0,0 +1,11 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + diff --git a/moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py b/moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py new file mode 100644 index 00000000..770e9bb6 --- /dev/null +++ b/moon_engine/tests/unit_python/api/wrapper/test_oslo_wrapper.py @@ -0,0 +1,209 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import hug +import json +import requests + + +def get_subject_object_action(): + from moon_engine.api.configuration import get_configuration + from moon_cache.cache import Cache + from moon_utilities.auth_functions import get_api_key_for_user + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), + api_key=get_api_key_for_user("admin")) + + # Note: patching the cache for the test + CACHE.add_pipeline("b3d3e18a-bf33-40e8-b635-fd49e6634ccd", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + CACHE.add_pipeline("f8f49a77-9ceb-47b3-ac81-0f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + pdp = response.json() + pdp_id = next(iter(pdp['pdps'])) + policy_id = pdp['pdps'][pdp_id].get("security_pipeline")[0] + project_id = pdp['pdps'][pdp_id].get("vim_project_id") + + # response = requests.get("{}/policies".format(get_configuration("management").get("url")), + # headers=auth_headers) + # policies = response.json() + # policy_id = next(iter(policies['policies'])) + + response = requests.get("{}/policies/{}/subjects".format( + get_configuration("management").get("url"), policy_id), headers=auth_headers) + subjects = response.json() + + response = requests.get("{}/policies/{}/objects".format( + get_configuration("management").get("url"), policy_id), headers=auth_headers) + objects = response.json() + + response = requests.get("{}/policies/{}/actions".format( + get_configuration("management").get("url"), policy_id), headers=auth_headers) + actions = response.json() + return subjects, objects, actions, project_id + + +def test_post_authz(): + from moon_engine.plugins import oslowrapper + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + pdp = response.json() + pdp_id = next(iter(pdp['pdps'])) + policy_id = pdp['pdps'][pdp_id].get("security_pipeline")[0] + project_id = pdp['pdps'][pdp_id].get("vim_project_id") + + response = requests.get("{}/policies/{}/subjects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + subjects = response.json() + + response = requests.get("{}/policies/{}/objects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + objects = response.json() + + response = requests.get("{}/policies/{}/actions".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + actions = response.json() + + subjects_name = subjects['subjects'][next(iter(subjects['subjects']))]['name'] + objects_name = objects['objects'][next(iter(objects['objects']))]['name'] + actions_name = actions['actions'][next(iter(actions['actions']))]['name'] + + # Note: patching the cache for the test + from moon_cache.cache import Cache + CACHE = Cache.getInstance() + CACHE.add_pipeline("b3d3e18abf3340e8b635fd49e6634ccd", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + CACHE.add_pipeline("f8f49a779ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + + _target = { + 'target': { + "name": objects_name, + }, + "project_id": project_id, + "user_id": subjects_name + } + _credentials = { + "project_id": project_id, + "user_id": subjects_name + } + + authz_data = { + 'rule': actions_name, + 'target': json.dumps(_target), + 'credentials': json.dumps(_credentials)} + req = hug.test.post(oslowrapper, "/authz/oslo", authz_data) + assert req.status == hug.HTTP_200 + + +def test_authz_true(): + from moon_engine.plugins import oslowrapper + + subjects, objects, actions, project_id = get_subject_object_action() + + _target = { + 'target': { + "name": objects['objects'][next(iter(objects['objects']))]['name'], + }, + "project_id": project_id, + "user_id": subjects['subjects'][next(iter(subjects['subjects']))]['name'] + } + _credentials = { + "project_id": project_id, + "user_id": subjects['subjects'][next(iter(subjects['subjects']))]['name'] + } + authz_data = { + 'rule': actions['actions'][next(iter(actions['actions']))]['name'], + 'target': json.dumps(_target), + 'credentials': json.dumps(_credentials)} + + req = hug.test.post(oslowrapper, "/authz/oslo", body=authz_data) + + assert req.status == hug.HTTP_200 and req.data is not None and req.data + + +def test_authz_error_response_code(): + from moon_engine.plugins import oslowrapper + + subjects, objects, actions, project_id = get_subject_object_action() + + _target = { + 'target': { + "name": objects['objects'][next(iter(objects['objects']))]['name'], + }, + "project_id": "a64beb1cc224474fb4badd431f3e7106", # invalid project id + "user_id": subjects['subjects'][next(iter(subjects['subjects']))]['name'] + } + authz_data = { + 'rule': actions['actions'][next(iter(actions['actions']))]['name'], + 'target': json.dumps(_target), + 'credentials': 'null'} + + print(authz_data) + req = hug.test.post(oslowrapper, "/authz/oslo", body=authz_data) + + assert req.status != hug.HTTP_200 + +# def test_authz_error_no_interface_key(context): +# import moon_wrapper.server +# server = moon_wrapper.server.main() +# client = server.app.test_client() +# _target = { +# 'target': { +# "name": context.get('object_name'), +# }, +# "project_id": context.get('project_with_no_interface_key'), +# "user_id": context.get('subject_name') +# } +# authz_data = { +# 'rule': context.get('action_name'), +# 'target': json.dumps(_target), +# 'credentials': 'null'} +# req = client.post("/authz/oslo", data=json.dumps(authz_data)) +# +# assert req.data == b"False" diff --git a/moon_engine/tests/unit_python/api/wrapper/test_pipeline.py b/moon_engine/tests/unit_python/api/wrapper/test_pipeline.py new file mode 100644 index 00000000..ed16883d --- /dev/null +++ b/moon_engine/tests/unit_python/api/wrapper/test_pipeline.py @@ -0,0 +1,32 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import hug + + +def test_get_pipelines(): + from moon_engine.api.wrapper.api import pipeline + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + req = hug.test.get(pipeline, "/pipelines", headers=auth_headers ) + assert req.status == hug.HTTP_200 + assert isinstance(req.data, dict) + assert "pipelines" in req.data diff --git a/moon_engine/tests/unit_python/api/wrapper/test_update.py b/moon_engine/tests/unit_python/api/wrapper/test_update.py new file mode 100644 index 00000000..75e7ef2d --- /dev/null +++ b/moon_engine/tests/unit_python/api/wrapper/test_update.py @@ -0,0 +1,602 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import hug +import requests + + +def test_wrapper_update_policy_existed(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), + api_key=get_api_key_for_user("admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + key = next(iter(policies['policies'])) + policies['policies'][key]['name'] = "new " + policies['policies'][key]['name'] + req = hug.test.put(update, "/update/policy/{}".format(key), + policies['policies'][key], headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_policy(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), + api_key=get_api_key_for_user("admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + policies = response.json() + key = next(iter(policies['policies'])) + req = hug.test.delete(update, "/update/policy/{}".format(key), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_update_policy_not_existed(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), + api_key=get_api_key_for_user("admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + policies = response.json() + key = next(iter(policies['policies'])) + policies['policies'][key]['name'] = "new " + policies['policies'][key]['name'] + req = hug.test.put(update, "/update/policy/{}".format("eac0ecd09ceb47b3ac810f01ef71b4e0"), + policies['policies'][key], headers=auth_headers) + assert req.status == hug.HTTP_208 + + +def test_wrapper_update_pdp_existed(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + + pdps = response.json() + key = next(iter(pdps['pdps'])) + pdps['pdps'][key]['name'] = "new " + pdps['pdps'][key]['name'] + req = hug.test.put(update, "/update/pdp/{}".format(key), + pdps['pdps'][key], headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_pdp(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + + pdps = response.json() + key = next(iter(pdps['pdps'])) + req = hug.test.delete(update, "/update/pdp/{}".format(key), headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_assignments(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + policies = response.json() + policy_id = next(iter(policies['policies'])) + + response = requests.get("{}/policies/{}/subject_assignments".format(get_configuration( + "management").get("url"), policy_id), + headers=auth_headers) + subject_assignments = response.json() + assert 'subject_assignments' in subject_assignments and len( + subject_assignments['subject_assignments']) + req = hug.test.delete(update, + "/update/assignment/{}/{}/".format(policy_id, "subject"), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/policies/{}/object_assignments".format(get_configuration( + "management").get("url"), policy_id), + headers=auth_headers) + object_assignments = response.json() + assert 'object_assignments' in object_assignments and len( + object_assignments['object_assignments']) + req = hug.test.delete(update, + "/update/assignment/{}/{}/".format(policy_id, "object"), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/policies/{}/action_assignments".format(get_configuration( + "management").get("url"), policy_id), + headers=auth_headers) + action_assignments = response.json() + assert 'action_assignments' in action_assignments and len( + action_assignments['action_assignments']) + req = hug.test.delete(update, + "/update/assignment/{}/{}/".format(policy_id, "action"), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_update_perimeter_existed(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + policy_id = next(iter(policies['policies'])) + + response = requests.get("{}/policies/{}/subjects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + subjects = response.json() + assert 'subjects' in subjects and len(subjects['subjects']) + + for key in subjects['subjects']: + subjects['subjects'][key]['name'] = "new " + subjects['subjects'][key]['name'] + req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(key, policy_id, 'subject'), + subjects['subjects'][key], headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/policies/{}/objects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + objects = response.json() + assert 'objects' in objects and len(objects['objects']) + + for key in objects['objects']: + objects['objects'][key]['name'] = "new " + objects['objects'][key]['name'] + req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(key, policy_id, 'object'), + objects['objects'][key], headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/policies/{}/actions".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + actions = response.json() + assert 'actions' in actions and len(actions['actions']) + + for key in actions['actions']: + actions['actions'][key]['name'] = "new " + actions['actions'][key]['name'] + req = hug.test.put(update, "/update/perimeter/{}/{}/{}".format(key, policy_id, 'action'), + actions['actions'][key], headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_perimeter(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), + api_key=get_api_key_for_user("admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + policy_id = next(iter(policies['policies'])) + + response = requests.get("{}/policies/{}/subjects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + subjects = response.json() + assert 'subjects' in subjects and len(subjects['subjects']) + + for key in subjects['subjects']: + req = hug.test.delete(update, + "/update/perimeter/{}/{}/{}".format(key, policy_id, 'subject'), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/policies/{}/objects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + objects = response.json() + assert 'objects' in objects and len(objects['objects']) + + for key in objects['objects']: + req = hug.test.delete(update, "/update/perimeter/{}/{}/{}".format(key, policy_id, 'object'), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/policies/{}/actions".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + actions = response.json() + assert 'actions' in actions and len(actions['actions']) + + for key in actions['actions']: + req = hug.test.delete(update, "/update/perimeter/{}/{}/{}".format(key, policy_id, 'action'), + headers=auth_headers) + + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_rule(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + policies = response.json() + policy_id = next(iter(policies['policies'])) + + response = requests.get( + "{}/policies/{}/rules".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + rules = response.json() + assert 'rules' in rules and 'policy_id' in rules['rules'] + assert rules['rules']['policy_id'] == policy_id + assert len(rules['rules']['rules']) + for i in range(0, len(rules['rules']['rules'])): + req = hug.test.delete(update, "/update/rule/{}/{}".format(policy_id, + rules['rules']['rules'][i]['id']), headers=auth_headers) + + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_update_model_existed(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/models".format(get_configuration("management").get("url")), + headers=auth_headers) + + models = response.json() + key = next(iter(models['models'])) + models['models'][key]['name'] = "new " + models['models'][key]['name'] + req = hug.test.put(update, "/update/model/{}".format(key), + models['models'][key], headers=auth_headers) + + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_model(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/models".format(get_configuration("management").get("url")), + headers=auth_headers) + + models = response.json() + key = next(iter(models['models'])) + req = hug.test.delete(update, "/update/model/{}".format(key), headers=auth_headers) + + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_category(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/subject_categories".format(get_configuration("management").get("url")), + headers=auth_headers) + subject_categories = response.json() + category_id = next(iter(subject_categories['subject_categories'])) + req = hug.test.delete(update, "/update/meta_data/{}/{}".format(category_id, 'subject'), + headers=auth_headers) + + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/action_categories".format(get_configuration("management").get("url")), + headers=auth_headers) + action_categories = response.json() + category_id = next(iter(action_categories['action_categories'])) + req = hug.test.delete(update, "/update/meta_data/{}/{}".format(category_id, 'action'), + headers=auth_headers) + + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get("{}/object_categories".format(get_configuration("management").get("url")), + headers=auth_headers) + object_categories = response.json() + category_id = next(iter(object_categories['object_categories'])) + req = hug.test.delete(update, "/update/meta_data/{}/{}".format(category_id, 'object'), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_update_meta_rule_existed(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/meta_rules".format(get_configuration("management").get("url")), + headers=auth_headers) + + meta_rules = response.json() + key = next(iter(meta_rules['meta_rules'])) + meta_rules['meta_rules'][key]['name'] = "new " + meta_rules['meta_rules'][key]['name'] + req = hug.test.put(update, "/update/meta_rule/{}".format(key), + meta_rules['meta_rules'][key], headers=auth_headers) + + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_meta_rule(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/meta_rules".format(get_configuration("management").get("url")), + headers=auth_headers) + + meta_rules = response.json() + key = next(iter(meta_rules['meta_rules'])) + req = hug.test.delete(update, "/update/meta_rule/{}".format(key), headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + +def test_wrapper_delete_data(): + from moon_engine.api.wrapper.api import update + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), api_key=get_api_key_for_user( + "admin")) + + CACHE.add_pipeline("eac0ecd09ceb47b3ac810f01ef71b4e0", { + "name": "test", + "description": "test", + "host": "127.0.0.1", + "port": 20000, + }) + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/policies".format(get_configuration("management").get("url")), + headers=auth_headers) + + policies = response.json() + policy_id = next(iter(policies['policies'])) + + response = requests.get( + "{}/policies/{}/subject_data".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + subject_data_id = next(iter(response.json()['subject_data'][0]['data'])) + req = hug.test.delete(update, "/update/data/{}/{}".format(subject_data_id,'subject'), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get( + "{}/policies/{}/object_data".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + object_data_id = next(iter(response.json()['object_data'][0]['data'])) + req = hug.test.delete(update, "/update/data/{}/{}".format(object_data_id, 'object'), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) + + response = requests.get( + "{}/policies/{}/action_data".format(get_configuration("management").get("url"), policy_id), + headers=auth_headers) + action_data_id = next(iter(response.json()['action_data'][0]['data'])) + req = hug.test.delete(update, "/update/data/{}/{}".format(action_data_id, 'action'), + headers=auth_headers) + assert (req.status == hug.HTTP_202 or req.status == hug.HTTP_200) diff --git a/moon_engine/tests/unit_python/api/wrapper/test_wrapper_authz.py b/moon_engine/tests/unit_python/api/wrapper/test_wrapper_authz.py new file mode 100644 index 00000000..c4df249f --- /dev/null +++ b/moon_engine/tests/unit_python/api/wrapper/test_wrapper_authz.py @@ -0,0 +1,57 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import hug +import requests + + +def test_wrapper_get_authz(): + from moon_engine.api.wrapper.api import authz + from moon_utilities.auth_functions import get_api_key_for_user + from moon_cache.cache import Cache + from moon_engine.api.configuration import get_configuration + CACHE = Cache.getInstance(manager_url=get_configuration("management").get("url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + CACHE.set_current_server(url=get_configuration("management").get("url"), + api_key=get_api_key_for_user("admin")) + + auth_headers = {"X-Api-Key": get_api_key_for_user("admin")} + + response = requests.get("{}/pdp".format(get_configuration("management").get("url")), + headers=auth_headers) + + pdp = response.json() + pdp_id = next(iter(pdp['pdps'])) + policy_id = pdp['pdps'][pdp_id].get("security_pipeline")[0] + project_id = pdp['pdps'][pdp_id].get("vim_project_id") + + response = requests.get("{}/policies/{}/subjects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + subjects = response.json() + + response = requests.get("{}/policies/{}/objects".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + objects = response.json() + + response = requests.get("{}/policies/{}/actions".format(get_configuration( + "management").get("url"), policy_id), headers=auth_headers) + actions = response.json() + + subjects_name = subjects['subjects'][next(iter(subjects['subjects']))]['name'] + objects_name = objects['objects'][next(iter(objects['objects']))]['name'] + actions_name = actions['actions'][next(iter(actions['actions']))]['name'] + + req = hug.test.get(authz, "/authz/{}/{}/{}/{}".format( + project_id, subjects_name, objects_name, actions_name)) + assert req.status == hug.HTTP_200 diff --git a/moon_engine/tests/unit_python/conftest.py b/moon_engine/tests/unit_python/conftest.py new file mode 100644 index 00000000..6b7ab339 --- /dev/null +++ b/moon_engine/tests/unit_python/conftest.py @@ -0,0 +1,60 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import os +import pytest +import requests_mock +import mock_require_data + + +@pytest.fixture(autouse=True) +def no_requests(monkeypatch): + """ Modify the response from Requests module + """ + global manager_api_key + with requests_mock.Mocker(real_http=True) as m: + try: + os.remove("/tmp/database_test.db") + except FileNotFoundError: + pass + try: + os.remove("/tmp/moon.pwd") + except FileNotFoundError: + pass + print("Configure...") + mock_require_data.register_require_data(m) + #from moon_engine.api.configuration import set_configuration + #set_configuration(yaml.safe_load(__CONF)) + print("Create a new user") + from moon_utilities.auth_functions import add_user, init_db, get_api_key_for_user + init_db("/tmp/moon.pwd") + try: + user = add_user("admin", "admin") + manager_api_key = user["api_key"] + except KeyError: + print("User already exists") + manager_api_key = get_api_key_for_user("admin") + print("Initialize the database") + # init_database() + # from moon_manager import db_driver + # db_driver.init() + + # mock_engine.register_engine(m) + # mock_slaves.register_slaves(m) + + # from moon_manager.pip_driver import InformationManager + # InformationManager.set_auth() + + from moon_cache.cache import Cache + Cache.deleteInstance() + yield m + # InformationManager.unset_auth() diff --git a/moon_engine/tests/unit_python/mock_require_data.py b/moon_engine/tests/unit_python/mock_require_data.py new file mode 100644 index 00000000..63557285 --- /dev/null +++ b/moon_engine/tests/unit_python/mock_require_data.py @@ -0,0 +1,762 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + + +def register_require_data(m): + m.register_uri( + 'GET', 'http://127.0.0.1:20000/authz/testuser/vm1/boot', + json={}, + status_code=204 + ) + m.register_uri( + 'GET', 'http://127.0.0.1:10000/authz/a64beb1cc224474fb4badd43173e7101/testuser/vm1/boot', + json={}, + status_code=204 + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/pdp', + json={ + "pdps": { + "b3d3e18abf3340e8b635fd49e6634ccd": { + "description": "test", + "security_pipeline": [ + "f8f49a779ceb47b3ac810f01ef71b4e0" + ], + "name": "pdp_rbac", + "vim_project_id": "a64beb1cc224474fb4badd43173e7101" + }, + "eac0ecd09ceb47b3ac810f01ef71b4e0": { + "description": "test", + "security_pipeline": [ + "f8f49a779ceb47b3ac810f01ef71b4e0" + ], + "name": "pdp_rbac2", + "vim_project_id": "z64beb1cc224474fb4badd43173e7108" + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/pdp/b3d3e18abf3340e8b635fd49e6634ccd', + json={ + "pdps": { + "b3d3e18abf3340e8b635fd49e6634ccd": { + "description": "test", + "security_pipeline": [ + "f8f49a779ceb47b3ac810f01ef71b4e0" + ], + "name": "pdp_rbac", + "vim_project_id": "a64beb1cc224474fb4badd43173e7101" + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/pdp/eac0ecd09ceb47b3ac810f01ef71b4e0', + json={ + "pdps": { + "eac0ecd09ceb47b3ac810f01ef71b4e0": { + "description": "test", + "security_pipeline": [ + "f8f49a779ceb47b3ac810f01ef71b4e0" + ], + "name": "pdp_rbac", + "vim_project_id": "z64beb1cc224474fb4badd43173e7108" + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies', + json={ + "policies": { + "f8f49a779ceb47b3ac810f01ef71b4e0": { + "name": "RBAC policy example", + "model_id": "cd923d8633ff4978ab0e99938f5153d6", + "description": "test", + "genre": "authz" + } + } + } + ) + + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0', + json={ + "f8f49a779ceb47b3ac810f01ef71b4e0": { + "name": "RBAC policy example", + "model_id": "cd923d8633ff4978ab0e99938f5153d6", + "description": "test", + "genre": "authz" + } + } + ) + + m.register_uri( + 'GET', 'http://127.0.0.1:8000/models', + json={ + "models": { + "cd923d8633ff4978ab0e99938f5153d6": { + "name": "RBAC", + "meta_rules": [ + "4700cc0e38ef4cffa34025602d267c9e" + ], + "description": "test" + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/meta_rules', + json={ + "meta_rules": { + "4700cc0e38ef4cffa34025602d267c9e": { + "subject_categories": [ + "14e6ae0ba34d458b876c791b73aa17bd" + ], + "action_categories": [ + "241a2a791554421a91c9f1bc564aa94d" + ], + "description": "", + "name": "rbac", + "object_categories": [ + "6d48500f639d4c2cab2b1f33ef93a1e8" + ] + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/subject_categories', + json={ + 'subject_categories': + { + '14e6ae0ba34d458b876c791b73aa17bd': + { + 'id': '14e6ae0ba34d458b876c791b73aa17bd', + 'name': 'testuser14e6ae0ba34d458b876c791b73aa17bd', + 'description': 'description of testuser14e6ae0ba34d458b876c791b73aa17bd' + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/action_categories', + json={ + 'action_categories': + { + '241a2a791554421a91c9f1bc564aa94d': + { + 'id': '241a2a791554421a91c9f1bc564aa94d', + 'name': 'testuser241a2a791554421a91c9f1bc564aa94d', + 'description': 'description of testuser241a2a791554421a91c9f1bc564aa94d' + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/object_categories', + json={ + 'object_categories': + { + '6d48500f639d4c2cab2b1f33ef93a1e8': + { + 'id': '6d48500f639d4c2cab2b1f33ef93a1e8', + 'name': '6d48500f639d4c2cab2b1f33ef93a1e8', + 'description': 'description of testuser6d48500f639d4c2cab2b1f33ef93a1e8' + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subjects', + json={ + "subjects": { + "89ba91c18dd54abfbfde7a66936c51a6": { + "description": "test", + "policy_list": [ + "f8f49a779ceb47b3ac810f01ef71b4e0", + "636cd473324f4c0bbd9102cb5b62a16d" + ], + "name": "testuser", + "email": "mail", + "id": "89ba91c18dd54abfbfde7a66936c51a6", + "extra": {} + }, + "31fd15ad14784a9696fcc887dddbfaf9": { + "description": "test", + "policy_list": [ + "f8f49a779ceb47b3ac810f01ef71b4e0", + "636cd473324f4c0bbd9102cb5b62a16d" + ], + "name": "adminuser", + "email": "mail", + "id": "31fd15ad14784a9696fcc887dddbfaf9", + "extra": {} + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/objects', + json={ + "objects": { + "67b8008a3f8d4f8e847eb628f0f7ca0e": { + "name": "vm1", + "description": "test", + "id": "67b8008a3f8d4f8e847eb628f0f7ca0e", + "extra": {}, + "policy_list": [ + "f8f49a779ceb47b3ac810f01ef71b4e0", + "636cd473324f4c0bbd9102cb5b62a16d" + ] + }, + "9089b3d2ce5b4e929ffc7e35b55eba1a": { + "name": "vm0", + "description": "test", + "id": "9089b3d2ce5b4e929ffc7e35b55eba1a", + "extra": {}, + "policy_list": [ + "f8f49a779ceb47b3ac810f01ef71b4e0", + "636cd473324f4c0bbd9102cb5b62a16d" + ] + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/actions', + json={ + "actions": { + "cdb3df220dc05a6ea3334b994827b068": { + "name": "boot", + "description": "test", + "id": "cdb3df220dc05a6ea3334b994827b068", + "extra": {}, + "policy_list": [ + "f8f49a779ceb47b3ac810f01ef71b4e0", + "636cd473324f4c0bbd9102cb5b62a16d" + ] + }, + "9f5112afe9b34a6c894eb87246ccb7aa": { + "name": "start", + "description": "test", + "id": "9f5112afe9b34a6c894eb87246ccb7aa", + "extra": {}, + "policy_list": [ + "f8f49a779ceb47b3ac810f01ef71b4e0", + "636cd473324f4c0bbd9102cb5b62a16d" + ] + } + } + } + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subject_assignments', + json={ + "subject_assignments": { + "826c1156d0284fc9b4b2ddb279f63c52": { + "category_id": "14e6ae0ba34d458b876c791b73aa17bd", + "assignments": [ + "24ea95256c5f4c888c1bb30a187788df", + "6b227b77184c48b6a5e2f3ed1de0c02a", + "31928b17ec90438ba5a2e50ae7650e63", + "4e60f554dd3147af87595fb6b37dcb13", + "7a5541b63a024fa88170a6b59f99ccd7", + "dd2af27812f742029d289df9687d6126", + "4d4b3c3ba45e48589b382a6e369bafbe", + ], + "id": "826c1156d0284fc9b4b2ddb279f63c52", + "subject_id": "89ba91c18dd54abfbfde7a66936c51a6", + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" + }, + "7407ffc1232944279b0cbcb0847c86f7": { + "category_id": "315072d40d774c43a89ff33937ed24eb", + "assignments": [ + "6b227b77184c48b6a5e2f3ed1de0c02a", + "31928b17ec90438ba5a2e50ae7650e63", + "7a5541b63a024fa88170a6b59f99ccd7", + "dd2af27812f742029d289df9687d6126", + ], + "id": "7407ffc1232944279b0cbcb0847c86f7", + "subject_id": "89ba91c18dd54abfbfde7a66936c51a6", + "policy_id": "3e65256389b448cb9897917ea235f0bb" + } + } + } + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/object_assignments', + json={ + "object_assignments": { + "201ad05fd3f940948b769ab9214fe295": { + "object_id": "9089b3d2ce5b4e929ffc7e35b55eba1a", + "assignments": [ + "030fbb34002e4236a7b74eeb5fd71e35", + "4b7793dbae434c31a77da9d92de9fa8c", + '11209d83b167438cb8ab3e5d5351329e', + ], + "id": "201ad05fd3f940948b769ab9214fe295", + "category_id": "33aece52d45b4474a20dc48a76800daf", + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" + }, + "90c5e86f8be34c0298fbd1973e4fb043": { + "object_id": "67b8008a3f8d4f8e847eb628f0f7ca0e", + "assignments": [ + "7dc76c6142af47c88b60cc2b0df650ba", + "4b7793dbae434c31a77da9d92de9fa8c", + '11209d83b167438cb8ab3e5d5351329e' + ], + "id": "90c5e86f8be34c0298fbd1973e4fb043", + "category_id": "6d48500f639d4c2cab2b1f33ef93a1e8", + "policy_id": "3e65256389b448cb9897917ea235f0bb" + } + } + } + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/action_assignments', + json={ + "action_assignments": { + "2128e3ffbd1c4ef5be515d625745c2d4": { + "category_id": "241a2a791554421a91c9f1bc564aa94d", + "action_id": "cdb3df220dc05a6ea3334b994827b068", + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", + "id": "2128e3ffbd1c4ef5be515d625745c2d4", + "assignments": [ + "570c036781e540dc9395b83098c40ba7", + "7fe17d7a2e3542719f8349c3f2273182", + "015ca6f40338422ba3f692260377d638", + "23d44c17bf88480f83e8d57d2aa1ea79", + '5ced7ea5e1714f0888d6b4f94c32c29c', + ] + }, + "cffb98852f3a4110af7a0ddfc4e19201": { + "category_id": "4a2c5abaeaf644fcaf3ca8df64000d53", + "action_id": "cdb3df220dc04a6ea3334b994827b068", + "policy_id": "3e65256389b448cb9897917ea235f0bb", + "id": "cffb98852f3a4110af7a0ddfc4e19201", + "assignments": [ + "570c036781e540dc9395b83098c40ba7", + "7fe17d7a2e3542719f8349c3f2273182", + "015ca6f40338422ba3f692260377d638", + "23d44c17bf88480f83e8d57d2aa1ea79" + ] + } + } + } + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subject_assignments/' + '89ba91c18dd54abfbfde7a66936c51a6', + json={ + "subject_assignments": { + "826c1156d0284fc9b4b2ddb279f63c52": { + "category_id": "14e6ae0ba34d458b876c791b73aa17bd", + "assignments": [ + "24ea95256c5f4c888c1bb30a187788df", + "6b227b77184c48b6a5e2f3ed1de0c02a", + "31928b17ec90438ba5a2e50ae7650e63", + "4e60f554dd3147af87595fb6b37dcb13", + "7a5541b63a024fa88170a6b59f99ccd7", + "4d4b3c3ba45e48589b382a6e369bafbe" + ], + "id": "826c1156d0284fc9b4b2ddb279f63c52", + "subject_id": "89ba91c18dd54abfbfde7a66936c51a6", + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" + } + } + } + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/object_assignments/' + '67b8008a3f8d4f8e847eb628f0f7ca0e', + json={ + "object_assignments": { + "201ad05fd3f940948b769ab9214fe295": { + "object_id": "67b8008a3f8d4f8e847eb628f0f7ca0e", + "assignments": [ + "030fbb34002e4236a7b74eeb5fd71e35", + "11209d83b167438cb8ab3e5d5351329e" + ], + "id": "201ad05fd3f940948b769ab9214fe295", + "category_id": "6d48500f639d4c2cab2b1f33ef93a1e8", + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0" + } + } + } + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/action_assignments/' + 'cdb3df220dc05a6ea3334b994827b068', + json={ + "action_assignments": { + "2128e3ffbd1c4ef5be515d625745c2d4": { + "category_id": "241a2a791554421a91c9f1bc564aa94d", + "action_id": "cdb3df220dc05a6ea3334b994827b068", + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", + "id": "2128e3ffbd1c4ef5be515d625745c2d4", + "assignments": [ + "570c036781e540dc9395b83098c40ba7", + "7fe17d7a2e3542719f8349c3f2273182", + "015ca6f40338422ba3f692260377d638", + "f8f49a779ceb47b3ac810f01ef71b4e0" + ] + } + } + } + ) + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/rules', + json={ + "rules": { + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", + "rules": [ + { + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", + "rule": [ + "24ea95256c5f4c888c1bb30a187788df", + "030fbb34002e4236a7b74eeb5fd71e35", + "570c036781e540dc9395b83098c40ba7" + ], + "enabled": True, + "id": "0201a2bcf56943c1904dbac016289b71", + "instructions": [ + { + "decision": "grant" + } + ], + "meta_rule_id": "4700cc0e38ef4cffa34025602d267c9e" + }, + { + "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0", + "rule": [ + "4d4b3c3ba45e48589b382a6e369bafbe", + '11209d83b167438cb8ab3e5d5351329e', + '5ced7ea5e1714f0888d6b4f94c32c29c' + ], + "enabled": True, + "id": "0bd7da3b20bb4b57af10c0e362aac847", + "instructions": [ + { + "decision": "grant" + } + ], + "meta_rule_id": "4700cc0e38ef4cffa34025602d267c9e" + } + ] + } + } + ) + + m.register_uri( + 'GET', 'http://127.0.0.1:8000/pipelines', + json={ + "pipelines": { + 'b3d3e18abf3340e8b635fd49e6634ccd': { + 'starttime': '1548688120.3931532', + "port": '20000', + "server_ip": '127.0.0.1', + "status": 'up', + "log": '/tmp/moon_policy_id_2.log' + } + + } + } + ) + + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subject_data', + json={ + 'subject_data': [ + { + 'policy_id': 'f8f49a779ceb47b3ac810f01ef71b4e0', + 'category_id': '14e6ae0ba34d458b876c791b73aa17bd', + 'data': { + '4d4b3c3ba45e48589b382a6e369bafbe': { + 'id': '4d4b3c3ba45e48589b382a6e369bafbe', + 'name': 'testuser', + 'description': 'description of testuser', + 'category_id': '14e6ae0ba34d458b876c791b73aa17bd', + 'policy_id': 'f8f49a779ceb47b3ac810f01ef71b4e0' + } + } + }, + ] + } + ) + + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/object_data', + json={ + 'object_data': [ + { + 'policy_id': 'f8f49a779ceb47b3ac810f01ef71b4e0', + 'category_id': '6d48500f639d4c2cab2b1f33ef93a1e8', + 'data': { + '11209d83b167438cb8ab3e5d5351329e': { + 'id': '11209d83b167438cb8ab3e5d5351329e', + 'name': 'testuser', + 'description': 'description of testuser', + 'category_id': '6d48500f639d4c2cab2b1f33ef93a1e8', + 'policy_id': 'f8f49a779ceb47b3ac810f01ef71b4e0' + } + } + }, + ] + } + ) + + m.register_uri( + 'GET', 'http://127.0.0.1:8000/policies/f8f49a779ceb47b3ac810f01ef71b4e0/action_data', + json={ + 'action_data': [ + { + 'policy_id': 'f8f49a779ceb47b3ac810f01ef71b4e0', + 'category_id': '241a2a791554421a91c9f1bc564aa94d', + 'data': { + '5ced7ea5e1714f0888d6b4f94c32c29c': { + 'id': '5ced7ea5e1714f0888d6b4f94c32c29c', + 'name': 'testuser', + 'description': 'description of testuser', + 'category_id': '241a2a791554421a91c9f1bc564aa94d', + 'policy_id': 'f8f49a779ceb47b3ac810f01ef71b4e0' + } + } + } + ] + } + ) + + m.register_uri( + 'GET', 'http://127.0.0.1:8000/slaves', + json={ + "slaves": { + "24aa2a391554421a98c9f1bc564ae94d": { + "name": "slave name", + "address": "http://slave" + } + } + } + ) + + m.register_uri( + 'PUT', 'http://127.0.0.1:20000/update/policy/f8f49a779ceb47b3ac810f01ef71b4e0', + json={} + ) + m.register_uri( + 'DELETE', 'http://127.0.0.1:20000/update/policy/f8f49a779ceb47b3ac810f01ef71b4e0', + json={} + ) + m.register_uri( + 'PUT', 'http://127.0.0.1:20000/update/policy/eac0ecd09ceb47b3ac810f01ef71b4e0', + json={}, + status_code=208 + ) + m.register_uri( + 'DELETE', 'http://127.0.0.1:20000/update/policy/eac0ecd09ceb47b3ac810f01ef71b4e0', + json={} + ) + m.register_uri( + 'PUT', 'http://127.0.0.1:20000/update/pdp/b3d3e18abf3340e8b635fd49e6634ccd', + json={} + ) + m.register_uri( + 'DELETE', 'http://127.0.0.1:20000/update/pdp/b3d3e18abf3340e8b635fd49e6634ccd', + json={} + ) + m.register_uri( + 'DELETE', 'http://127.0.0.1:20000/update/assignment/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/subject', + json={} + ) + m.register_uri( + 'DELETE', 'http://127.0.0.1:20000/update/assignment/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/object', + json={} + ) + m.register_uri( + 'DELETE', 'http://127.0.0.1:20000/update/assignment/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/action', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/perimeter/89ba91c18dd54abfbfde7a66936c51a6/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/subject', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/perimeter/31fd15ad14784a9696fcc887dddbfaf9/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/subject', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/perimeter/67b8008a3f8d4f8e847eb628f0f7ca0e/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/object', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/perimeter/9089b3d2ce5b4e929ffc7e35b55eba1a/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/object', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/perimeter/cdb3df220dc05a6ea3334b994827b068/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/action', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/perimeter/9f5112afe9b34a6c894eb87246ccb7aa/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/action', + json={} + ) + + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/perimeter/89ba91c18dd54abfbfde7a66936c51a6/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/subject', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/perimeter/31fd15ad14784a9696fcc887dddbfaf9/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/subject', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/perimeter/67b8008a3f8d4f8e847eb628f0f7ca0e/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/object', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/perimeter/9089b3d2ce5b4e929ffc7e35b55eba1a/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/object', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/perimeter/cdb3df220dc05a6ea3334b994827b068/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/action', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/perimeter/9f5112afe9b34a6c894eb87246ccb7aa/' + 'f8f49a779ceb47b3ac810f01ef71b4e0/action', + json={} + ) + + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/rule/f8f49a779ceb47b3ac810f01ef71b4e0/' + '0201a2bcf56943c1904dbac016289b71', + json={} + ) + + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/rule/f8f49a779ceb47b3ac810f01ef71b4e0/' + '0bd7da3b20bb4b57af10c0e362aac847', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/model/cd923d8633ff4978ab0e99938f5153d6', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/model/cd923d8633ff4978ab0e99938f5153d6', + json={} + ) + + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/meta_data/14e6ae0ba34d458b876c791b73aa17bd/subject', + json={} + ) + + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/meta_data/241a2a791554421a91c9f1bc564aa94d/action', + json={} + ) + + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/meta_data/6d48500f639d4c2cab2b1f33ef93a1e8/object', + json={} + ) + + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/meta_rule/4700cc0e38ef4cffa34025602d267c9e', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/meta_rule/4700cc0e38ef4cffa34025602d267c9e', + json={} + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:20000/authz/testuser/vm1/boot', + json={}, + status_code=204 + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/data/4d4b3c3ba45e48589b382a6e369bafbe/subject', + json={} + ) + + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/data/11209d83b167438cb8ab3e5d5351329e/object', + json={} + ) + m.register_uri( + 'DELETE', + 'http://127.0.0.1:20000/update/data/5ced7ea5e1714f0888d6b4f94c32c29c/action', + json={} + ) + m.register_uri( + 'PUT', + 'http://127.0.0.1:20000/update/slave/24aa2a391554421a98c9f1bc564ae94d', + json={} + ) + m.register_uri( + 'GET', + '/authz/a64beb1cc224474fb4badd43173e7101/testuser/vm1/boot', + json={"result": True} + ) + m.register_uri( + 'GET', + 'http://127.0.0.1:20000/authz/a64beb1cc224474fb4badd43173e7101/testuser/vm1/boot', + json={"result": True} + ) + + diff --git a/moon_engine/tests/unit_python/moon.yaml b/moon_engine/tests/unit_python/moon.yaml new file mode 100644 index 00000000..a1257a20 --- /dev/null +++ b/moon_engine/tests/unit_python/moon.yaml @@ -0,0 +1,54 @@ +type: "pipeline" +uuid: "a64beb1c-c224-474f-b4ba-dd43173e7101" +management: + url: "http://127.0.0.1:8000" + token_file: moon_engine_users.json +incremental_updates: false +api_token: +data: conf/policy_example.json +debug: true + +orchestration: + driver: moon_engine.plugins.pyorchestrator + connection: local + port: 20000...20100 + config_dir: /tmp + +authorization: + driver: moon_engine.plugins.authz + +plugins: + directory: /tmp + +logging: + version: 1 + + formatters: + brief: + format: "%(levelname)s %(name)s %(message)-30s" + custom: + format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" + + handlers: + console: + class : logging.StreamHandler + formatter: custom + level : INFO + stream : ext://sys.stdout + file: + class : logging.handlers.RotatingFileHandler + formatter: custom + level : DEBUG + filename: /tmp/moon_engine.log + maxBytes: 1048576 + backupCount: 3 + + loggers: + moon: + level: DEBUG + handlers: [console, file] + propagate: no + + root: + level: ERROR + handlers: [console]
\ No newline at end of file diff --git a/moon_engine/tests/unit_python/moon_engine_users.json b/moon_engine/tests/unit_python/moon_engine_users.json new file mode 100644 index 00000000..97602c98 --- /dev/null +++ b/moon_engine/tests/unit_python/moon_engine_users.json @@ -0,0 +1 @@ +{"_default": {"1": {"username": "admin", "password": "0ded616e9bc4dcf292e3d282adb66b76eb28335bec14608fc860f96bd0f85210486085f59eb582fc1da9e965de0735dadbeda05ddaefe3db7c9cc8b1755eb0dc", "salt": "6704f5bdd5e0193be205e04661c6b998238debd74f8c7da5503a0493b8c710358ebe6303bac9c2758521a5d228cf3954a99334604e7ea3ecd0fe240a39210a12", "api_key": "30d200fee36bfeceb0cbd1479f8dcda92720392e92c5ddb63ea06979a75b9a055516b6c840def90de49eb02abac1f78ddfe38618cc1c36000e59875acb4664d3"}}}
\ No newline at end of file diff --git a/moon_engine/tests/unit_python/policy_example.json b/moon_engine/tests/unit_python/policy_example.json new file mode 100644 index 00000000..6adddd06 --- /dev/null +++ b/moon_engine/tests/unit_python/policy_example.json @@ -0,0 +1,470 @@ +{ + "policies": [ + { + "name": "MLS Policy", + "genre": "authz", + "description": "MLS policy", + "model": { + "name": "MLS" + }, + "mandatory": true, + "override": true + } + ], + "models": [ + { + "name": "MLS", + "description": "", + "meta_rules": [ + { + "name": "mls" + } + ], + "override": true + } + ], + "subjects": [ + { + "name": "admin", + "description": "", + "extra": {}, + "policies": [ + { + "name": "MLS Policy" + } + ] + }, + { + "name": "demo", + "description": "", + "extra": {}, + "policies": [ + { + "name": "MLS Policy" + } + ] + } + ], + "subject_categories": [ + { + "name": "level", + "description": "subject level" + } + ], + "subject_data": [ + { + "name": "high", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "medium", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "low", + "description": "", + "policies": [], + "category": { + "name": "level" + } + } + ], + "subject_assignments": [ + { + "subject": {"name": "admin"}, + "category": {"name": "level"}, + "assignments": [{"name": "high"}] + }, + { + "subject": {"name": "demo"}, + "category": {"name": "level"}, + "assignments": [{"name": "low"}] + } + ], + "objects": [ + { + "name": "vm1", + "description": "", + "extra": {}, + "policies": [ + { + "name": "MLS Policy" + } + ] + }, + { + "name": "vm2", + "description": "", + "extra": {}, + "policies": [ + { + "name": "MLS Policy" + } + ] + }, + { + "name": "vm3", + "description": "", + "extra": {}, + "policies": [ + { + "name": "MLS Policy" + } + ] + } + ], + "object_categories": [ + { + "name": "level", + "description": "object level" + } + ], + "object_data": [ + { + "name": "high", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "medium", + "description": "", + "policies": [], + "category": { + "name": "level" + } + }, + { + "name": "low", + "description": "", + "policies": [], + "category": { + "name": "level" + } + } + ], + "object_assignments": [ + { + "object": {"name": "vm1"}, + "category": {"name": "level"}, + "assignments": [{"name": "high"}] + }, + { + "object": {"name": "vm2"}, + "category": {"name": "level"}, + "assignments": [{"name": "medium"}] + }, + { + "object": {"name": "vm3"}, + "category": {"name": "level"}, + "assignments": [{"name": "low"}] + } + ], + "actions": [ + { + "name": "use_image", + "description": "use_image action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + }, + { + "name": "get_images", + "description": "get_images action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + }, + { + "name": "update_image", + "description": "update_image action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + }, + { + "name": "set_image", + "description": "set_image action for glance", + "extra": { + "component": "glance" + }, + "policies": [] + } + ], + "action_categories": [ + { + "name": "type", + "description": "" + } + ], + "action_data": [ + { + "name": "read", + "description": "read action", + "policies": [], + "category": { + "name": "type" + } + }, + { + "name": "write", + "description": "write action", + "policies": [], + "category": { + "name": "type" + } + }, + { + "name": "execute", + "description": "execute action", + "policies": [], + "category": { + "name": "type" + } + } + ], + "action_assignments": [ + { + "action": {"name": "use_image"}, + "category": {"name": "type"}, + "assignments": [{"name": "read"}, {"name": "execute"}] + }, + { + "action": {"name": "update_image"}, + "category": {"name": "type"}, + "assignments": [{"name": "read"}, {"name": "write"}] + }, + { + "action": {"name": "set_image"}, + "category": {"name": "type"}, + "assignments": [{"name": "write"}] + }, + { + "action": {"name": "get_images"}, + "category": {"name": "type"}, + "assignments": [{"name": "read"}] + } + ], + "meta_rules": [ + { + "name": "mls", + "description": "", + "subject_categories": [{"name": "level"}], + "object_categories": [{"name": "level"}], + "action_categories": [{"name": "type"}] + } + ], + "rules": [ + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "high"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "medium"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "medium"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "low"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "read"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "high"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "medium"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "medium"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "low"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "write"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "high"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "high"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "medium"}], + "object_data": [{"name": "medium"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "medium"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + }, + { + "meta_rule": {"name": "mls"}, + "rule": { + "subject_data": [{"name": "low"}], + "object_data": [{"name": "low"}], + "action_data": [{"name": "execute"}] + }, + "policy": {"name": "MLS Policy"}, + "instructions": [{"decision": "grant"}], + "enabled": true + } + ] +}
\ No newline at end of file diff --git a/moon_engine/tests/unit_python/requirements.txt b/moon_engine/tests/unit_python/requirements.txt new file mode 100644 index 00000000..611c265c --- /dev/null +++ b/moon_engine/tests/unit_python/requirements.txt @@ -0,0 +1,5 @@ +hug!=2.5.0 +moon_utilities +moon_cache +requests_mock +pytest-benchmark
\ No newline at end of file |