diff options
Diffstat (limited to 'moon_manager')
| -rw-r--r-- | moon_manager/moon_manager/__init__.py | 2 | ||||
| -rw-r--r-- | moon_manager/moon_manager/api/slaves.py | 110 | ||||
| -rw-r--r-- | moon_manager/moon_manager/http_server.py | 3 | ||||
| -rw-r--r-- | moon_manager/tests/functional_pod/conftest.py | 12 | ||||
| -rw-r--r-- | moon_manager/tests/functional_pod/run_functional_tests.sh | 11 | ||||
| -rw-r--r-- | moon_manager/tests/functional_pod/test_manager.py | 77 | ||||
| -rw-r--r-- | moon_manager/tests/functional_pod/test_models.py | 78 | ||||
| -rw-r--r-- | moon_manager/tests/unit_python/api/test_assignemnt.py | 174 | ||||
| -rw-r--r-- | moon_manager/tests/unit_python/api/test_rules.py | 58 |
9 files changed, 514 insertions, 11 deletions
diff --git a/moon_manager/moon_manager/__init__.py b/moon_manager/moon_manager/__init__.py index 6f964a63..85c245e0 100644 --- a/moon_manager/moon_manager/__init__.py +++ b/moon_manager/moon_manager/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "4.3.2" +__version__ = "4.4.0" diff --git a/moon_manager/moon_manager/api/slaves.py b/moon_manager/moon_manager/api/slaves.py new file mode 100644 index 00000000..f5b3fa14 --- /dev/null +++ b/moon_manager/moon_manager/api/slaves.py @@ -0,0 +1,110 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +PDP are Policy Decision Point. + +""" + +from flask import request +from flask_restful import Resource +import logging +import requests +import time +from python_moonutilities.security_functions import check_auth +from python_moondb.core import PDPManager +from python_moondb.core import PolicyManager +from python_moondb.core import ModelManager +from python_moonutilities import configuration, exceptions + +__version__ = "4.3.0" + +logger = logging.getLogger("moon.manager.api." + __name__) + + +class Slaves(Resource): + """ + Endpoint for pdp requests + """ + + __urls__ = ( + "/slaves", + "/slaves/", + "/slaves/<string:uuid>", + "/slaves/<string:uuid>/", + ) + + def __init__(self, **kwargs): + conf = configuration.get_configuration("components/orchestrator") + self.orchestrator_hostname = conf["components/orchestrator"].get("hostname", + "orchestrator") + self.orchestrator_port = conf["components/orchestrator"].get("port", + 80) + + @check_auth + def get(self, uuid=None, user_id=None): + """Retrieve all slaves + + :param uuid: uuid of the slave + :param user_id: user ID who do the request + :return: { + "slaves": { + "XXX": { + "name": "...", + "installed": True + }, + "YYY": { + "name": "...", + "installed": False + } + } + } + """ + req = requests.get("http://{}:{}/slaves".format( + self.orchestrator_hostname, self.orchestrator_port + )) + return {"slaves": req.json().get("slaves", dict())} + + @check_auth + def patch(self, uuid=None, user_id=None): + """Update a slave + + :param uuid: uuid of the slave to update + :param user_id: user ID who do the request + :request body: { + "op": "replace", + "variable": "configured", + "value": True, + } + :return: 204 + :internal_api: add_pdp + """ + logger.info("Will made a request for {}".format(uuid)) + if request.json.get("op") == "replace" \ + and request.json.get("variable") == "configured" \ + and request.json.get("value"): + req = requests.post("http://{}:{}/pods".format( + self.orchestrator_hostname, self.orchestrator_port, + ), + json={"slave_name": uuid} + ) + if req.status_code != 200: + logger.warning("Get error from Orchestrator {} {}".format( + req.reason, req.status_code + )) + return "Orchestrator: " + str(req.reason), req.status_code + elif request.json.get("op") == "replace" \ + and request.json.get("variable") == "configured" \ + and not request.json.get("value"): + req = requests.delete("http://{}:{}/pods/{}".format( + self.orchestrator_hostname, self.orchestrator_port, uuid + )) + if req.status_code != 200: + logger.warning("Get error from Orchestrator {} {}".format( + req.reason, req.status_code + )) + return "Orchestrator: " + str(req.reason), req.status_code + else: + return "Malformed request", 400 + return {"slaves": req.json()} diff --git a/moon_manager/moon_manager/http_server.py b/moon_manager/moon_manager/http_server.py index d67e1121..a98cab43 100644 --- a/moon_manager/moon_manager/http_server.py +++ b/moon_manager/moon_manager/http_server.py @@ -14,6 +14,7 @@ from moon_manager.api.generic import Status, Logs, API from moon_manager.api.models import Models from moon_manager.api.policies import Policies from moon_manager.api.pdp import PDP +from moon_manager.api.slaves import Slaves from moon_manager.api.meta_rules import MetaRules from moon_manager.api.meta_data import SubjectCategories, ObjectCategories, ActionCategories from moon_manager.api.perimeter import Subjects, Objects, Actions @@ -32,7 +33,7 @@ __API__ = ( Subjects, Objects, Actions, Rules, SubjectAssignments, ObjectAssignments, ActionAssignments, SubjectData, ObjectData, ActionData, - Models, Policies, PDP + Models, Policies, PDP, Slaves ) diff --git a/moon_manager/tests/functional_pod/conftest.py b/moon_manager/tests/functional_pod/conftest.py new file mode 100644 index 00000000..b5811755 --- /dev/null +++ b/moon_manager/tests/functional_pod/conftest.py @@ -0,0 +1,12 @@ +import pytest + +print("ANALYSING CONFTEST") + + +@pytest.fixture +def context(): + print("CREATING CONTEXT") + yield { + "hostname": "manager", + "port": 8082, + } diff --git a/moon_manager/tests/functional_pod/run_functional_tests.sh b/moon_manager/tests/functional_pod/run_functional_tests.sh index c80bf15d..7a95a491 100644 --- a/moon_manager/tests/functional_pod/run_functional_tests.sh +++ b/moon_manager/tests/functional_pod/run_functional_tests.sh @@ -1,11 +1,4 @@ #!/usr/bin/env bash -set -x - -kubectl create -n moon -f tools/moon_kubernetes/templates/moon_forming.yaml - -echo Waiting for jobs forming -sleep 5 -kubectl get jobs -n moon -kubectl logs -n moon jobs/forming - +cd /data/tests/functional_pod +pytest . diff --git a/moon_manager/tests/functional_pod/test_manager.py b/moon_manager/tests/functional_pod/test_manager.py new file mode 100644 index 00000000..aab5fba4 --- /dev/null +++ b/moon_manager/tests/functional_pod/test_manager.py @@ -0,0 +1,77 @@ +import json +import requests + + +def get_json(data): + return json.loads(data.decode("utf-8")) + + +def get_pdp(context): + req = requests.get("http://{}:{}/pdp".format( + context.get("hostname"), + context.get("port")), + timeout=3) + pdp = req.json() + return req, pdp + + +def add_pdp(context, data): + req = requests.post("http://{}:{}/pdp".format( + context.get("hostname"), + context.get("port")), + data=json.dumps(data), + headers={'Content-Type': 'application/json'}, + timeout=3) + pdp = req.json() + return req, pdp + + +def delete_pdp(context, key): + req = requests.delete("http://{}:{}/pdp/{}".format( + context.get("hostname"), + context.get("port"), key), + timeout=3) + return req + + +def delete_pdp_without_id(context): + req = requests.delete("http://{}:{}/pdp/{}".format( + context.get("hostname"), + context.get("port"), ""), + timeout=3) + return req + + +def test_get_pdp(context): + req, pdp = get_pdp(context) + assert req.status_code == 200 + assert isinstance(pdp, dict) + assert "pdps" in pdp + + +def test_add_pdp(context): + data = { + "name": "testuser", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id", + "description": "description of testuser" + } + req, pdp = add_pdp(context, data) + assert req.status_code == 200 + assert isinstance(pdp, dict) + value = list(pdp["pdps"].values())[0] + assert "pdps" in pdp + assert value['name'] == "testuser" + assert value["description"] == "description of {}".format("testuser") + assert value["keystone_project_id"] == "keystone_project_id" + + +def test_delete_pdp(context): + request, pdp = get_pdp(context) + success_req = None + for key, value in pdp['pdps'].items(): + if value['name'] == "testuser": + success_req = delete_pdp(context, key) + break + assert success_req + assert success_req.status_code == 200 diff --git a/moon_manager/tests/functional_pod/test_models.py b/moon_manager/tests/functional_pod/test_models.py new file mode 100644 index 00000000..dcda9f32 --- /dev/null +++ b/moon_manager/tests/functional_pod/test_models.py @@ -0,0 +1,78 @@ +import json +import requests + + +def get_models(context): + req = requests.get("http://{}:{}/models".format( + context.get("hostname"), + context.get("port")), + timeout=3) + models = req.json() + return req, models + + +def add_models(context, name): + data = { + "name": name, + "description": "description of {}".format(name), + "meta_rules": ["meta_rule_id1", "meta_rule_id2"] + } + req = requests.post("http://{}:{}/models".format( + context.get("hostname"), + context.get("port")), + data=json.dumps(data), + headers={'Content-Type': 'application/json'}, + timeout=3) + models = req.json() + return req, models + + +def delete_models(context, name): + _, models = get_models(context) + request = None + for key, value in models['models'].items(): + if value['name'] == name: + request = requests.delete("http://{}:{}/models/{}".format(key, + context.get("hostname"), + context.get("port")), + timeout=3) + break + return request + + +def delete_models_without_id(context): + req = requests.delete("http://{}:{}/models/{}".format( + context.get("hostname"), + context.get("port"), + ""), + timeout=3) + return req + + +def test_get_models(context): + req, models = get_models(context) + assert req.status_code == 200 + assert isinstance(models, dict) + assert "models" in models + + +def test_add_models(context): + req, models = add_models(context, "testuser") + assert req.status_code == 200 + assert isinstance(models, dict) + value = list(models["models"].values())[0] + assert "models" in models + assert value['name'] == "testuser" + assert value["description"] == "description of {}".format("testuser") + assert value["meta_rules"][0] == "meta_rule_id1" + + +def test_delete_models(context): + req = delete_models(context, "testuser") + assert req.status_code == 200 + + +def test_delete_models_without_id(context): + req = delete_models_without_id(context) + assert req.status_code == 500 + diff --git a/moon_manager/tests/unit_python/api/test_assignemnt.py b/moon_manager/tests/unit_python/api/test_assignemnt.py new file mode 100644 index 00000000..08688e04 --- /dev/null +++ b/moon_manager/tests/unit_python/api/test_assignemnt.py @@ -0,0 +1,174 @@ +import api.utilities as utilities +import json + + +# subject_categories_test + + +def get_subject_assignment(client, policy_id): + req = client.get("/policies/{}/subject_assignments".format(policy_id)) + subject_assignment = utilities.get_json(req.data) + return req, subject_assignment + + +def add_subject_assignment(client, policy_id, category_id): + data = { + "id": "id1", + "category_id": category_id, + "data_id": "data_id1" + } + req = client.post("/policies/{}/subject_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + subject_assignment = utilities.get_json(req.data) + return req, subject_assignment + + +def delete_subject_assignment(client, policy_id): + req = client.delete("/policies/{}/subject_assignments".format(policy_id)) + return req + + +def test_get_subject_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, subject_assignment = get_subject_assignment(client, policy_id) + assert req.status_code == 200 + assert isinstance(subject_assignment, dict) + assert "subject_assignments" in subject_assignment + + +def test_add_subject_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, subject_assignment = add_subject_assignment(client, policy_id, "111") + assert req.status_code == 200 + assert isinstance(subject_assignment, dict) + value = subject_assignment["subject_assignments"] + assert "subject_assignments" in subject_assignment + id = list(value.keys())[0] + assert value[id]['policy_id'] == policy_id + assert value[id]['category_id'] == "111" + assert value[id]['subject_id'] == "id1" + + +def test_delete_subject_assignment(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + success_req = delete_subject_assignment(client, policy_id) + assert success_req.status_code == 200 + +# --------------------------------------------------------------------------- + +# object_categories_test + + +def get_object_assignment(client, policy_id): + req = client.get("/policies/{}/object_assignments".format(policy_id)) + object_assignment = utilities.get_json(req.data) + return req, object_assignment + + +def add_object_assignment(client, policy_id, category_id): + data = { + "id": "id1", + "category_id": category_id, + "data_id": "data_id1" + } + req = client.post("/policies/{}/object_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + object_assignment = utilities.get_json(req.data) + return req, object_assignment + + +def delete_object_assignment(client, policy_id): + req = client.delete("/policies/{}/object_assignments".format(policy_id)) + return req + + +def test_get_object_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, object_assignment = get_object_assignment(client, policy_id) + assert req.status_code == 200 + assert isinstance(object_assignment, dict) + assert "object_assignments" in object_assignment + + +def test_add_object_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, object_assignment = add_object_assignment(client, policy_id, "111") + assert req.status_code == 200 + assert isinstance(object_assignment, dict) + value = object_assignment["object_assignments"] + assert "object_assignments" in object_assignment + id = list(value.keys())[0] + assert value[id]['policy_id'] == policy_id + assert value[id]['category_id'] == "111" + assert value[id]['object_id'] == "id1" + + +def test_delete_object_assignment(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + success_req = delete_object_assignment(client, policy_id) + assert success_req.status_code == 200 + +# --------------------------------------------------------------------------- + +# action_categories_test + + +def get_action_assignment(client, policy_id): + req = client.get("/policies/{}/action_assignments".format(policy_id)) + action_assignment = utilities.get_json(req.data) + return req, action_assignment + + +def add_action_assignment(client, policy_id, category_id): + data = { + "id": "id1", + "category_id": category_id, + "data_id": "data_id1" + } + req = client.post("/policies/{}/action_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + action_assignment = utilities.get_json(req.data) + return req, action_assignment + + +def delete_action_assignment(client, policy_id): + req = client.delete("/policies/{}/action_assignments".format(policy_id)) + return req + + +def test_get_action_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, action_assignment = get_action_assignment(client, policy_id) + assert req.status_code == 200 + assert isinstance(action_assignment, dict) + assert "action_assignments" in action_assignment + + +def test_add_action_assignment(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, action_assignment = add_action_assignment(client, policy_id, "111") + assert req.status_code == 200 + assert isinstance(action_assignment, dict) + value = action_assignment["action_assignments"] + assert "action_assignments" in action_assignment + id = list(value.keys())[0] + assert value[id]['policy_id'] == policy_id + assert value[id]['category_id'] == "111" + assert value[id]['action_id'] == "id1" + + +def test_delete_action_assignment(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + success_req = delete_action_assignment(client, policy_id) + assert success_req.status_code == 200 + +# ---------------------------------------------------------------------------
\ No newline at end of file diff --git a/moon_manager/tests/unit_python/api/test_rules.py b/moon_manager/tests/unit_python/api/test_rules.py new file mode 100644 index 00000000..86a3d390 --- /dev/null +++ b/moon_manager/tests/unit_python/api/test_rules.py @@ -0,0 +1,58 @@ +import api.utilities as utilities +import json + + +def get_rules(client, policy_id): + req = client.get("/policies/{}/rules".format(policy_id)) + rules = utilities.get_json(req.data) + return req, rules + + +def add_rules(client, policy_id): + data = { + "meta_rule_id": "meta_rule_id1", + "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "instructions": ( + {"decision": "grant"}, + ), + "enabled": True + } + req = client.post("/policies/{}/rules".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + rules = utilities.get_json(req.data) + return req, rules + + +def delete_rules(client, policy_id, meta_rule_id): + req = client.delete("/policies/{}/rules/{}".format(policy_id, meta_rule_id)) + return req + + +def test_get_rules(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, rules = get_rules(client, policy_id) + assert req.status_code == 200 + assert isinstance(rules, dict) + assert "rules" in rules + + +def test_add_rules(): + policy_id = utilities.get_policy_id() + client = utilities.register_client() + req, rules = add_rules(client, policy_id) + assert req.status_code == 200 + assert isinstance(rules, dict) + value = rules["rules"] + assert "rules" in rules + id = list(value.keys())[0] + assert value[id]["meta_rule_id"] == "meta_rule_id1" + + +def test_delete_rules(): + client = utilities.register_client() + policy_id = utilities.get_policy_id() + req, added_rules = get_rules(client, policy_id) + id = added_rules["rules"]['rules'][0]['id'] + rules = delete_rules(client, policy_id, id) + assert rules.status_code == 200 |