aboutsummaryrefslogtreecommitdiffstats
path: root/moon_manager/tests/func_tests/features/pdp.feature
diff options
context:
space:
mode:
Diffstat (limited to 'moon_manager/tests/func_tests/features/pdp.feature')
-rw-r--r--moon_manager/tests/func_tests/features/pdp.feature141
1 files changed, 141 insertions, 0 deletions
diff --git a/moon_manager/tests/func_tests/features/pdp.feature b/moon_manager/tests/func_tests/features/pdp.feature
new file mode 100644
index 00000000..0ba73bac
--- /dev/null
+++ b/moon_manager/tests/func_tests/features/pdp.feature
@@ -0,0 +1,141 @@
+Feature: PDP
+
+ Background:
+
+ Given the system has no rules
+ And the system has no subject assignments
+ And the system has no action assignments
+ And the system has no object assignments
+ And the system has no subject data
+ And the system has no action data
+ And the system has no object data
+ And the system has no subject perimeter
+ And the system has no object perimeter
+ And the system has no action perimeter
+ And the system has no pdps
+ And the system has no policies
+ And the system has no models
+ And the system has no meta-rules
+ And the system has no subject categories
+ And the system has no action categories
+ And the system has no object categories
+ And the following meta data subject category exists
+ | subjectmetadataname | subjectmetadatadescription |
+ | Affiliation: | This meta data has the categorical information about a subject |
+ | Authorization-Level: | This meta data has the categorical information about an object |
+ And the following meta data object category exists
+ | objectmetadataname | objectmetadatadescription |
+ | Clearance: | This meta data has the categorical information about an object |
+ | Type: | This meta data has the categorical information about an object |
+ And the following meta data action category exists
+ | actionmetadataname | actionmetadatadescription |
+ | Action-Class: | This meta data has the categorical information about an action |
+ | Action-Priority: | This meta data has the categorical information about an action |
+ And the following meta rule exists
+ | metarulename | metaruledescription | subjectmetadata | actionmetadata | objectmetadata |
+ | metarule1 | Thisisabasicmetarule | Affiliation: | Action-Class: | Clearance: |
+ | metarule2 | Thisisabasicmetarule | Authorization-Level: | Action-Class: | Clearance: |
+ | metarule3 | Thisisabasicmetarule | Affiliation: | Action-Priority: | Clearance: |
+ | metarule4 | Thisisabasicmetarule | Authorization-Level: | Action-Priority: | Clearance: |
+ | metarule5 | Thisisabasicmetarule | Affiliation: | Action-Class: | Type: |
+ | metarule6 | Thisisabasicmetarule | Authorization-Level: | Action-Class: | Type: |
+ | metarule7 | Thisisabasicmetarule | Affiliation: | Action-Priority: | Type: |
+ | metarule8 | Thisisabasicmetarule | Affiliation:,Authorization-Level: | Action-Class:,Action-Priority: | Clearance:,Type: |
+ And the following model exists
+ | modelname | modeldescription | metarule |
+ | generalmodel | Thisisabasicmodel | metarule1,metarule2,metarule6 |
+ | generalmodel2 | Thisisabasicmodel | metarule3,metarule5,metarule8 |
+ And the following policy exists
+ | policyname | policydescription | modelname | genre |
+ | Policy A | Thisisabasicpolicy | generalmodel | financial |
+ | Policy B | Thisisabasicpolicy | generalmodel2 | financial |
+ | Policy C | Thisisabasicpolicy | generalmodel2 | financial |
+
+
+ Scenario: Add PDP
+ When the user sets to add the following pdp
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | A-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A |
+ | B-pdp | Thisisabasicpolicy | 1111111111111111111111111111111111111111111111111111111111111111 | Policy C |
+
+ Then the following pdp should be existed in the system
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | A-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A |
+ | B-pdp | Thisisabasicpolicy | 1111111111111111111111111111111111111111111111111111111111111111 | Policy C |
+
+ Scenario Outline: Add PDP validations
+ When the user sets to add the following pdp
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | <pdpname> | <pdpdescription> | <keystone_project_id> | <security_pipeline> |
+ Then the system should reply the following
+ | flag |
+ | <flag> |
+ Examples:
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline | flag |
+ | | This pdp is for creating a collection of policies | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A | False |
+ | generalpdp | | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A | True |
+ | 1 P | This pdp is for creating a collection of policies | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A | True |
+ | _%Pdp%_ | This pdp is for creating a collection of policies% | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A | True |
+ | generalpdp | This pdp is for creating a collection of policies% | | Policy A | False |
+ | generalpdp | This pdp is for creating a collection of policies | 0000000000000000000000000000000000000000000000000000000000000000 | | False |
+ | generalpdp | This pdp is for creating a collection of policies | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A, | False |
+
+ Scenario Outline: Add an existing PDP
+ Given the following pdp exists
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | A-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy C |
+ When the user sets to add the following pdp
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | <pdpname> | <pdpdescription> | <keystone_project_id> | <security_pipeline> |
+ Then the system should reply the following
+ | flag |
+ | <flag> |
+ Examples:
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline | flag |
+ | B-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy C | False |
+ | A-pdp | Thisisabasicpolicy | 3333333333333333333333333333333333333333333333333333333333333333 | Policy A | False |
+
+ Scenario: Update PDP
+ Given the following pdp exists
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | A-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A |
+ When the user sets to update the following pdp
+ | pdpname | updatedpdpname | updatedpdpdescription | updatedkeystone_project_id | updatedsecurity_pipeline |
+ | A-pdp | B-pdp | Thisisabasicpolicy | 111111111111111111111111111111111111111111111111111111111 | Policy B |
+ Then the following pdp should be existed in the system
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | B-pdp | Thisisabasicpolicy | 111111111111111111111111111111111111111111111111111111111 | Policy B |
+
+ Scenario Outline: Update PDP validations
+ Given the following pdp exists
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | A-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy B |
+ | B-pdp | Thisisabasicpolicy | 2222222222222222222222222222222222222222222222222222222222222222 | Policy C |
+ When the user sets to update the following pdp
+ | pdpname | updatedpdpname | updatedpdpdescription | updatedkeystone_project_id | updatedsecurity_pipeline |
+ | <pdpname> | <updatedpdpname> | <updatedpdpdescription> | <updatedkeystone_project_id> | <updatedsecurity_pipeline> |
+ Then the system should reply the following
+ | flag |
+ | <flag> |
+ Examples:
+ | pdpname | updatedpdpname | updatedpdpdescription | updatedkeystone_project_id | updatedsecurity_pipeline | flag |
+ | A-pdp | | Thispdpisforcreatingacollectionofpolicies | 111111111111111111111111111111111111111111111111111111111 | Policy A | False |
+ | A-pdp | generalpdp | | 111111111111111111111111111111111111111111111111111111111 | Policy A | True |
+ | A-pdp | 1 P | Thispdpisforcreatingacollectionofpolicies | 111111111111111111111111111111111111111111111111111111111 | Policy A | True |
+ | A-pdp | _%Pdp%_ | Thispdpisforcreatingacollectionofpolicies% | 111111111111111111111111111111111111111111111111111111111 | Policy A | True |
+ | A-pdp | generalpdp | Thispdpisforcreatingacollectionofpolicies% | | Policy A | False |
+ | A-pdp | generalpdp | Thispdpisforcreatingacollectionofpolicies | 111111111111111111111111111111111111111111111111111111111 | | False |
+ | A-pdp | generalpdp | Thispdpisforcreatingacollectionofpolicies | 111111111111111111111111111111111111111111111111111111111 | Policy A, | False |
+ | A-pdp | A-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy B | True |
+ | A-pdp | B-pdp | Thisisabasicpolicy | 111111111111111111111111111111111111111111111111111111111 | Policy C | False |
+
+ Scenario: Delete PDP
+ Given the following pdp exists
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | A-pdp | Thisisabasicpolicy | 0000000000000000000000000000000000000000000000000000000000000000 | Policy A |
+ When the user sets to delete the following pdp
+ | pdpname |
+ | A-pdp |
+ Then the following pdp should be existed in the system
+ | pdpname | pdpdescription | keystone_project_id | security_pipeline |
+ | | | | |