diff options
Diffstat (limited to 'moon_manager')
39 files changed, 1888 insertions, 941 deletions
diff --git a/moon_manager/Changelog b/moon_manager/Changelog index 2bd01595..56521a0e 100644 --- a/moon_manager/Changelog +++ b/moon_manager/Changelog @@ -28,3 +28,15 @@ CHANGES - use the threading capability of Flask app - set the number of manager to 1 - update to the latest version of the python-moondb library + +4.5.2-1 +----- +integrating validtion to send mandatory key names + +4.5.3 +----- +- Removing try catch from all requets to allow raised exception to be passed to http server, to send actual error to client side +- fixing test cases to assert on the expected exception after removing try-catch +- allow 404 to be catched from our side instead of flask itself +- revert the params in the get/post/patch/delete to be by default = None, so that we could catch the param if it was None +instead of having not found url if the param is mandatory
\ No newline at end of file diff --git a/moon_manager/Dockerfile b/moon_manager/Dockerfile index 630c275b..d264a113 100644 --- a/moon_manager/Dockerfile +++ b/moon_manager/Dockerfile @@ -1,10 +1,15 @@ FROM python:3 +LABEL Name=Manager +LABEL Description="Manager component for the Moon platform" +LABEL Maintainer="Thomas Duval" +LABEL Url="https://wiki.opnfv.org/display/moon/Moon+Project+Proposal" + +USER root + ADD . /root WORKDIR /root/ -RUN pip3 install -r requirements.txt -RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.tar.gz); do pip install $FILE --upgrade; done; fi -RUN if [ -d /root/dist ]; then for FILE in $(ls /root/dist/*.whl); do pip install $FILE --upgrade; done; fi -RUN pip3 install . +RUN pip3 install --no-cache-dir -r requirements.txt +RUN pip3 install --no-cache-dir . CMD ["python3", "-m", "moon_manager"]
\ No newline at end of file diff --git a/moon_manager/moon_manager/__init__.py b/moon_manager/moon_manager/__init__.py index 20a70977..205f6d8c 100644 --- a/moon_manager/moon_manager/__init__.py +++ b/moon_manager/moon_manager/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "4.5.2" +__version__ = "4.5.3" diff --git a/moon_manager/moon_manager/api/assignments.py b/moon_manager/moon_manager/api/assignments.py index a1d10ccb..426789e6 100644 --- a/moon_manager/moon_manager/api/assignments.py +++ b/moon_manager/moon_manager/api/assignments.py @@ -53,17 +53,14 @@ class SubjectAssignments(Resource): } :internal_api: get_subject_assignments """ - try: - data = PolicyManager.get_subject_assignments( - user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_subject_assignments( + user_id=user_id, policy_id=uuid, + subject_id=perimeter_id, category_id=category_id) + return {"subject_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) + @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) @check_auth def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): @@ -89,18 +86,13 @@ class SubjectAssignments(Resource): } :internal_api: update_subject_assignment """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_subject_assignment( - user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data_id = request.json.get("data_id") + category_id = request.json.get("category_id") + perimeter_id = request.json.get("id") + data = PolicyManager.add_subject_assignment( + user_id=user_id, policy_id=uuid, + subject_id=perimeter_id, category_id=category_id, + data_id=data_id) return {"subject_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @@ -120,15 +112,12 @@ class SubjectAssignments(Resource): } :internal_api: delete_subject_assignment """ - try: - data = PolicyManager.delete_subject_assignment( - user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_subject_assignment( + user_id=user_id, policy_id=uuid, + subject_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"result": True} @@ -166,17 +155,14 @@ class ObjectAssignments(Resource): } :internal_api: get_object_assignments """ - try: - data = PolicyManager.get_object_assignments( - user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_object_assignments( + user_id=user_id, policy_id=uuid, + object_id=perimeter_id, category_id=category_id) + return {"object_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) + @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) @check_auth def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): @@ -202,18 +188,15 @@ class ObjectAssignments(Resource): } :internal_api: update_object_assignment """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_object_assignment( - user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data_id = request.json.get("data_id") + category_id = request.json.get("category_id") + perimeter_id = request.json.get("id") + data = PolicyManager.add_object_assignment( + user_id=user_id, policy_id=uuid, + object_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"object_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @@ -233,15 +216,11 @@ class ObjectAssignments(Resource): } :internal_api: delete_object_assignment """ - try: - data = PolicyManager.delete_object_assignment( - user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.delete_object_assignment( + user_id=user_id, policy_id=uuid, + object_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"result": True} @@ -279,17 +258,13 @@ class ActionAssignments(Resource): } :internal_api: get_action_assignments """ - try: - data = PolicyManager.get_action_assignments( - user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.get_action_assignments( + user_id=user_id, policy_id=uuid, + action_id=perimeter_id, category_id=category_id) + return {"action_assignments": data} - @validate_input("post", kwargs_state=[True, False, False, False, False], body_state=[True, True, True]) + @validate_input("post", kwargs_state=[True, False, False, False, False], body_state={"id":True, "category_id":True, "data_id":True}) @check_auth def post(self, uuid, perimeter_id=None, category_id=None, data_id=None, user_id=None): @@ -315,18 +290,15 @@ class ActionAssignments(Resource): } :internal_api: update_action_assignment """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_action_assignment( - user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data_id = request.json.get("data_id") + category_id = request.json.get("category_id") + perimeter_id = request.json.get("id") + data = PolicyManager.add_action_assignment( + user_id=user_id, policy_id=uuid, + action_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"action_assignments": data} @validate_input("delete", kwargs_state=[True, True, True, True, False]) @@ -346,13 +318,10 @@ class ActionAssignments(Resource): } :internal_api: delete_action_assignment """ - try: - data = PolicyManager.delete_action_assignment( - user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_action_assignment( + user_id=user_id, policy_id=uuid, + action_id=perimeter_id, category_id=category_id, + data_id=data_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/data.py b/moon_manager/moon_manager/api/data.py index 4b22f9dc..d887ac2b 100644 --- a/moon_manager/moon_manager/api/data.py +++ b/moon_manager/moon_manager/api/data.py @@ -54,18 +54,16 @@ class SubjectData(Resource): }] :internal_api: get_subject_data """ - try: - data = PolicyManager.get_subject_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + logger.info("api.get {} {} {}".format(uuid, category_id, data_id)) + data = PolicyManager.get_subject_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) + logger.info("api.get data = {}".format(data)) + return {"subject_data": data} - @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) + @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True}) @check_auth def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a subject. @@ -90,15 +88,11 @@ class SubjectData(Resource): } :internal_api: add_subject_data """ - try: - data = PolicyManager.set_subject_data(user_id=user_id, - policy_id=uuid, + data = PolicyManager.set_subject_data(user_id=user_id, + policy_id=uuid, category_id=category_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + return {"subject_data": data} @validate_input("delete", kwargs_state=[True, False, False, False]) @@ -116,14 +110,11 @@ class SubjectData(Resource): }] :internal_api: delete_subject_data """ - try: - data = PolicyManager.delete_subject_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + logger.info("api.delete {} {}".format(uuid, data_id)) + data = PolicyManager.delete_subject_data(user_id=user_id, + policy_id=uuid, + data_id=data_id) + return {"result": True} @@ -162,18 +153,14 @@ class ObjectData(Resource): }] :internal_api: get_object_data """ - try: - data = PolicyManager.get_object_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.get_object_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) + return {"object_data": data} - @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) + @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True}) @check_auth def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a object. @@ -198,15 +185,11 @@ class ObjectData(Resource): } :internal_api: add_object_data """ - try: - data = PolicyManager.add_object_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.add_object_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + value=request.json) + return {"object_data": data} @validate_input("delete", kwargs_state=[True, False, False, False]) @@ -224,14 +207,10 @@ class ObjectData(Resource): } :internal_api: delete_object_data """ - try: - data = PolicyManager.delete_object_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.delete_object_data(user_id=user_id, + policy_id=uuid, + data_id=data_id) + return {"result": True} @@ -270,18 +249,14 @@ class ActionData(Resource): }] :internal_api: get_action_data """ - try: - data = PolicyManager.get_action_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.get_action_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + data_id=data_id) + return {"action_data": data} - @validate_input("post", kwargs_state=[True, True, False, False], body_state=[True, False]) + @validate_input("post", kwargs_state=[True, True, False, False], body_state={"name":True}) @check_auth def post(self, uuid, category_id=None, data_id=None, user_id=None): """Create or update a action. @@ -306,15 +281,10 @@ class ActionData(Resource): } :internal_api: add_action_data """ - try: - data = PolicyManager.add_action_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.add_action_data(user_id=user_id, + policy_id=uuid, + category_id=category_id, + value=request.json) return {"action_data": data} @validate_input("delete", kwargs_state=[True, False, False, False]) @@ -332,14 +302,10 @@ class ActionData(Resource): } :internal_api: delete_action_data """ - try: - data = PolicyManager.delete_action_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PolicyManager.delete_action_data(user_id=user_id, + policy_id=uuid, + data_id=data_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/json_import.py b/moon_manager/moon_manager/api/json_import.py index ae9a21d0..e57a27c1 100644 --- a/moon_manager/moon_manager/api/json_import.py +++ b/moon_manager/moon_manager/api/json_import.py @@ -81,17 +81,15 @@ class JsonImport(Resource): def _reorder_rules_ids(self, rule, ordered_perimeter_categories_ids, json_data_ids, policy_id, get_function): ordered_json_ids = [None]*len(ordered_perimeter_categories_ids) - logger.info("ordered_json_ids {}".format(ordered_json_ids)) - logger.info("json_data_ids {}".format(json_data_ids)) for json_id in json_data_ids: - logger.info("json_id {}".format(json_id)) data = get_function(self._user_id, policy_id, data_id=json_id) data = data[0] - logger.info("data {}".format(data)) if data["category_id"] not in ordered_perimeter_categories_ids: - raise InvalidJson("The category id {} of the rule {} does not match the meta rule".format(data["category_id"], rule)) + raise InvalidJson("The category id {} of the rule {} does not match the meta rule".format( + data["category_id"], rule)) if ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] is not None: - raise InvalidJson("The category id {} of the rule {} shall not be used twice in the same rule".format(data["category_id"], rule)) + raise InvalidJson("The category id {} of the rule {} shall not be used twice in the same rule".format( + data["category_id"], rule)) ordered_json_ids[ordered_perimeter_categories_ids.index(data["category_id"])] = json_id logger.info(ordered_json_ids) return ordered_json_ids @@ -106,7 +104,8 @@ class JsonImport(Resource): JsonUtils.copy_field_if_exists(json_rule, json_to_use, "enabled", bool, default_value=True) json_ids = dict() - JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy", PolicyManager, self._user_id) + JsonUtils.convert_name_to_id(json_rule, json_ids, "policy", "policy_id", "policy", + PolicyManager, self._user_id) JsonUtils.convert_name_to_id(json_rule, json_to_use, "meta_rule", "meta_rule_id", "meta_rule", ModelManager, self._user_id) json_subject_ids = dict() json_object_ids = dict() @@ -124,7 +123,7 @@ class JsonImport(Resource): json_to_use_rule = json_to_use_rule + self._reorder_rules_ids(json_rule, meta_rule["action_categories"], json_action_ids["action"], json_ids["policy_id"], PolicyManager.get_action_data) json_to_use["rule"] = json_to_use_rule try: - logger.info("Adding / updating a rule from json {}".format(json_to_use)) + logger.debug("Adding / updating a rule from json {}".format(json_to_use)) PolicyManager.add_rule(self._user_id, json_ids["policy_id"], json_to_use["meta_rule_id"], json_to_use) except exceptions.RuleExisting: pass @@ -135,15 +134,14 @@ class JsonImport(Resource): logger.info("Input meta rules : {}".format(json_meta_rules)) for json_meta_rule in json_meta_rules: json_to_use = dict() - logger.info("Input meta rule : {}".format(json_meta_rule)) JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "name", str) JsonUtils.copy_field_if_exists(json_meta_rule, json_to_use, "description", str) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "subject_categories", "subject_categories", "subject_category", ModelManager, self._user_id) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "object_categories", "object_categories", "object_category", ModelManager, self._user_id) JsonUtils.convert_names_to_ids(json_meta_rule, json_to_use, "action_categories", "action_categories", "action_category", ModelManager, self._user_id) - logger.info("Adding / updating a metarule from json {}".format(json_meta_rule)) + logger.debug("Adding / updating a metarule from json {}".format(json_meta_rule)) meta_rule = ModelManager.add_meta_rule(self._user_id, meta_rule_id=None, value=json_to_use) - logger.info("Added / updated meta rule : {}".format(meta_rule)) + logger.debug("Added / updated meta rule : {}".format(meta_rule)) def _import_subject_object_action_assignments(self, json_item_assignments, type_element): import_method = getattr(PolicyManager, 'add_' + type_element + '_assignment') @@ -178,14 +176,18 @@ class JsonImport(Resource): # find the policy related to the current data data = get_method(self._user_id, policy_id, data_id, json_assignment["category_id"]) if data is not None and len(data) == 1: - logger.info("Adding / updating a {} assignment from json {}".format(type_element, json_assignment)) - import_method(self._user_id, policy_id, json_assignment["id"], json_assignment["category_id"], data_id) + logger.debug("Adding / updating a {} assignment from json {}".format(type_element, + json_assignment)) + import_method(self._user_id, policy_id, json_assignment["id"], json_assignment["category_id"], + data_id) else: raise UnknownData("Unknown data with id {}".format(data_id)) # case the data has not been found in any policies if has_found_data is False: - raise InvalidJson("The json contains unknown {} data or category : {}".format(type_element,json_item_assignment)) + raise InvalidJson("The json contains unknown {} data or category : {}".format( + type_element, + json_item_assignment)) def _import_subject_object_action_datas(self, json_items_data, mandatory_policy_ids, type_element): if type_element == "subject": @@ -201,7 +203,6 @@ class JsonImport(Resource): item_override = JsonUtils.get_override(json_items_data) if item_override is True: raise ForbiddenOverride("{} datas do not support override flag !".format(type_element)) - logger.info("json_item_data {}".format(json_item_data)) json_to_use = dict() JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "name", str) JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "description", str) @@ -209,11 +210,9 @@ class JsonImport(Resource): # field_mandatory : not mandatory if there is some mandatory policies JsonUtils.convert_names_to_ids(json_item_data, json_policy, "policies", "policy_id", "policy", PolicyManager, self._user_id, field_mandatory=len(mandatory_policy_ids) == 0) - logger.info("json_policy {}".format(json_policy)) json_category = dict() JsonUtils.convert_name_to_id(json_item_data, json_category, "category", "category_id", type_element+"_category", ModelManager, self._user_id) - logger.info("json_category {}".format(json_category)) policy_ids = [] if "policy_id" in json_policy: policy_ids = json_policy["policy_id"] @@ -232,15 +231,12 @@ class JsonImport(Resource): for policy_id in mandatory_policy_ids: try: - # existing_datas = get_method(self._user_id, policy_id,category_id=category_id) - # logger.info(existing_datas) - logger.info("Adding / updating a {} data with policy id {} and category id {} from json {}".format(type_element, policy_id, category_id, json_to_use)) data = import_method(self._user_id, policy_id, category_id=category_id, value=json_to_use) - logger.info("Added / updated {} data : {}".format(type_element, data)) except exceptions.PolicyUnknown: raise UnknownPolicy("Unknown policy with id {}".format(policy_id)) except Exception as e: - raise BaseException(str(e)) + logger.exception(str(e)) + raise e def _import_subject_object_action_categories(self, json_item_categories, type_element): import_method = getattr(ModelManager, 'add_' + type_element + '_category') @@ -267,14 +263,13 @@ class JsonImport(Resource): raise ForbiddenOverride("{} categories do not support override flag !".format(type_element)) try: - logger.info("Adding a {} category from json {}".format(type_element, json_to_use)) category = import_method(self._user_id, existing_id, json_to_use) - logger.info("Added category {}".format(category)) except (exceptions.SubjectCategoryExisting, exceptions.ObjectCategoryExisting, exceptions.ActionCategoryExisting): # it already exists: do nothing - logger.info("Ignored {} category with name {} is already in the database".format(type_element, json_to_use["name"])) + logger.warning("Ignored {} category with name {} is already in the database".format(type_element, json_to_use["name"])) except Exception as e: - logger.info("Error while importing the category : {}".format(str(e))) + logger.warning("Error while importing the category : {}".format(str(e))) + logger.exception(str(e)) raise e def _import_subject_object_action(self, json_items, mandatory_policy_ids, type_element): @@ -302,7 +297,7 @@ class JsonImport(Resource): raise ForbiddenOverride("{} does not support override flag !".format(type_element)) if len(policy_ids) == 0: - raise MissingPolicy("a {} needs at least one policy to be created or updated : {}".format(type_element, json.dumps(json_item))) + raise MissingPolicy("a {} needs at least one policy to be created or updated : {}".format(type_element, json.dumps(json_item))) for policy_id in policy_ids: try: @@ -312,16 +307,13 @@ class JsonImport(Resource): if items_in_db[key_in_db]["name"] == json_without_policy_name["name"]: key = key_in_db break - if key is None: - logger.info("Adding a {} from json {} to the policy with id {}".format(type_element, json_without_policy_name, policy_id)) - else: - logger.info("Updating a {} from json {} to the policy with id {}".format(type_element, json_without_policy_name, policy_id)) element = import_method(self._user_id, policy_id, perimeter_id=key, value=json_without_policy_name) - logger.info("Added / updated {} : {}".format(type_element, element)) + logger.debug("Added / updated {} : {}".format(type_element, element)) except exceptions.PolicyUnknown: raise UnknownPolicy("Unknown policy when adding a {}!".format(type_element)) except Exception as e: + logger.exception(str(e)) raise BaseException(str(e)) def _import_policies(self, json_policies): @@ -335,7 +327,7 @@ class JsonImport(Resource): # policy_in_db = PolicyManager.get_policies_by_name(json_without_model_name["name"]) policies = PolicyManager.get_policies(self._user_id) policy_in_db = None - logger.info(policies) + policy_id = None for policy_key in policies: if policies[policy_key]["name"] == json_policy["name"]: policy_in_db = policies[policy_key] @@ -350,9 +342,10 @@ class JsonImport(Resource): policy_mandatory = JsonUtils.get_mandatory(json_policy) if policy_override is False and policy_does_exist: - policy_mandatory_ids.append(policy_id) - logger.warning("Existing policy not updated because of the override option is not set !") - continue + if policy_id: + policy_mandatory_ids.append(policy_id) + logger.warning("Existing policy not updated because of the override option is not set !") + continue json_without_model_name = dict() JsonUtils.copy_field_if_exists(json_policy, json_without_model_name, "name", str) @@ -361,16 +354,14 @@ class JsonImport(Resource): JsonUtils.convert_name_to_id(json_policy, json_without_model_name, "model", "model_id", "model", ModelManager, self._user_id, field_mandatory=False) if not policy_does_exist: - logger.info("Creating policy {} ".format(json_without_model_name)) + logger.debug("Creating policy {} ".format(json_without_model_name)) added_policy = PolicyManager.add_policy(self._user_id, None, json_without_model_name) - logger.info("Added policy {}".format(added_policy)) if policy_mandatory is True: keys = list(added_policy.keys()) policy_mandatory_ids.append(keys[0]) elif policy_override is True: - logger.info("Updating policy {} ".format(json_without_model_name)) + logger.debug("Updating policy {} ".format(json_without_model_name)) updated_policy = PolicyManager.update_policy(self._user_id, policy_id, json_without_model_name) - logger.info("Updated policy {}".format(updated_policy)) if policy_mandatory is True: policy_mandatory_ids.append(policy_id) return policy_mandatory_ids @@ -380,7 +371,7 @@ class JsonImport(Resource): raise InvalidJson("models shall be a list!") for json_model in json_models: - logger.info("json_model {}".format(json_model)) + logger.debug("json_model {}".format(json_model)) models = ModelManager.get_models(self._user_id) model_in_db = None model_id = None @@ -389,19 +380,16 @@ class JsonImport(Resource): model_in_db = models[model_key] model_id = model_key - logger.info("model in db".format(model_in_db)) # this should not occur as the model has been put in db previously in _import_models_without_new_meta_rules if model_in_db is None: - raise UnknownModel("Unknwon model ") + raise UnknownModel("Unknown model ") json_key = dict() JsonUtils.convert_names_to_ids(json_model, json_key, "meta_rules", "meta_rule_id", "meta_rule", ModelManager, self._user_id) - logger.info("json_key {}".format(json_key)) for meta_rule_id in json_key["meta_rule_id"]: if meta_rule_id not in model_in_db["meta_rules"]: model_in_db["meta_rules"].append(meta_rule_id) - logger.info("Updating model with id {} : {} ".format(model_id, model_in_db)) ModelManager.update_model(self._user_id, model_id, model_in_db) def _import_models_without_new_meta_rules(self, json_models): @@ -426,16 +414,14 @@ class JsonImport(Resource): if model_in_db is None: model_does_exist = False else: - logger.info("model_in_db {}".format(model_in_db)) - # JsonUtils.convert_names_to_ids(model_in_db, json_without_new_metarules, "meta_rules", "meta_rule_id", "meta_rule", ModelManager, self._user_id) json_without_new_metarules["meta_rule_id"] = model_in_db["meta_rules"] model_does_exist = True model_override = JsonUtils.get_override(json_model) if not model_does_exist: - logger.info("Creating model {} ".format(json_without_new_metarules)) + logger.debug("Creating model {} ".format(json_without_new_metarules)) ModelManager.add_model(self._user_id, None, json_without_new_metarules) elif model_override is True: - logger.info("Updating model with id {} : {} ".format(model_id, json_without_new_metarules)) + logger.debug("Updating model with id {} : {} ".format(model_id, json_without_new_metarules)) ModelManager.update_model(self._user_id, model_id, json_without_new_metarules) def _import_pdps(self, json_pdps): @@ -462,11 +448,11 @@ class JsonImport(Resource): self._user_id = user_id if 'file' in request.files: file = request.files['file'] - logger.info("Importing {} file...".format(file)) + logger.debug("Importing {} file...".format(file)) json_content = json.load(file) else: json_content = request.json - logger.info("Importing content: {} ...".format(json_content)) + logger.debug("Importing content: {} ...".format(json_content)) # first import the models without the meta rules as they are not yet defined if "models" in json_content: diff --git a/moon_manager/moon_manager/api/meta_data.py b/moon_manager/moon_manager/api/meta_data.py index f3b22d29..62ca050f 100644 --- a/moon_manager/moon_manager/api/meta_data.py +++ b/moon_manager/moon_manager/api/meta_data.py @@ -45,16 +45,12 @@ class SubjectCategories(Resource): } :internal_api: get_subject_categories """ - try: - data = ModelManager.get_subject_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.get_subject_categories( + user_id=user_id, category_id=category_id) + return {"subject_categories": data} - @validate_input("post",body_state=[True,False]) + @validate_input("post",body_state={"name":True}) @check_auth def post(self, category_id=None, user_id=None): """Create or update a subject category. @@ -73,13 +69,9 @@ class SubjectCategories(Resource): } :internal_api: add_subject_category """ - try: - data = ModelManager.add_subject_category( - user_id=user_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.add_subject_category( + user_id=user_id, value=request.json) + return {"subject_categories": data} @validate_input("delete",kwargs_state=[True,False]) @@ -95,13 +87,10 @@ class SubjectCategories(Resource): } :internal_api: delete_subject_category """ - try: - data = ModelManager.delete_subject_category( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_subject_category( + user_id=user_id, category_id=category_id) + return {"result": True} @@ -131,16 +120,12 @@ class ObjectCategories(Resource): } :internal_api: get_object_categories """ - try: - data = ModelManager.get_object_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.get_object_categories( + user_id=user_id, category_id=category_id) + return {"object_categories": data} - @validate_input("post", body_state=[True, False]) + @validate_input("post", body_state={"name":True}) @check_auth def post(self, category_id=None, user_id=None): """Create or update a object category. @@ -159,13 +144,10 @@ class ObjectCategories(Resource): } :internal_api: add_object_category """ - try: - data = ModelManager.add_object_category( - user_id=user_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.add_object_category( + user_id=user_id, value=request.json) + return {"object_categories": data} @validate_input("delete", kwargs_state=[True, False]) @@ -181,13 +163,10 @@ class ObjectCategories(Resource): } :internal_api: delete_object_category """ - try: - data = ModelManager.delete_object_category( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_object_category( + user_id=user_id, category_id=category_id) + return {"result": True} @@ -217,16 +196,13 @@ class ActionCategories(Resource): } :internal_api: get_action_categories """ - try: - data = ModelManager.get_action_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.get_action_categories( + user_id=user_id, category_id=category_id) + return {"action_categories": data} - @validate_input("post", body_state=[True, False]) + @validate_input("post", body_state={"name":True}) @check_auth def post(self, category_id=None, user_id=None): """Create or update an action category. @@ -245,13 +221,10 @@ class ActionCategories(Resource): } :internal_api: add_action_category """ - try: - data = ModelManager.add_action_category( - user_id=user_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.add_action_category( + user_id=user_id, value=request.json) + return {"action_categories": data} @validate_input("delete", kwargs_state=[True, False]) @@ -267,11 +240,7 @@ class ActionCategories(Resource): } :internal_api: delete_action_category """ - try: - data = ModelManager.delete_action_category( - user_id=user_id, category_id=category_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.delete_action_category( + user_id=user_id, category_id=category_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/meta_rules.py b/moon_manager/moon_manager/api/meta_rules.py index afc11eba..3dc9996b 100644 --- a/moon_manager/moon_manager/api/meta_rules.py +++ b/moon_manager/moon_manager/api/meta_rules.py @@ -51,16 +51,13 @@ class MetaRules(Resource): } :internal_api: get_meta_rules """ - try: - data = ModelManager.get_meta_rules( - user_id=user_id, meta_rule_id=meta_rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.get_meta_rules( + user_id=user_id, meta_rule_id=meta_rule_id) + return {"meta_rules": data} - @validate_input("post", body_state=[True, True, True, True]) + @validate_input("post", body_state={"name":True, "subject_categories":True, "object_categories":True, "action_categories":True}) @check_auth def post(self, meta_rule_id=None, user_id=None): """Add a meta rule @@ -87,18 +84,15 @@ class MetaRules(Resource): } :internal_api: add_meta_rules """ - try: - data = ModelManager.add_meta_rule( - user_id=user_id, meta_rule_id=None, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.add_meta_rule( + user_id=user_id, meta_rule_id=None, value=request.json) + return {"meta_rules": data} - @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, True]) + @validate_input("patch", kwargs_state=[True, False], body_state={"name":True, "subject_categories":True, "object_categories":True, "action_categories":True}) @check_auth - def patch(self, meta_rule_id, user_id=None): + def patch(self, meta_rule_id=None, user_id=None): """Update a meta rule :param meta_rule_id: Meta rule ID @@ -123,18 +117,14 @@ class MetaRules(Resource): } :internal_api: set_meta_rules """ - try: - data = ModelManager.set_meta_rule( - user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.set_meta_rule( + user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) + return {"meta_rules": data} @validate_input("delete", kwargs_state=[True, False]) @check_auth - def delete(self, meta_rule_id, user_id=None): + def delete(self, meta_rule_id=None, user_id=None): """Delete a meta rule :param meta_rule_id: Meta rule ID @@ -152,12 +142,9 @@ class MetaRules(Resource): } :internal_api: delete_meta_rules """ - try: - data = ModelManager.delete_meta_rule( - user_id=user_id, meta_rule_id=meta_rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_meta_rule( + user_id=user_id, meta_rule_id=meta_rule_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/models.py b/moon_manager/moon_manager/api/models.py index 440a4d2b..c3068367 100644 --- a/moon_manager/moon_manager/api/models.py +++ b/moon_manager/moon_manager/api/models.py @@ -46,15 +46,11 @@ class Models(Resource): } :internal_api: get_models """ - try: - data = ModelManager.get_models(user_id=user_id, model_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.get_models(user_id=user_id, model_id=uuid) + return {"models": data} - @validate_input("post", body_state=[True, False, True]) + @validate_input("post", body_state={"name":True, "meta_rules":True}) @check_auth def post(self, uuid=None, user_id=None): """Create model. @@ -75,18 +71,14 @@ class Models(Resource): } :internal_api: add_model """ - try: - data = ModelManager.add_model( - user_id=user_id, model_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.add_model( + user_id=user_id, model_id=uuid, value=request.json) + return {"models": data} @validate_input("delete", kwargs_state=[True, False]) @check_auth - def delete(self, uuid, user_id=None): + def delete(self, uuid=None, user_id=None): """Delete a model :param uuid: uuid of the model to delete @@ -97,17 +89,14 @@ class Models(Resource): } :internal_api: delete_model """ - try: - data = ModelManager.delete_model(user_id=user_id, model_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = ModelManager.delete_model(user_id=user_id, model_id=uuid) + return {"result": True} - @validate_input("patch", kwargs_state=[True, False], body_state=[True, False, True]) + @validate_input("patch", kwargs_state=[True, False], body_state={"name":True, "meta_rules":True}) @check_auth - def patch(self, uuid, user_id=None): + def patch(self, uuid=None, user_id=None): """Update a model :param uuid: uuid of the model to update @@ -121,12 +110,8 @@ class Models(Resource): } :internal_api: update_model """ - try: - data = ModelManager.update_model( - user_id=user_id, model_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = ModelManager.update_model( + user_id=user_id, model_id=uuid, value=request.json) + return {"models": data} diff --git a/moon_manager/moon_manager/api/pdp.py b/moon_manager/moon_manager/api/pdp.py index fd20c85f..a5d7c007 100644 --- a/moon_manager/moon_manager/api/pdp.py +++ b/moon_manager/moon_manager/api/pdp.py @@ -114,15 +114,12 @@ class PDP(Resource): } :internal_api: get_pdp """ - try: - data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid) + return {"pdps": data} - @validate_input("post", body_state=[True, True, True, False]) + @validate_input("post", body_state={"name": True, "security_pipeline": True, "keystone_project_id": True}) @check_auth def post(self, uuid=None, user_id=None): """Create pdp. @@ -145,23 +142,20 @@ class PDP(Resource): } :internal_api: add_pdp """ - try: - data = dict(request.json) - if not data.get("keystone_project_id"): - data["keystone_project_id"] = None - else: - if check_keystone_pid(data.get("keystone_project_id")): - raise exceptions.PdpKeystoneMappingConflict - data = PDPManager.add_pdp( - user_id=user_id, pdp_id=None, value=request.json) - uuid = list(data.keys())[0] - logger.debug("data={}".format(data)) - logger.debug("uuid={}".format(uuid)) - add_pod(uuid=uuid, data=data[uuid]) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = dict(request.json) + if not data.get("keystone_project_id"): + data["keystone_project_id"] = None + else: + if check_keystone_pid(data.get("keystone_project_id")): + raise exceptions.PdpKeystoneMappingConflict + data = PDPManager.add_pdp( + user_id=user_id, pdp_id=None, value=request.json) + uuid = list(data.keys())[0] + logger.debug("data={}".format(data)) + logger.debug("uuid={}".format(uuid)) + add_pod(uuid=uuid, data=data[uuid]) + return {"pdps": data} @validate_input("delete", kwargs_state=[True, False]) @@ -177,16 +171,12 @@ class PDP(Resource): } :internal_api: delete_pdp """ - try: - data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid) - delete_pod(uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid) + delete_pod(uuid) + return {"result": True} - @validate_input("patch", kwargs_state=[True, False], body_state=[True, True, True, False]) + @validate_input("patch", kwargs_state=[True, False], body_state={"name": True, "security_pipeline": True, "keystone_project_id": True}) @check_auth def patch(self, uuid, user_id=None): """Update a pdp @@ -203,21 +193,18 @@ class PDP(Resource): } :internal_api: update_pdp """ - try: - _data = dict(request.json) - if not _data.get("keystone_project_id"): - _data["keystone_project_id"] = None - else: - if check_keystone_pid(_data.get("keystone_project_id")): - raise exceptions.PdpKeystoneMappingConflict - data = PDPManager.update_pdp( - user_id=user_id, pdp_id=uuid, value=_data) - logger.debug("data={}".format(data)) - logger.debug("uuid={}".format(uuid)) - add_pod(uuid=uuid, data=data[uuid]) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + _data = dict(request.json) + if not _data.get("keystone_project_id"): + _data["keystone_project_id"] = None + else: + if check_keystone_pid(_data.get("keystone_project_id")): + raise exceptions.PdpKeystoneMappingConflict + data = PDPManager.update_pdp( + user_id=user_id, pdp_id=uuid, value=_data) + logger.debug("data={}".format(data)) + logger.debug("uuid={}".format(uuid)) + add_pod(uuid=uuid, data=data[uuid]) + return {"pdps": data} diff --git a/moon_manager/moon_manager/api/perimeter.py b/moon_manager/moon_manager/api/perimeter.py index 014aa4b9..6c39c43d 100644 --- a/moon_manager/moon_manager/api/perimeter.py +++ b/moon_manager/moon_manager/api/perimeter.py @@ -55,21 +55,18 @@ class Subjects(Resource): } :internal_api: get_subjects """ - try: - data = PolicyManager.get_subjects( - user_id=user_id, - policy_id=uuid, - perimeter_id=perimeter_id - ) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_subjects( + user_id=user_id, + policy_id=uuid, + perimeter_id=perimeter_id + ) + return {"subjects": data} - @validate_input("post", body_state=[True, False, False, False]) + @validate_input("post", body_state={"name":True}) @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): + def post(self, uuid, perimeter_id=None, user_id=None): """Create or update a subject. :param uuid: uuid of the policy @@ -92,25 +89,22 @@ class Subjects(Resource): } :internal_api: set_subject """ - try: - if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, - policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_subject( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + if not perimeter_id: + data = PolicyManager.get_subjects(user_id=user_id, + policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_subject( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"subjects": data} - @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) + @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True}) @check_auth def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a subject. @@ -135,22 +129,19 @@ class Subjects(Resource): } :internal_api: set_subject """ - try: - if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, - policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_subject( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + if not perimeter_id: + data = PolicyManager.get_subjects(user_id=user_id, + policy_id=None) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_subject( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"subjects": data} @validate_input("delete", kwargs_state=[False, True, False]) @@ -172,13 +163,10 @@ class Subjects(Resource): } :internal_api: delete_subject """ - try: - data = PolicyManager.delete_subject( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_subject( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"result": True} @@ -213,21 +201,18 @@ class Objects(Resource): } :internal_api: get_objects """ - try: - data = PolicyManager.get_objects( - user_id=user_id, - policy_id=uuid, - perimeter_id=perimeter_id - ) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_objects( + user_id=user_id, + policy_id=uuid, + perimeter_id=perimeter_id + ) + return {"objects": data} - @validate_input("post", body_state=[True, False, False, False]) + @validate_input("post", body_state={"name":True}) @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): + def post(self, uuid, perimeter_id=None, user_id=None): """Create or update a object. :param uuid: uuid of the policy @@ -245,23 +230,20 @@ class Objects(Resource): } :internal_api: set_object """ - try: - data = PolicyManager.get_objects(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_object( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_objects(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_object( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"objects": data} - @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) + @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True}) @check_auth def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a object. @@ -281,20 +263,17 @@ class Objects(Resource): } :internal_api: set_object """ - try: - data = PolicyManager.get_objects(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_object( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_objects(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_object( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"objects": data} @validate_input("delete", kwargs_state=[False, True, False]) @@ -313,13 +292,10 @@ class Objects(Resource): } :internal_api: delete_object """ - try: - data = PolicyManager.delete_object( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_object( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"result": True} @@ -354,18 +330,15 @@ class Actions(Resource): } :internal_api: get_actions """ - try: - data = PolicyManager.get_actions( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_actions( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"actions": data} - @validate_input("post", body_state=[True, False, False, False]) + @validate_input("post", body_state={"name":True}) @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): + def post(self, uuid, perimeter_id=None, user_id=None): """Create or update a action. :param uuid: uuid of the policy @@ -383,23 +356,20 @@ class Actions(Resource): } :internal_api: set_action """ - try: - data = PolicyManager.get_actions(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_action( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_action( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"actions": data} - @validate_input("patch", kwargs_state=[False, True, False], body_state=[True, False, False, False]) + @validate_input("patch", kwargs_state=[False, True, False], body_state={"name":True}) @check_auth def patch(self, uuid, perimeter_id=None, user_id=None): """Create or update a action. @@ -419,20 +389,17 @@ class Actions(Resource): } :internal_api: set_action """ - try: - data = PolicyManager.get_actions(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_action( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_actions(user_id=user_id, policy_id=uuid) + if 'name' in request.json: + for data_id, data_value in data.items(): + if data_value['name'] == request.json['name']: + perimeter_id = data_id + break + data = PolicyManager.add_action( + user_id=user_id, policy_id=uuid, + perimeter_id=perimeter_id, value=request.json) + return {"actions": data} @validate_input("delete", kwargs_state=[False, True, False]) @@ -451,11 +418,8 @@ class Actions(Resource): } :internal_api: delete_action """ - try: - data = PolicyManager.delete_action( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_action( + user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/policies.py b/moon_manager/moon_manager/api/policies.py index 1a9e0bae..9fe237b2 100644 --- a/moon_manager/moon_manager/api/policies.py +++ b/moon_manager/moon_manager/api/policies.py @@ -12,6 +12,8 @@ from flask_restful import Resource import logging from python_moonutilities.security_functions import check_auth from python_moondb.core import PolicyManager +from python_moonutilities.security_functions import validate_input + __version__ = "4.3.2" @@ -30,6 +32,7 @@ class Policies(Resource): "/policies/<string:uuid>/", ) + @validate_input("get", kwargs_state=[False, False]) @check_auth def get(self, uuid=None, user_id=None): """Retrieve all policies @@ -46,14 +49,12 @@ class Policies(Resource): } :internal_api: get_policies """ - try: - data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) + return {"policies": data} + @validate_input("post", body_state={"name": True, "model_id":True}) @check_auth def post(self, uuid=None, user_id=None): """Create policy. @@ -76,17 +77,15 @@ class Policies(Resource): } :internal_api: add_policy """ - try: - data = PolicyManager.add_policy( - user_id=user_id, policy_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.add_policy( + user_id=user_id, policy_id=uuid, value=request.json) + return {"policies": data} + @validate_input("delete", kwargs_state=[ True, False]) @check_auth - def delete(self, uuid, user_id=None): + def delete(self, uuid=None, user_id=None): """Delete a policy :param uuid: uuid of the policy to delete @@ -97,16 +96,14 @@ class Policies(Resource): } :internal_api: delete_policy """ - try: - data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid) + return {"result": True} + @validate_input("patch", kwargs_state=[True, False], body_state={"name": True, "model_id":True}) @check_auth - def patch(self, uuid, user_id=None): + def patch(self, uuid=None, user_id=None): """Update a policy :param uuid: uuid of the policy to update @@ -121,12 +118,9 @@ class Policies(Resource): } :internal_api: update_policy """ - try: - data = PolicyManager.update_policy( - user_id=user_id, policy_id=uuid, value=request.json) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.update_policy( + user_id=user_id, policy_id=uuid, value=request.json) + return {"policies": data} diff --git a/moon_manager/moon_manager/api/rules.py b/moon_manager/moon_manager/api/rules.py index ecb066d9..a0248097 100644 --- a/moon_manager/moon_manager/api/rules.py +++ b/moon_manager/moon_manager/api/rules.py @@ -49,17 +49,14 @@ class Rules(Resource): } :internal_api: get_rules """ - try: - data = PolicyManager.get_rules(user_id=user_id, + + data = PolicyManager.get_rules(user_id=user_id, policy_id=uuid, rule_id=rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + return {"rules": data} - @validate_input("post", kwargs_state=[True, False, False], body_state=[True, False, False, False]) + @validate_input("post", kwargs_state=[True, False, False], body_state={"meta_rule_id": True, "rule": True, "instructions": True}) @check_auth def post(self, uuid=None, rule_id=None, user_id=None): """Add a rule to a meta rule @@ -111,15 +108,12 @@ class Rules(Resource): :internal_api: add_rule """ args = request.json - try: - data = PolicyManager.add_rule(user_id=user_id, - policy_id=uuid, - meta_rule_id=args['meta_rule_id'], - value=args) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.add_rule(user_id=user_id, + policy_id=uuid, + meta_rule_id=args['meta_rule_id'], + value=args) + return {"rules": data} @validate_input("delete", kwargs_state=[True, True, False]) @@ -133,12 +127,9 @@ class Rules(Resource): :return: { "result": true } :internal_api: delete_rule """ - try: - data = PolicyManager.delete_rule( - user_id=user_id, policy_id=uuid, rule_id=rule_id) - except Exception as e: - logger.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 + + data = PolicyManager.delete_rule( + user_id=user_id, policy_id=uuid, rule_id=rule_id) + return {"result": True} diff --git a/moon_manager/moon_manager/api/slaves.py b/moon_manager/moon_manager/api/slaves.py index f5b3fa14..769b681f 100644 --- a/moon_manager/moon_manager/api/slaves.py +++ b/moon_manager/moon_manager/api/slaves.py @@ -11,12 +11,11 @@ from flask import request from flask_restful import Resource import logging import requests -import time from python_moonutilities.security_functions import check_auth -from python_moondb.core import PDPManager -from python_moondb.core import PolicyManager -from python_moondb.core import ModelManager -from python_moonutilities import configuration, exceptions + +from python_moonutilities import configuration +from python_moonutilities.security_functions import validate_input + __version__ = "4.3.0" @@ -42,6 +41,7 @@ class Slaves(Resource): self.orchestrator_port = conf["components/orchestrator"].get("port", 80) + @validate_input("get", kwargs_state=[False, False]) @check_auth def get(self, uuid=None, user_id=None): """Retrieve all slaves @@ -66,6 +66,8 @@ class Slaves(Resource): )) return {"slaves": req.json().get("slaves", dict())} + @validate_input("patch", kwargs_state=[False, False], + body_state={"op": True, "variable": True, "value": True}) @check_auth def patch(self, uuid=None, user_id=None): """Update a slave diff --git a/moon_manager/moon_manager/http_server.py b/moon_manager/moon_manager/http_server.py index a7258a75..204e7e04 100644 --- a/moon_manager/moon_manager/http_server.py +++ b/moon_manager/moon_manager/http_server.py @@ -112,11 +112,12 @@ class CustomApi(Api): @staticmethod def handle_error(e): try: - error_message = dumps({'message': str(e), "code": getattr(e, "code", 500)}) + error_message = dumps({"result": False, 'message': str(e), "code": getattr(e, "code", 500)}) + logger.error(e, exc_info=True) logger.error(error_message) return make_response(error_message, getattr(e, "code", 500)) except Exception as e2: # unhandled exception in the api... - logger.error(str(e2)) + logger.exception(str(e2)) return make_response(error_message, 500) @@ -132,7 +133,7 @@ class HTTPServer(Server): self.manager_port = conf["components/manager"].get("port", 80) # TODO : specify only few urls instead of * CORS(self.app) - self.api = CustomApi(self.app) + self.api = CustomApi(self.app, catch_all_404s=True) self.__set_route() def __set_route(self): diff --git a/moon_manager/tests/unit_python/api/import_export_utilities.py b/moon_manager/tests/unit_python/api/import_export_utilities.py index b1c8a541..12cb208e 100644 --- a/moon_manager/tests/unit_python/api/import_export_utilities.py +++ b/moon_manager/tests/unit_python/api/import_export_utilities.py @@ -3,13 +3,12 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -import api.utilities as utilities import api.test_unit_models as test_models import api.test_policies as test_policies import api.test_perimeter as test_perimeter -import api.meta_data_test as test_categories +import api.test_meta_data as test_categories import api.test_data as test_data -import api.meta_rules_test as test_meta_rules +import api.test_meta_rules as test_meta_rules import api.test_assignemnt as test_assignments import api.test_rules as test_rules import logging @@ -21,7 +20,6 @@ def clean_models(client): req, models = test_models.get_models(client) for key in models["models"]: client.delete("/models/{}".format(key)) - print("deleted model with id {}".format(key)) def clean_policies(client): @@ -29,7 +27,6 @@ def clean_policies(client): for key in policies["policies"]: req = client.delete("/policies/{}".format(key)) assert req.status_code == 200 - print("deleted policy with id {}".format(key)) def clean_subjects(client): @@ -40,9 +37,8 @@ def clean_subjects(client): policy_keys = subject["policy_list"] logger.info("subjects policy_keys {}".format(policy_keys)) for policy_key in policy_keys: - client.delete("/policies/{}/subjects/{}".format(policy_key,key)) + client.delete("/policies/{}/subjects/{}".format(policy_key, key)) client.delete("/subjects/{}".format(key)) - print("deleted subject with id {}".format(key)) def clean_objects(client): @@ -53,15 +49,13 @@ def clean_objects(client): policy_keys = object_["policy_list"] logger.info("objects policy_keys {}".format(policy_keys)) for policy_key in policy_keys: - print("/policies/{}/objects/{}".format(policy_key, key)) - req = client.delete("/policies/{}/objects/{}".format(policy_key, key)) + client.delete("/policies/{}/objects/{}".format(policy_key, key)) client.delete("/objects/{}".format(key)) - print("deleted object with id {}".format(key)) def clean_actions(client): actions = test_perimeter.get_actions(client) - logger.info("objects {}".format(actions)) + logger.info("actions {}".format(actions)) for key in actions[1]["actions"]: action = actions[1]["actions"][key] policy_keys = action["policy_list"] @@ -69,7 +63,6 @@ def clean_actions(client): for policy_key in policy_keys: client.delete("/policies/{}/actions/{}".format(policy_key, key)) client.delete("/actions/{}".format(key)) - print("deleted action with id {}".format(key)) def clean_subject_categories(client): @@ -95,10 +88,12 @@ def clean_action_categories(client): def clean_subject_data(client): req, policies = test_policies.get_policies(client) + logger.info("clean_subject_data on {}".format(policies)) for policy_key in policies["policies"]: req, data = test_data.get_subject_data(client, policy_id=policy_key) - print(data) + logger.info("============= data {}".format(data)) for key in data["subject_data"]: + logger.info("============= Deleting {}/{}".format(policy_key, key)) client.delete("/policies/{}/subject_data/{}".format(policy_key, key)) @@ -106,7 +101,6 @@ def clean_object_data(client): req, policies = test_policies.get_policies(client) for policy_key in policies["policies"]: req, data = test_data.get_object_data(client, policy_id=policy_key) - print(data) for key in data["object_data"]: client.delete("/policies/{}/object_data/{}".format(policy_key, key)) @@ -123,7 +117,8 @@ def clean_meta_rule(client): req, meta_rules = test_meta_rules.get_meta_rules(client) meta_rules = meta_rules["meta_rules"] for meta_rule_key in meta_rules: - print(meta_rule_key) + logger.info("clean_meta_rule.meta_rule_key={}".format(meta_rule_key)) + logger.info("clean_meta_rule.meta_rule={}".format(meta_rules[meta_rule_key])) client.delete("/meta_rules/{}".format(meta_rule_key)) @@ -136,7 +131,8 @@ def clean_subject_assignments(client): cat_key = assignments["subject_assignments"][key]["category_id"] data_keys = assignments["subject_assignments"][key]["assignments"] for data_key in data_keys: - req = client.delete("/policies/{}/subject_assignments/{}/{}/{}".format(policy_key, subject_key, cat_key, data_key)) + client.delete("/policies/{}/subject_assignments/{}/{}/{}".format(policy_key, subject_key, + cat_key, data_key)) def clean_object_assignments(client): @@ -148,7 +144,8 @@ def clean_object_assignments(client): cat_key = assignments["object_assignments"][key]["category_id"] data_keys = assignments["object_assignments"][key]["assignments"] for data_key in data_keys: - req = client.delete("/policies/{}/object_assignments/{}/{}/{}".format(policy_key, object_key, cat_key, data_key)) + client.delete("/policies/{}/object_assignments/{}/{}/{}".format(policy_key, object_key, + cat_key, data_key)) def clean_action_assignments(client): @@ -160,14 +157,14 @@ def clean_action_assignments(client): cat_key = assignments["action_assignments"][key]["category_id"] data_keys = assignments["action_assignments"][key]["assignments"] for data_key in data_keys: - req = client.delete("/policies/{}/action_assignments/{}/{}/{}".format(policy_key, action_key, cat_key, data_key)) + client.delete("/policies/{}/action_assignments/{}/{}/{}".format(policy_key, action_key, + cat_key, data_key)) def clean_rules(client): req, policies = test_policies.get_policies(client) for policy_key in policies["policies"]: req, rules = test_rules.get_rules(client, policy_key) - print(rules) rules = rules["rules"] rules = rules["rules"] for rule_key in rules: @@ -183,10 +180,6 @@ def clean_all(client): clean_meta_rule(client) - clean_subject_categories(client) - clean_object_categories(client) - clean_action_categories(client) - clean_subject_data(client) clean_object_data(client) clean_action_data(client) @@ -195,5 +188,9 @@ def clean_all(client): clean_objects(client) clean_subjects(client) + clean_subject_categories(client) + clean_object_categories(client) + clean_action_categories(client) + clean_policies(client) - clean_models(client)
\ No newline at end of file + clean_models(client) diff --git a/moon_manager/tests/unit_python/api/test_assignemnt.py b/moon_manager/tests/unit_python/api/test_assignemnt.py index 4e2acddc..22c727af 100644 --- a/moon_manager/tests/unit_python/api/test_assignemnt.py +++ b/moon_manager/tests/unit_python/api/test_assignemnt.py @@ -1,5 +1,7 @@ import api.utilities as utilities import json +from helpers import data_builder as builder +from uuid import uuid4 # subject_categories_test @@ -11,11 +13,19 @@ def get_subject_assignment(client, policy_id): return req, subject_assignment -def add_subject_assignment(client, policy_id, category_id): +def add_subject_assignment(client): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) + subject_id = builder.create_subject(policy_id) + data_id = builder.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + data = { - "id": "id1", - "category_id": category_id, - "data_id": "data_id1" + "id": subject_id, + "category_id": subject_category_id, + "data_id": data_id } req = client.post("/policies/{}/subject_assignments".format(policy_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) @@ -23,36 +33,42 @@ def add_subject_assignment(client, policy_id, category_id): return req, subject_assignment +def add_subject_assignment_without_cat_id(client): + + data = { + "id": "subject_id", + "category_id": "", + "data_id": "data_id" + } + req = client.post("/policies/{}/subject_assignments".format("1111"), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + subject_assignment = utilities.get_json(req.data) + return req, subject_assignment + + def delete_subject_assignment(client, policy_id, sub_id, cat_id,data_id): req = client.delete("/policies/{}/subject_assignments/{}/{}/{}".format(policy_id, sub_id, cat_id,data_id)) return req def test_add_subject_assignment(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, subject_assignment = add_subject_assignment(client, policy_id, "111") + req, subject_assignment = add_subject_assignment(client) assert req.status_code == 200 assert isinstance(subject_assignment, dict) - value = subject_assignment["subject_assignments"] assert "subject_assignments" in subject_assignment - id = list(value.keys())[0] - assert value[id]['policy_id'] == policy_id - assert value[id]['category_id'] == "111" - assert value[id]['subject_id'] == "id1" def test_add_subject_assignment_without_cat_id(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, subject_assignment = add_subject_assignment(client, policy_id, "") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == 'Empty String' + req, subject_assignment = add_subject_assignment_without_cat_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'category_id', [Empty String]" def test_get_subject_assignment(): - policy_id = utilities.get_policy_id() client = utilities.register_client() + policy_id = builder.get_policy_id_with_subject_assignment() req, subject_assignment = get_subject_assignment(client, policy_id) assert req.status_code == 200 assert isinstance(subject_assignment, dict) @@ -61,7 +77,7 @@ def test_get_subject_assignment(): def test_delete_subject_assignment(): client = utilities.register_client() - policy_id = utilities.get_policy_id() + policy_id = builder.get_policy_id_with_subject_assignment() req, subject_assignment = get_subject_assignment(client, policy_id) value = subject_assignment["subject_assignments"] id = list(value.keys())[0] @@ -72,7 +88,7 @@ def test_delete_subject_assignment(): def test_delete_subject_assignment_without_policy_id(): client = utilities.register_client() success_req = delete_subject_assignment(client, "", "id1", "111" ,"data_id1") - assert success_req.status_code == 500 + assert success_req.status_code == 404 # --------------------------------------------------------------------------- @@ -86,13 +102,35 @@ def get_object_assignment(client, policy_id): return req, object_assignment -def add_object_assignment(client, policy_id, category_id): +def add_object_assignment(client): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) + object_id = builder.create_object(policy_id) + data_id = builder.create_object_data(policy_id=policy_id, category_id=object_category_id) + + data = { + "id": object_id, + "category_id": object_category_id, + "data_id": data_id + } + + req = client.post("/policies/{}/object_assignments".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + object_assignment = utilities.get_json(req.data) + return req, object_assignment + + +def add_object_assignment_without_cat_id(client): + data = { - "id": "id1", - "category_id": category_id, - "data_id": "data_id1" + "id": "object_id", + "category_id": "", + "data_id": "data_id" } - req = client.post("/policies/{}/object_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + req = client.post("/policies/{}/object_assignments".format("1111"), data=json.dumps(data), headers={'Content-Type': 'application/json'}) object_assignment = utilities.get_json(req.data) return req, object_assignment @@ -104,7 +142,7 @@ def delete_object_assignment(client, policy_id, obj_id, cat_id, data_id): def test_get_object_assignment(): - policy_id = utilities.get_policy_id() + policy_id = builder.get_policy_id_with_object_assignment() client = utilities.register_client() req, object_assignment = get_object_assignment(client, policy_id) assert req.status_code == 200 @@ -113,30 +151,22 @@ def test_get_object_assignment(): def test_add_object_assignment(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, object_assignment = add_object_assignment(client, policy_id, "111") + req, object_assignment = add_object_assignment(client) assert req.status_code == 200 - assert isinstance(object_assignment, dict) - value = object_assignment["object_assignments"] assert "object_assignments" in object_assignment - id = list(value.keys())[0] - assert value[id]['policy_id'] == policy_id - assert value[id]['category_id'] == "111" - assert value[id]['object_id'] == "id1" def test_add_object_assignment_without_cat_id(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, object_assignment = add_object_assignment(client, policy_id, "") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == 'Empty String' + req, object_assignment = add_object_assignment_without_cat_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'category_id', [Empty String]" def test_delete_object_assignment(): client = utilities.register_client() - policy_id = utilities.get_policy_id() + policy_id = builder.get_policy_id_with_object_assignment() req, object_assignment = get_object_assignment(client, policy_id) value = object_assignment["object_assignments"] id = list(value.keys())[0] @@ -146,8 +176,8 @@ def test_delete_object_assignment(): def test_delete_object_assignment_without_policy_id(): client = utilities.register_client() - success_req = delete_object_assignment(client, "", "id1", "111" ,"data_id1") - assert success_req.status_code == 500 + success_req = delete_object_assignment(client, "", "id1", "111","data_id1") + assert success_req.status_code == 404 # --------------------------------------------------------------------------- @@ -161,13 +191,34 @@ def get_action_assignment(client, policy_id): return req, action_assignment -def add_action_assignment(client, policy_id, category_id): +def add_action_assignment(client): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) + action_id = builder.create_action(policy_id) + data_id = builder.create_action_data(policy_id=policy_id, category_id=action_category_id) + + data = { + "id": action_id, + "category_id": action_category_id, + "data_id": data_id + } + req = client.post("/policies/{}/action_assignments".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + action_assignment = utilities.get_json(req.data) + return req, action_assignment + + +def add_action_assignment_without_cat_id(client): + data = { - "id": "id1", - "category_id": category_id, - "data_id": "data_id1" + "id": "action_id", + "category_id": "", + "data_id": "data_id" } - req = client.post("/policies/{}/action_assignments/{}".format(policy_id, category_id), data=json.dumps(data), + req = client.post("/policies/{}/action_assignments".format("1111"), data=json.dumps(data), headers={'Content-Type': 'application/json'}) action_assignment = utilities.get_json(req.data) return req, action_assignment @@ -179,7 +230,7 @@ def delete_action_assignment(client, policy_id, action_id, cat_id, data_id): def test_get_action_assignment(): - policy_id = utilities.get_policy_id() + policy_id = builder.get_policy_id_with_action_assignment() client = utilities.register_client() req, action_assignment = get_action_assignment(client, policy_id) assert req.status_code == 200 @@ -188,30 +239,22 @@ def test_get_action_assignment(): def test_add_action_assignment(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, action_assignment = add_action_assignment(client, policy_id, "111") + req, action_assignment = add_action_assignment(client) assert req.status_code == 200 - assert isinstance(action_assignment, dict) - value = action_assignment["action_assignments"] assert "action_assignments" in action_assignment - id = list(value.keys())[0] - assert value[id]['policy_id'] == policy_id - assert value[id]['category_id'] == "111" - assert value[id]['action_id'] == "id1" def test_add_action_assignment_without_cat_id(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, action_assignment = add_action_assignment(client, policy_id, "") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == 'Empty String' + req, action_assignment = add_action_assignment_without_cat_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'category_id', [Empty String]" def test_delete_action_assignment(): client = utilities.register_client() - policy_id = utilities.get_policy_id() + policy_id = builder.get_policy_id_with_action_assignment() req, action_assignment = get_action_assignment(client, policy_id) value = action_assignment["action_assignments"] id = list(value.keys())[0] @@ -222,6 +265,6 @@ def test_delete_action_assignment(): def test_delete_action_assignment_without_policy_id(): client = utilities.register_client() success_req = delete_action_assignment(client, "", "id1", "111" ,"data_id1") - assert success_req.status_code == 500 + assert success_req.status_code == 404 # --------------------------------------------------------------------------- diff --git a/moon_manager/tests/unit_python/api/test_data.py b/moon_manager/tests/unit_python/api/test_data.py index f806ea2a..ff0856af 100644 --- a/moon_manager/tests/unit_python/api/test_data.py +++ b/moon_manager/tests/unit_python/api/test_data.py @@ -5,7 +5,8 @@ import api.utilities as utilities import json - +from helpers import data_builder as builder +from uuid import uuid4 # subject_categories_test @@ -19,12 +20,17 @@ def get_subject_data(client, policy_id, category_id=None): return req, subject_data -def add_subject_data(client, name, policy_id, category_id): +def add_subject_data(client, name): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) data = { "name": name, "description": "description of {}".format(name) } - req = client.post("/policies/{}/subject_data/{}".format(policy_id, category_id), data=json.dumps(data), + req = client.post("/policies/{}/subject_data/{}".format(policy_id, subject_category_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) subject_data = utilities.get_json(req.data) return req, subject_data @@ -45,9 +51,8 @@ def test_get_subject_data(): def test_add_subject_data(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, subject_data = add_subject_data(client, "testuser", policy_id, "111") + req, subject_data = add_subject_data(client, "testuser") assert req.status_code == 200 assert isinstance(subject_data, dict) value = subject_data["subject_data"]['data'] @@ -59,31 +64,29 @@ def test_add_subject_data(): def test_delete_subject_data(): client = utilities.register_client() - policy_id = utilities.get_policy_id() + subject_category_id, object_category_id, action_category_id, meta_rule_id,policy_id = builder.create_new_policy() success_req = delete_subject_data(client, policy_id) assert success_req.status_code == 200 def test_add_subject_data_with_empty_user(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, subject_data = add_subject_data(client, "", policy_id, "111") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + req, subject_data = add_subject_data(client, "") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_add_subject_data_with_user_contain_space(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, subject_data = add_subject_data(client, "test user", policy_id, "111") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + req, subject_data = add_subject_data(client, "test user") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_delete_subject_data_without_policy_id(): client = utilities.register_client() success_req = delete_subject_data(client, "") - assert success_req.status_code == 500 + assert success_req.status_code == 404 # --------------------------------------------------------------------------- @@ -99,12 +102,17 @@ def get_object_data(client, policy_id, category_id=None): return req, object_data -def add_object_data(client, name, policy_id, category_id): +def add_object_data(client, name): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) data = { "name": name, "description": "description of {}".format(name) } - req = client.post("/policies/{}/object_data/{}".format(policy_id, category_id), data=json.dumps(data), + req = client.post("/policies/{}/object_data/{}".format(policy_id, object_category_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) object_data = utilities.get_json(req.data) return req, object_data @@ -125,9 +133,8 @@ def test_get_object_data(): def test_add_object_data(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, object_data = add_object_data(client, "testuser", policy_id, "111") + req, object_data = add_object_data(client, "testuser") assert req.status_code == 200 assert isinstance(object_data, dict) value = object_data["object_data"]['data'] @@ -149,25 +156,23 @@ def test_delete_object_data(): def test_add_object_data_with_empty_user(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, subject_data = add_subject_data(client, "", policy_id, "111") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + req, subject_data = add_object_data(client, "") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_add_object_data_with_user_contain_space(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, object_data = add_object_data(client, "test user", policy_id, "111") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + req, object_data = add_object_data(client, "test user") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_delete_object_data_without_policy_id(): client = utilities.register_client() success_req = delete_object_data(client, "") - assert success_req.status_code == 500 + assert success_req.status_code == 404 # --------------------------------------------------------------------------- # action_categories_test @@ -182,12 +187,17 @@ def get_action_data(client, policy_id, category_id=None): return req, action_data -def add_action_data(client, name, policy_id, category_id): +def add_action_data(client, name): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) data = { "name": name, "description": "description of {}".format(name) } - req = client.post("/policies/{}/action_data/{}".format(policy_id, category_id), data=json.dumps(data), + req = client.post("/policies/{}/action_data/{}".format(policy_id, action_category_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) action_data = utilities.get_json(req.data) return req, action_data @@ -208,9 +218,8 @@ def test_get_action_data(): def test_add_action_data(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, action_data = add_action_data(client, "testuser", policy_id, "111") + req, action_data = add_action_data(client, "testuser") assert req.status_code == 200 assert isinstance(action_data, dict) value = action_data["action_data"]['data'] @@ -228,23 +237,21 @@ def test_delete_action_data(): def test_add_action_data_with_empty_user(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, action_data = add_action_data(client, "", policy_id, "111") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + req, action_data = add_action_data(client, "") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_add_action_data_with_user_contain_space(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, action_data = add_action_data(client, "test user", policy_id, "111") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + req, action_data = add_action_data(client, "test user") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_delete_action_data_without_policy_id(): client = utilities.register_client() success_req = delete_action_data(client, "") - assert success_req.status_code == 500 + assert success_req.status_code == 404 # --------------------------------------------------------------------------- diff --git a/moon_manager/tests/unit_python/api/test_export.py b/moon_manager/tests/unit_python/api/test_export.py index 122ab927..ac8e8d17 100644 --- a/moon_manager/tests/unit_python/api/test_export.py +++ b/moon_manager/tests/unit_python/api/test_export.py @@ -51,11 +51,11 @@ ASSIGNMENTS = {"models": [{"name": "test model", "description": "", "meta_rules" "action_data": [{"name": "test action data", "description": "action data description", "policies": [{"name": "test policy"}], "category": {"name": "test action categories"}}], "meta_rules": [{"name": "meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]}], "subjects": [{"name": "testuser", "description": "description of the subject", "extra": {"field_extra_subject": "value extra subject"}, "policies": [{"name": "test policy"}]}], - "objects": [{"name": "test object", "description": "description of the object", "extra": {"field_extra_object": "value extra object"}, "policies": [{"name": "test policy"}]}], - "actions": [{"name": "test action", "description": "description of the action", "extra": {"field_extra_action": "value extra action"}, "policies": [{"name": "test policy"}]}], + "objects": [{"name": "test object e0", "description": "description of the object", "extra": {"field_extra_object": "value extra object"}, "policies": [{"name": "test policy"}]}], + "actions": [{"name": "test action e0", "description": "description of the action", "extra": {"field_extra_action": "value extra action"}, "policies": [{"name": "test policy"}]}], "subject_assignments": [{"subject": {"name": "testuser"}, "category": {"name": "test subject categories"}, "assignments": [{"name": "test subject data"}]}], - "object_assignments": [{"object": {"name": "test object"}, "category": {"name": "test object categories"}, "assignments": [{"name": "test object data"}]}], - "action_assignments": [{"action": {"name": "test action"}, "category": {"name": "test action categories"}, "assignments": [{"name": "test action data"}]}]} + "object_assignments": [{"object": {"name": "test object e0"}, "category": {"name": "test object categories"}, "assignments": [{"name": "test object data"}]}], + "action_assignments": [{"action": {"name": "test action e0"}, "category": {"name": "test action categories"}, "assignments": [{"name": "test action data"}]}]} RULES = {"models": [{"name": "test model", "description": "", "meta_rules": [{"name": "meta rule"}]}], "policies": [{"name": "test policy", "genre": "authz", "description": "policy description", "model": {"name" : "test model"}}], @@ -67,12 +67,12 @@ RULES = {"models": [{"name": "test model", "description": "", "meta_rules": [{"n "action_data": [{"name": "test action data", "description": "action data description", "policies": [{"name": "test policy"}], "category": {"name": "test action categories"}}], "meta_rules": [{"name": "meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]}], "subjects": [{"name": "testuser", "description": "description of the subject", "extra": {"field_extra_subject": "value extra subject"}, "policies": [{"name": "test policy"}]}], - "objects": [{"name": "test object", "description": "description of the object", "extra": {"field_extra_object": "value extra object"}, "policies": [{"name": "test policy"}]}], - "actions": [{"name": "test action", "description": "description of the action", "extra": {"field_extra_action": "value extra action"}, "policies": [{"name": "test policy"}]}], + "objects": [{"name": "test object e1", "description": "description of the object", "extra": {"field_extra_object": "value extra object"}, "policies": [{"name": "test policy"}]}], + "actions": [{"name": "test action e1", "description": "description of the action", "extra": {"field_extra_action": "value extra action"}, "policies": [{"name": "test policy"}]}], "subject_assignments": [{"subject": {"name": "testuser"}, "category": {"name": "test subject categories"}, "assignments": [{"name": "test subject data"}]}], - "object_assignments": [{"object": {"name": "test object"}, "category": {"name": "test object categories"}, "assignments": [{"name": "test object data"}]}], - "action_assignments": [{"action": {"name": "test action"}, "category": {"name": "test action categories"}, "assignments": [{"name": "test action data"}]}], - "rules": [{"meta_rule": {"name" : "meta rule"}, "rule": {"subject_data" : [{"name":"test subject data"}], "object_data": [{"name": "test object data"}], "action_data": [{"name": "test action data"}]}, "policy": {"name" :"test policy"}, "instructions" : {"decision" : "grant"}, "enabled": True}] + "object_assignments": [{"object": {"name": "test object e1"}, "category": {"name": "test object categories"}, "assignments": [{"name": "test object data"}]}], + "action_assignments": [{"action": {"name": "test action e1"}, "category": {"name": "test action categories"}, "assignments": [{"name": "test action data"}]}], + "rules": [{"meta_rule": {"name": "meta rule"}, "rule": {"subject_data": [{"name": "test subject data"}], "object_data": [{"name": "test object data"}], "action_data": [{"name": "test action data"}]}, "policy": {"name":"test policy"}, "instructions": {"decision": "grant"}, "enabled": True}] } @@ -87,7 +87,6 @@ def test_export_models(): assert req.status_code == 200 data = utilities.get_json(req.data) - print(data) assert "content" in data assert "models" in data["content"] assert isinstance(data["content"]["models"], list) @@ -110,7 +109,6 @@ def test_export_policies(): assert req.status_code == 200 data = utilities.get_json(req.data) - print(data) assert "content" in data assert "policies" in data["content"] assert isinstance(data["content"]["policies"], list) @@ -136,7 +134,6 @@ def test_export_subject_object_action(): assert req.status_code == 200 data = utilities.get_json(req.data) - print(data) assert "content" in data type_elements = ["subject", "object", "action"] for type_element in type_elements: @@ -158,10 +155,8 @@ def test_export_subject_object_action(): assert isinstance(element["extra"], dict) key_dict = "field_extra_" + type_element value_dict = "value extra " + type_element - #TODO change this after bug fix on extra - if False: - assert key_dict in element["extra"] - assert element["extra"][key_dict] == value_dict + assert key_dict in element["extra"] + assert element["extra"][key_dict] == value_dict def test_export_subject_object_action_categories(): @@ -196,7 +191,6 @@ def test_export_subject_object_action_data(): req = client.get("/export") assert req.status_code == 200 data = utilities.get_json(req.data) - print(data) assert "content" in data type_elements = ["subject", "object", "action"] for type_element in type_elements: @@ -207,9 +201,9 @@ def test_export_subject_object_action_data(): data_elt = data["content"][key][0] assert data_elt["name"] == "test " + type_element + " data" assert data_elt["description"] == type_element + " data description" - assert isinstance(data_elt["policy"],dict) + assert isinstance(data_elt["policy"], dict) assert data_elt["policy"]["name"] == "test policy" - assert isinstance(data_elt["category"],dict) + assert isinstance(data_elt["category"], dict) assert data_elt["category"]["name"] == "test " + type_element + " categories" @@ -223,7 +217,6 @@ def test_export_assignments(): req = client.get("/export") assert req.status_code == 200 data = utilities.get_json(req.data) - print(data) assert "content" in data type_elements = ["subject", "object", "action"] for type_element in type_elements: @@ -237,7 +230,7 @@ def test_export_assignments(): if type_element == "subject": assert assignment_elt[type_element]["name"] == "testuser" else: - assert assignment_elt[type_element]["name"] == "test " + type_element + assert assignment_elt[type_element]["name"] == "test " + type_element + " e0" assert "category" in assignment_elt assert isinstance(assignment_elt["category"], dict) assert assignment_elt["category"]["name"] == "test " + type_element + " categories" @@ -246,6 +239,8 @@ def test_export_assignments(): assert len(assignment_elt["assignments"]) == 1 assert assignment_elt["assignments"][0]["name"] == "test " + type_element + " data" + import_export_utilities.clean_all(client) + def test_export_rules(): client = utilities.register_client() @@ -257,7 +252,6 @@ def test_export_rules(): req = client.get("/export") assert req.status_code == 200 data = utilities.get_json(req.data) - print(data) assert "content" in data assert "rules" in data["content"] assert isinstance(data["content"]["rules"], list) @@ -267,7 +261,7 @@ def test_export_rules(): assert "decision" in rule["instructions"] assert rule["instructions"]["decision"] == "grant" assert "enabled" in rule - assert rule["enabled"] == True + assert rule["enabled"] assert "meta_rule" in rule assert rule["meta_rule"]["name"] == "meta rule" assert "policy" in rule diff --git a/moon_manager/tests/unit_python/api/test_import.py b/moon_manager/tests/unit_python/api/test_import.py index 12a1cc6b..f1ab8251 100644 --- a/moon_manager/tests/unit_python/api/test_import.py +++ b/moon_manager/tests/unit_python/api/test_import.py @@ -6,10 +6,9 @@ import api.utilities as utilities import api.test_unit_models as test_models import api.test_policies as test_policies -import api.test_perimeter as test_perimeter -import api.meta_data_test as test_categories +import api.test_meta_data as test_categories import api.test_data as test_data -import api.meta_rules_test as test_meta_rules +import api.test_meta_rules as test_meta_rules import api.test_assignemnt as test_assignments import api.test_rules as test_rules import api.import_export_utilities as import_export_utilities @@ -37,11 +36,17 @@ SUBJECTS = [{"subjects": [{"name": "testuser", "description": "description of th {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {}, "mandatory": False}], "subjects": [{"name": "testuser", "description": "description of the subject", "extra": {}, "policies": [{"name": "test policy"}]}]}] -OBJECTS = [{"objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": []}]}, - {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {}, "mandatory": False}], "objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": []}]}, - {"policies": [{"name": "test other policy", "genre": "authz", "description": "description", "model": {}, "mandatory": True}], "objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": []}]}, - {"objects": [{"name": "test object", "description": "new description of the object", "extra": {"test": "test extra"}, "policies": [{"name": "test other policy"}]}]}, - {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {}, "mandatory": False}], "objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": [{"name": "test policy"}]}]}] +OBJECTS = [ + {"objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": []}]}, + {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {}, "mandatory": False}], + "objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": []}]}, + {"policies": [{"name": "test other policy", "genre": "authz", "description": "description", "model": {}, "mandatory": True}], + "objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": []}]}, + {"objects": [{"name": "test object", "description": "new description of the object", "extra": {"test": "test extra"}, + "policies": [{"name": "test other policy"}]}]}, + {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {}, "mandatory": False}], + "objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": [{"name": "test policy"}]}]}, +] ACTIONS = [{"actions": [{"name": "test action", "description": "description of the action", "extra": {}, "policies": []}]}, @@ -100,7 +105,8 @@ META_RULES = [{"meta_rules" :[{"name": "bad meta rule", "description": "not vali {"meta_rules": [{"name": "bad meta rule", "description": "not valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "not valid category"}]}]}, {"meta_rules": [{"name": "good meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]}]}] -PRE_ASSIGNMENTS = {"models": [{"name": "test model", "description": "", "meta_rules": [{"name" : "good meta rule"}]}], + +PRE_ASSIGNMENTS = {"models": [{"name": "test model", "description": "", "meta_rules": [{"name": "good meta rule"}]}], "policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {"name" : "test model"}, "mandatory": True}], "subject_categories": [{"name": "test subject categories", "description": "subject category description"}], "object_categories": [{"name": "test object categories", "description": "object category description"}], @@ -168,8 +174,8 @@ def test_import_policies(): try: data = utilities.get_json(req.data) assert data == "Import ok !" - except Exception as e: - assert counter == 2 # this is an expected failure + except Exception: + assert counter == 2 # this is an expected failure continue req, policies = test_policies.get_policies(client) @@ -189,7 +195,7 @@ def test_import_policies(): def test_import_subject_object_action(): client = utilities.register_client() - type_elements =["object", "action"] + type_elements = ["object", "action"] for type_element in type_elements: import_export_utilities.clean_all(client) @@ -197,21 +203,18 @@ def test_import_subject_object_action(): # set the getters and the comparison values if type_element == "subject": elements = SUBJECTS - get_method = test_perimeter.get_subjects - clean_method= import_export_utilities.clean_subjects + clean_method = import_export_utilities.clean_subjects name = "testuser" key_extra = "email" value_extra = "new-email@test.com" elif type_element == "object": elements = OBJECTS - get_method = test_perimeter.get_objects clean_method = import_export_utilities.clean_objects name = "test object" key_extra = "test" value_extra = "test extra" else: elements = ACTIONS - get_method = test_perimeter.get_actions clean_method = import_export_utilities.clean_actions name = "test action" key_extra = "test" @@ -219,7 +222,6 @@ def test_import_subject_object_action(): for element in elements: counter = counter + 1 - print("counter {}".format(counter)) if counter == 2 or counter == 4: clean_method(client) @@ -231,28 +233,23 @@ def test_import_subject_object_action(): try: data = utilities.get_json(req.data) except Exception as e: - print(str(e)) assert False #assert counter < 2 # this is an expected failure #continue assert data == "Import ok !" - get_elements = get_method(client) - get_elements = get_elements[1][type_element + "s"] + get_elements = utilities.get_json(client.get("/"+type_element + "s").data) + get_elements = get_elements[type_element + "s"] assert len(list(get_elements.keys())) == 1 values = list(get_elements.values()) assert values[0]["name"] == name - print(values[0]) if counter == 2 or counter == 4: assert values[0]["description"] == "description of the " + type_element - print(values[0]) #assert not values[0]["extra"] if counter == 3: - #TODO uncomment this if update shall be done through import ! - #assert values[0]["description"] == "new description of the " + type_element - #assert values[0]["extra"][key_extra] == value_extra - assert True + assert values[0]["description"] == "new description of the " + type_element + assert values[0]["extra"][key_extra] == value_extra # assert len(values[0]["policy_list"]) == 1 import_export_utilities.clean_all(client) @@ -309,10 +306,9 @@ def test_import_meta_rules(): assert data == "Import ok !" assert req.status_code == 200 - req ,meta_rules= test_meta_rules.get_meta_rules(client) + req, meta_rules = test_meta_rules.get_meta_rules(client) meta_rules = meta_rules["meta_rules"] key = list(meta_rules.keys())[0] - print(meta_rules) assert isinstance(meta_rules,dict) assert meta_rules[key]["name"] == "good meta rule" assert meta_rules[key]["description"] == "valid meta rule" @@ -367,8 +363,6 @@ def test_import_subject_object_action_assignments(): assert req.status_code == 500 continue else: - print(data) - print(req) assert data == "Import ok !" assert req.status_code == 200 req, policies = test_policies.get_policies(client) @@ -398,16 +392,13 @@ def test_import_rules(): req, rules = test_rules.test_get_rules() rules = rules["rules"] - policy_key = rules["policy_id"] rules = rules["rules"] - print(rules) assert len(rules) == 1 rules = rules[0] - assert rules["enabled"] == True + assert rules["enabled"] assert rules["instructions"]["decision"] == "grant" req, meta_rules = test_meta_rules.get_meta_rules(client) - print(meta_rules) assert meta_rules["meta_rules"][list(meta_rules["meta_rules"].keys())[0]]["name"] == "good meta rule" @@ -439,7 +430,6 @@ def test_import_subject_object_action_data(): if counter == 0 or counter == 1: assert req.status_code == 500 continue - print(counter) assert req.status_code == 200 data = utilities.get_json(req.data) assert data == "Import ok !" @@ -448,30 +438,20 @@ def test_import_subject_object_action_data(): policies = policies["policies"] req, categories = get_categories(client) categories = categories[type_element + "_categories"] - print("categories {}".format(categories)) - print("policies {}".format(policies)) - print("data in import {}".format(element)) case_tested = False for policy_key in policies.keys(): - print("policy in test {}".format(policy_key)) policy = policies[policy_key] - print("policy {}".format(policy)) for category_key in categories: - print("category in test {}".format(category_key)) - print("looking for {} data with policy {} and category {}".format(type_element, policy_key,category_key)) req, get_elements = get_method(client, policy_id=policy_key, category_id=category_key) if len(get_elements[type_element+"_data"]) == 0: continue - # do this because the backend gives an element with empty data if the policy_key, category_key couple does not have any data... + # do this because the backend gives an element with empty data if the policy_key, + # category_key couple does not have any data... get_elements = get_elements[type_element+"_data"] - print("test") if len(get_elements[0]["data"]) == 0: - print("test2") continue - print("get_elements {}".format(get_elements)) - if policy["name"] == "test policy": assert len(get_elements) == 1 el = get_elements[0] @@ -481,7 +461,6 @@ def test_import_subject_object_action_data(): el = el["data"][list(el["data"].keys())[0]] if "value" in el: el = el["value"] - print(el) assert el["name"] == "one valid " + type_element + " data" if counter == 3: assert len(el["data"].keys()) == 2 @@ -503,7 +482,6 @@ def test_import_subject_object_action_data(): assert isinstance(el["data"], dict) assert len(el["data"].keys()) == 1 el = el["data"][list(el["data"].keys())[0]] - print(el) if "value" in el: el = el["value"] assert el["name"] == "valid " + type_element + " data" @@ -517,4 +495,4 @@ def test_clean(): client = utilities.register_client() import_export_utilities.clean_all(client) #restore the database as previously - utilities.get_policy_id()
\ No newline at end of file + utilities.get_policy_id() diff --git a/moon_manager/tests/unit_python/api/test_meta_data.py b/moon_manager/tests/unit_python/api/test_meta_data.py new file mode 100644 index 00000000..4cb86913 --- /dev/null +++ b/moon_manager/tests/unit_python/api/test_meta_data.py @@ -0,0 +1,235 @@ +import json +import api.utilities as utilities + +#subject_categories_test + + +def get_subject_categories(client): + req = client.get("/subject_categories") + subject_categories = utilities.get_json(req.data) + return req, subject_categories + + +def add_subject_categories(client, name): + data = { + "name": name, + "description": "description of {}".format(name) + } + req = client.post("/subject_categories", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + subject_categories = utilities.get_json(req.data) + return req, subject_categories + + +def delete_subject_categories(client, name): + request, subject_categories = get_subject_categories(client) + for key, value in subject_categories['subject_categories'].items(): + if value['name'] == name: + return client.delete("/subject_categories/{}".format(key)) + + +def delete_subject_categories_without_id(client): + req = client.delete("/subject_categories/{}".format("")) + return req + + +def test_get_subject_categories(): + client = utilities.register_client() + req, subject_categories = get_subject_categories(client) + assert req.status_code == 200 + assert isinstance(subject_categories, dict) + assert "subject_categories" in subject_categories + + +def test_add_subject_categories(): + client = utilities.register_client() + req, subject_categories = add_subject_categories(client, "testuser") + assert req.status_code == 200 + assert isinstance(subject_categories, dict) + value = list(subject_categories["subject_categories"].values())[0] + assert "subject_categories" in subject_categories + assert value['name'] == "testuser" + assert value['description'] == "description of {}".format("testuser") + + +def test_add_subject_categories_with_empty_user(): + client = utilities.register_client() + req, subject_categories = add_subject_categories(client, "") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" + + +def test_add_subject_categories_with_user_contain_space(): + client = utilities.register_client() + req, subject_categories = add_subject_categories(client, "test user") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" + + +def test_delete_subject_categories(): + client = utilities.register_client() + req = delete_subject_categories(client, "testuser") + assert req.status_code == 200 + + +def test_delete_subject_categories_without_id(): + client = utilities.register_client() + req = delete_subject_categories_without_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Subject Category Unknown" + + +#--------------------------------------------------------------------------- +#object_categories_test + +def get_object_categories(client): + req = client.get("/object_categories") + object_categories = utilities.get_json(req.data) + return req, object_categories + + +def add_object_categories(client, name): + data = { + "name": name, + "description": "description of {}".format(name) + } + req = client.post("/object_categories", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + object_categories = utilities.get_json(req.data) + return req, object_categories + + +def delete_object_categories(client, name): + request, object_categories = get_object_categories(client) + for key, value in object_categories['object_categories'].items(): + if value['name'] == name: + return client.delete("/object_categories/{}".format(key)) + + +def delete_object_categories_without_id(client): + req = client.delete("/object_categories/{}".format("")) + return req + + +def test_get_object_categories(): + client = utilities.register_client() + req, object_categories = get_object_categories(client) + assert req.status_code == 200 + assert isinstance(object_categories, dict) + assert "object_categories" in object_categories + + +def test_add_object_categories(): + client = utilities.register_client() + req, object_categories = add_object_categories(client, "testuser") + assert req.status_code == 200 + assert isinstance(object_categories, dict) + value = list(object_categories["object_categories"].values())[0] + assert "object_categories" in object_categories + assert value['name'] == "testuser" + assert value['description'] == "description of {}".format("testuser") + + +def test_add_object_categories_with_empty_user(): + client = utilities.register_client() + req, object_categories = add_object_categories(client, "") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" + + +def test_add_object_categories_with_user_contain_space(): + client = utilities.register_client() + req, object_categories = add_object_categories(client, "test user") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" + + +def test_delete_object_categories(): + client = utilities.register_client() + req = delete_object_categories(client, "testuser") + assert req.status_code == 200 + + +def test_delete_object_categories_without_id(): + client = utilities.register_client() + req = delete_object_categories_without_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Object Category Unknown" + + +#--------------------------------------------------------------------------- +#action_categories_test + +def get_action_categories(client): + req = client.get("/action_categories") + action_categories = utilities.get_json(req.data) + return req, action_categories + + +def add_action_categories(client, name): + data = { + "name": name, + "description": "description of {}".format(name) + } + req = client.post("/action_categories", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + action_categories = utilities.get_json(req.data) + return req, action_categories + + +def delete_action_categories(client, name): + request, action_categories = get_action_categories(client) + for key, value in action_categories['action_categories'].items(): + if value['name'] == name: + return client.delete("/action_categories/{}".format(key)) + + +def delete_action_categories_without_id(client): + req = client.delete("/action_categories/{}".format("")) + return req + + +def test_get_action_categories(): + client = utilities.register_client() + req, action_categories = get_action_categories(client) + assert req.status_code == 200 + assert isinstance(action_categories, dict) + assert "action_categories" in action_categories + + +def test_add_action_categories(): + client = utilities.register_client() + req, action_categories = add_action_categories(client, "testuser") + assert req.status_code == 200 + assert isinstance(action_categories, dict) + value = list(action_categories["action_categories"].values())[0] + assert "action_categories" in action_categories + assert value['name'] == "testuser" + assert value['description'] == "description of {}".format("testuser") + + +def test_add_action_categories_with_empty_user(): + client = utilities.register_client() + req, action_categories = add_action_categories(client, "") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" + + +def test_add_action_categories_with_user_contain_space(): + client = utilities.register_client() + req, action_categories = add_action_categories(client, "test user") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" + + +def test_delete_action_categories(): + client = utilities.register_client() + req = delete_action_categories(client, "testuser") + assert req.status_code == 200 + + +def test_delete_action_categories_without_id(): + client = utilities.register_client() + req = delete_action_categories_without_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Action Category Unknown" diff --git a/moon_manager/tests/unit_python/api/test_meta_rules.py b/moon_manager/tests/unit_python/api/test_meta_rules.py new file mode 100644 index 00000000..80d648b4 --- /dev/null +++ b/moon_manager/tests/unit_python/api/test_meta_rules.py @@ -0,0 +1,175 @@ +import json +import api.utilities as utilities +from helpers import category_helper +from uuid import uuid4 + + +def get_meta_rules(client): + req = client.get("/meta_rules") + meta_rules = utilities.get_json(req.data) + return req, meta_rules + + +def add_meta_rules(client, name): + subject_category = category_helper.add_subject_category(value={"name": "subject category name"+uuid4().hex, "description": "description 1"}) + subject_category_id = list(subject_category.keys())[0] + object_category = category_helper.add_object_category(value={"name": "object category name"+ uuid4().hex, "description": "description 1"}) + object_category_id = list(object_category.keys())[0] + action_category = category_helper.add_action_category(value={"name": "action category name"+uuid4().hex, "description": "description 1"}) + action_category_id = list(action_category.keys())[0] + + data = { + "name": name, + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + req = client.post("/meta_rules", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + meta_rules = utilities.get_json(req.data) + return req, meta_rules + + +def add_meta_rules_without_subject_category_ids(client, name): + data = { + "name": name, + "subject_categories": [], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } + req = client.post("/meta_rules", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + meta_rules = utilities.get_json(req.data) + return req, meta_rules + + +def update_meta_rules(client, name, metaRuleId): + subject_category = category_helper.add_subject_category( + value={"name": "subject category name update" + uuid4().hex, "description": "description 1"}) + subject_category_id = list(subject_category.keys())[0] + object_category = category_helper.add_object_category( + value={"name": "object category name update" + uuid4().hex, "description": "description 1"}) + object_category_id = list(object_category.keys())[0] + action_category = category_helper.add_action_category( + value={"name": "action category name update" + uuid4().hex, "description": "description 1"}) + action_category_id = list(action_category.keys())[0] + data = { + "name": name, + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + req = client.patch("/meta_rules/{}".format(metaRuleId), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + meta_rules = utilities.get_json(req.data) + return req, meta_rules + + +def update_meta_rules_without_subject_category_ids(client, name): + data = { + "name": name, + "subject_categories": [], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } + req = client.post("/meta_rules", data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + meta_rules = utilities.get_json(req.data) + return req, meta_rules + + +def delete_meta_rules(client, name): + request, meta_rules = get_meta_rules(client) + for key, value in meta_rules['meta_rules'].items(): + if value['name'] == name: + req = client.delete("/meta_rules/{}".format(key)) + break + return req + + +def delete_meta_rules_without_id(client): + req = client.delete("/meta_rules/{}".format("")) + return req + + +def test_get_meta_rules(): + client = utilities.register_client() + req, meta_rules = get_meta_rules(client) + assert req.status_code == 200 + assert isinstance(meta_rules, dict) + assert "meta_rules" in meta_rules + + +def test_add_meta_rules(): + client = utilities.register_client() + req, meta_rules = add_meta_rules(client, "testuser") + assert req.status_code == 200 + assert isinstance(meta_rules, dict) + value = list(meta_rules["meta_rules"].values())[0] + assert "meta_rules" in meta_rules + assert value['name'] == "testuser" + + +def test_add_meta_rules_with_empty_user(): + client = utilities.register_client() + req, meta_rules = add_meta_rules(client, "") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" + + +def test_add_meta_rules_with_user_contain_space(): + client = utilities.register_client() + req, meta_rules = add_meta_rules(client, "test user") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" + + +def test_add_meta_rules_without_subject_categories(): + client = utilities.register_client() + req, meta_rules = add_meta_rules_without_subject_category_ids(client, "testuser") + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'subject_categories', [Empty Container]" + + +def test_delete_meta_rules(): + client = utilities.register_client() + req = delete_meta_rules(client, "testuser") + assert req.status_code == 200 + + +def test_delete_meta_rules_without_id(): + client = utilities.register_client() + req = delete_meta_rules_without_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Meta Rule Unknown" + + +def test_update_meta_rules(): + client = utilities.register_client() + req = add_meta_rules(client, "testuser") + meta_rule_id = list(req[1]['meta_rules'])[0] + req_update = update_meta_rules(client, "testuser", meta_rule_id) + assert req_update[0].status_code == 200 + delete_meta_rules(client, "testuser") + get_meta_rules(client) + + +def test_update_meta_rules_without_id(): + client = utilities.register_client() + req_update = update_meta_rules(client, "testuser", "") + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "400: Meta Rule Unknown" + + +def test_update_meta_rules_without_user(): + client = utilities.register_client() + req_update = update_meta_rules(client, "", "") + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "Key: 'name', [Empty String]" + + +def test_update_meta_rules_without_subject_categories(): + client = utilities.register_client() + req_update = update_meta_rules_without_subject_category_ids(client, "testuser") + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "Key: 'subject_categories', [Empty Container]" diff --git a/moon_manager/tests/unit_python/api/test_pdp.py b/moon_manager/tests/unit_python/api/test_pdp.py index fbaa6c7b..1ac9b84f 100644 --- a/moon_manager/tests/unit_python/api/test_pdp.py +++ b/moon_manager/tests/unit_python/api/test_pdp.py @@ -1,6 +1,7 @@ import json import api.utilities as utilities -import pytest +from helpers import data_builder as builder +from uuid import uuid4 def get_pdp(client): @@ -42,9 +43,15 @@ def test_get_pdp(): def test_add_pdp(): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex, + model_name="model1" + uuid4().hex) data = { "name": "testuser", - "security_pipeline": ["policy_id_1", "policy_id_2"], + "security_pipeline": [policy_id], "keystone_project_id": "keystone_project_id", "description": "description of testuser" } @@ -78,8 +85,8 @@ def test_add_pdp_with_empty_user(): } client = utilities.register_client() req, models = add_pdp(client, data) - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_add_pdp_with_user_contain_space(): @@ -91,8 +98,8 @@ def test_add_pdp_with_user_contain_space(): } client = utilities.register_client() req, models = add_pdp(client, data) - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_add_pdp_without_security_pipeline(): @@ -104,8 +111,8 @@ def test_add_pdp_without_security_pipeline(): } client = utilities.register_client() req, meta_rules = add_pdp(client, data) - assert req.status_code == 500 - assert json.loads(req.data)["message"] == 'Empty Container' + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'security_pipeline', [Empty Container]" def test_add_pdp_without_keystone(): @@ -117,20 +124,33 @@ def test_add_pdp_without_keystone(): } client = utilities.register_client() req, meta_rules = add_pdp(client, data) - assert req.status_code == 500 - assert json.loads(req.data)["message"] == 'Empty String' + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'keystone_project_id', [Empty String]" def test_update_pdp(): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1"+uuid4().hex, + object_category_name="object_category1"+uuid4().hex, + action_category_name="action_category1"+uuid4().hex, + meta_rule_name="meta_rule_1"+uuid4().hex, + model_name="model1"+uuid4().hex) data_add = { "name": "testuser", - "security_pipeline": ["policy_id_1", "policy_id_2"], + "security_pipeline": [policy_id], "keystone_project_id": "keystone_project_id", "description": "description of testuser" } + + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id_update = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex, + model_name="model1" + uuid4().hex) data_update = { "name": "testuser", - "security_pipeline": ["policy_id_1_update", "policy_id_2_update"], + "security_pipeline": [policy_id_update], "keystone_project_id": "keystone_project_id_update", "description": "description of testuser" } @@ -151,7 +171,8 @@ def test_update_pdp(): def test_update_pdp_without_id(): client = utilities.register_client() req_update = update_pdp(client, "testuser", "") - assert req_update[0].status_code == 500 + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == 'Invalid Key :name not found' def test_update_pdp_without_user(): @@ -163,8 +184,8 @@ def test_update_pdp_without_user(): } client = utilities.register_client() req_update = update_pdp(client, data, "") - assert req_update[0].status_code == 500 - assert json.loads(req_update[0].data)["message"] == "Empty String" + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "Key: 'name', [Empty String]" def test_update_pdp_without_security_pipeline(): @@ -176,5 +197,5 @@ def test_update_pdp_without_security_pipeline(): } client = utilities.register_client() req_update = update_pdp(client, data, "") - assert req_update[0].status_code == 500 - assert json.loads(req_update[0].data)["message"] == "Empty Container"
\ No newline at end of file + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "Key: 'security_pipeline', [Empty Container]"
\ No newline at end of file diff --git a/moon_manager/tests/unit_python/api/test_perimeter.py b/moon_manager/tests/unit_python/api/test_perimeter.py index b13bb2ed..322d90c6 100644 --- a/moon_manager/tests/unit_python/api/test_perimeter.py +++ b/moon_manager/tests/unit_python/api/test_perimeter.py @@ -2,6 +2,8 @@ # import moon_manager.api import json import api.utilities as utilities +from helpers import data_builder as builder +from uuid import uuid4 def get_subjects(client): @@ -11,13 +13,19 @@ def get_subjects(client): def add_subjects(client, name): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex, + model_name="model1" + uuid4().hex) data = { - "name": name, + "name": name + uuid4().hex, "description": "description of {}".format(name), "password": "password for {}".format(name), "email": "{}@moon".format(name) } - req = client.post("/subjects", data=json.dumps(data), + req = client.post("/policies/{}/subjects".format(policy_id), data=json.dumps(data), headers={'Content-Type': 'application/json'}) subjects = utilities.get_json(req.data) return req, subjects @@ -25,11 +33,10 @@ def add_subjects(client, name): def delete_subject(client): subjects = get_subjects(client) - for key, value in subjects[1]['subjects'].items(): - if value['name'] == "testuser": - req = client.delete("/subjects/{}".format(key)) - break - return req + value = subjects[1]['subjects'] + id = list(value.keys())[0] + policy_id = builder.get_policy_id_with_subject_assignment() + return client.delete("/policies/{}/subjects/{}".format(policy_id, id)) def delete_subjects_without_perimeter_id(client): @@ -48,25 +55,39 @@ def test_perimeter_get_subject(): def test_perimeter_add_subject(): client = utilities.register_client() req, subjects = add_subjects(client, "testuser") - assert req.status_code == 200 value = list(subjects["subjects"].values())[0] + assert req.status_code == 200 assert "subjects" in subjects - assert value['name'] == "testuser" - assert value["email"] == "{}@moon".format("testuser") + assert value["name"] is not None + assert value["email"] is not None def test_perimeter_add_subject_without_name(): client = utilities.register_client() - req, subjects = add_subjects(client, "") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + data = { + "name": "", + "description": "description of {}".format(""), + "password": "password for {}".format(""), + "email": "{}@moon".format("") + } + req = client.post("/policies/{}/subjects".format("111"), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_perimeter_add_subject_with_name_contain_spaces(): client = utilities.register_client() - req, subjects = add_subjects(client, "test user") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + data = { + "name": "test user", + "description": "description of {}".format("test user"), + "password": "password for {}".format("test user"), + "email": "{}@moon".format("test user") + } + req = client.post("/policies/{}/subjects".format("111"), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_perimeter_delete_subject(): @@ -78,7 +99,8 @@ def test_perimeter_delete_subject(): def test_perimeter_delete_subjects_without_perimeter_id(): client = utilities.register_client() req = delete_subjects_without_perimeter_id(client) - assert req.status_code == 500 + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Subject Unknown" def get_objects(client): @@ -88,11 +110,17 @@ def get_objects(client): def add_objects(client, name): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policyId = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex, + model_name="model1" + uuid4().hex) data = { - "name": name, + "name": name + uuid4().hex, "description": "description of {}".format(name), } - req = client.post("/objects", data=json.dumps(data), + req = client.post("/policies/{}/objects/".format(policyId), data=json.dumps(data), headers={'Content-Type': 'application/json'}) objects = utilities.get_json(req.data) return req, objects @@ -100,11 +128,10 @@ def add_objects(client, name): def delete_object(client): objects = get_objects(client) - for key, value in objects[1]['objects'].items(): - if value['name'] == "testuser": - req = client.delete("/objects/{}".format(key)) - break - return req + value = objects[1]['objects'] + id = list(value.keys())[0] + policy_id = builder.get_policy_id_with_object_assignment() + return client.delete("/policies/{}/objects/{}".format(policy_id, id)) def delete_objects_without_perimeter_id(client): @@ -123,24 +150,34 @@ def test_perimeter_get_object(): def test_perimeter_add_object(): client = utilities.register_client() req, objects = add_objects(client, "testuser") - assert req.status_code == 200 value = list(objects["objects"].values())[0] + assert req.status_code == 200 assert "objects" in objects - assert value['name'] == "testuser" + assert value['name'] is not None def test_perimeter_add_object_without_name(): client = utilities.register_client() - req, objects = add_objects(client, "") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + data = { + "name": "", + "description": "description of {}".format(""), + } + req = client.post("/policies/{}/objects/".format("111"), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_perimeter_add_object_with_name_contain_spaces(): client = utilities.register_client() - req, objects = add_objects(client, "test user") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + data = { + "name": "test user", + "description": "description of {}".format("test user"), + } + req = client.post("/policies/{}/objects/".format("111"), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_perimeter_delete_object(): @@ -152,7 +189,8 @@ def test_perimeter_delete_object(): def test_perimeter_delete_objects_without_perimeter_id(): client = utilities.register_client() req = delete_objects_without_perimeter_id(client) - assert req.status_code == 500 + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Object Unknown" def get_actions(client): @@ -162,11 +200,17 @@ def get_actions(client): def add_actions(client, name): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policyId = builder.create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex, + model_name="model1" + uuid4().hex) data = { - "name": name, + "name": name + uuid4().hex, "description": "description of {}".format(name), } - req = client.post("/actions", data=json.dumps(data), + req = client.post("/policies/{}/actions".format(policyId), data=json.dumps(data), headers={'Content-Type': 'application/json'}) actions = utilities.get_json(req.data) return req, actions @@ -174,11 +218,10 @@ def add_actions(client, name): def delete_actions(client): actions = get_actions(client) - for key, value in actions[1]['actions'].items(): - if value['name'] == "testuser": - req = client.delete("/actions/{}".format(key)) - break - return req + value = actions[1]['actions'] + id = list(value.keys())[0] + policy_id = builder.get_policy_id_with_action_assignment() + return client.delete("/policies/{}/actions/{}".format(policy_id, id)) def delete_actions_without_perimeter_id(client): @@ -197,24 +240,34 @@ def test_perimeter_get_actions(): def test_perimeter_add_actions(): client = utilities.register_client() req, actions = add_actions(client, "testuser") - assert req.status_code == 200 value = list(actions["actions"].values())[0] + assert req.status_code == 200 assert "actions" in actions - assert value['name'] == "testuser" + assert value['name'] is not None def test_perimeter_add_actions_without_name(): client = utilities.register_client() - req, actions = add_actions(client, "") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + data = { + "name": "", + "description": "description of {}".format(""), + } + req = client.post("/policies/{}/actions".format("111"), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_perimeter_add_actions_with_name_contain_spaces(): client = utilities.register_client() - req, actions = add_actions(client, "test user") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + data = { + "name": "test user", + "description": "description of {}".format("test user"), + } + req = client.post("/policies/{}/actions".format("111"), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_perimeter_delete_actions(): @@ -226,5 +279,5 @@ def test_perimeter_delete_actions(): def test_perimeter_delete_actions_without_perimeter_id(): client = utilities.register_client() req = delete_actions_without_perimeter_id(client) - assert req.status_code == 500 - + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Action Unknown" diff --git a/moon_manager/tests/unit_python/api/test_policies.py b/moon_manager/tests/unit_python/api/test_policies.py index 40be35e6..cd50f4c7 100644 --- a/moon_manager/tests/unit_python/api/test_policies.py +++ b/moon_manager/tests/unit_python/api/test_policies.py @@ -4,8 +4,9 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. import json -import api.utilities as utilities from uuid import uuid4 +import api.utilities as utilities +from helpers import model_helper def get_policies(client): @@ -15,10 +16,12 @@ def get_policies(client): def add_policies(client, name): + req = model_helper.add_model(model_id="mls_model_id"+uuid4().hex) + model_id = list(req.keys())[0] data = { "name": name, "description": "description of {}".format(name), - "model_id": "modelId", + "model_id": model_id, "genre": "genre" } req = client.post("/policies", data=json.dumps(data), @@ -30,9 +33,8 @@ def add_policies(client, name): def delete_policies(client, name): request, policies = get_policies(client) for key, value in policies['policies'].items(): - if value['name'] == name: - req = client.delete("/policies/{}".format(key)) - break + req = client.delete("/policies/{}".format(key)) + break return req @@ -50,8 +52,8 @@ def test_get_policies(): def test_add_policies(): - client = utilities.register_client() policy_name = "testuser" + uuid4().hex + client = utilities.register_client() req, policies = add_policies(client, policy_name) assert req.status_code == 200 assert isinstance(policies, dict) @@ -59,8 +61,6 @@ def test_add_policies(): assert "policies" in policies assert value['name'] == policy_name assert value["description"] == "description of {}".format(policy_name) - assert value["model_id"] == "modelId" - assert value["genre"] == "genre" def test_delete_policies(): @@ -72,5 +72,6 @@ def test_delete_policies(): def test_delete_policies_without_id(): client = utilities.register_client() req = delete_policies_without_id(client) - assert req.status_code == 500 + assert req.status_code == 400 + assert json.loads(req.data)["message"] == '400: Policy Unknown' diff --git a/moon_manager/tests/unit_python/api/test_rules.py b/moon_manager/tests/unit_python/api/test_rules.py index d12b7186..af1501e4 100644 --- a/moon_manager/tests/unit_python/api/test_rules.py +++ b/moon_manager/tests/unit_python/api/test_rules.py @@ -1,5 +1,8 @@ import api.utilities as utilities import json +from helpers import data_builder as builder +from uuid import uuid4 +from helpers import policy_helper def get_rules(client, policy_id): @@ -8,10 +11,16 @@ def get_rules(client, policy_id): return req, rules -def add_rules(client, policy_id): +def add_rules(client): + sub_id, obj_id, act_id, meta_rule_id, policy_id = builder.create_new_policy("sub_cat" + uuid4().hex, + "obj_cat" + uuid4().hex, + "act_cat" + uuid4().hex) + sub_data_id = builder.create_subject_data(policy_id, sub_id) + obj_data_id = builder.create_object_data(policy_id, obj_id) + act_data_id = builder.create_action_data(policy_id, act_id) data = { - "meta_rule_id": "meta_rule_id1", - "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "meta_rule_id": meta_rule_id, + "rule": [sub_data_id, obj_data_id, act_data_id], "instructions": ( {"decision": "grant"}, ), @@ -23,6 +32,21 @@ def add_rules(client, policy_id): return req, rules +def add_rules_without_policy_id(client): + data = { + "meta_rule_id": "meta_rule_id", + "rule": ["sub_data_id", "obj_data_id", "act_data_id"], + "instructions": ( + {"decision": "grant"}, + ), + "enabled": True + } + req = client.post("/policies/{}/rules".format(None), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + rules = utilities.get_json(req.data) + return req, rules + + def add_rules_without_meta_rule_id(client, policy_id): data = { "meta_rule_id": "", @@ -68,48 +92,57 @@ def test_get_rules(): def test_add_rules(): - policy_id = utilities.get_policy_id() client = utilities.register_client() - req, rules = add_rules(client, policy_id) + req, rules = add_rules(client, ) assert req.status_code == 200 - assert isinstance(rules, dict) - value = rules["rules"] - assert "rules" in rules - id = list(value.keys())[0] - assert value[id]["meta_rule_id"] == "meta_rule_id1" def test_add_rules_without_policy_id(): client = utilities.register_client() - req, rules = add_rules(client, None) - assert req.status_code == 500 + req, rules = add_rules_without_policy_id(client) + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Policy Unknown" def test_add_rules_without_meta_rule_id(): policy_id = utilities.get_policy_id() client = utilities.register_client() req, rules = add_rules_without_meta_rule_id(client, policy_id) - assert req.status_code == 500 - assert json.loads(req.data)["message"] == 'Empty String' + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'meta_rule_id', [Empty String]" def test_add_rules_without_rule(): policy_id = utilities.get_policy_id() client = utilities.register_client() req, rules = add_rules_without_rule(client, policy_id) - assert req.status_code == 500 + assert req.status_code == 400 + assert json.loads(req.data)["message"] == 'Invalid Key :rule not found' -def test_delete_rules(): +def test_delete_rules_with_invalid_parameters(): client = utilities.register_client() rules = delete_rules(client, "", "") - assert rules.status_code == 500 + assert rules.status_code == 404 def test_delete_rules_without_policy_id(): client = utilities.register_client() - policy_id = utilities.get_policy_id() + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = builder.create_new_policy() + sub_data_id = builder.create_subject_data(policy_id, subject_category_id) + obj_data_id = builder.create_object_data(policy_id, object_category_id) + act_data_id = builder.create_action_data(policy_id, action_category_id) + data = { + "meta_rule_id": meta_rule_id, + "rule": [sub_data_id, obj_data_id, act_data_id], + "instructions": ( + {"decision": "grant"}, + ), + "enabled": True + } + client.post("/policies/{}/rules".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) req, added_rules = get_rules(client, policy_id) - id = added_rules["rules"]['rules'][0]['id'] + id = list(added_rules["rules"]["rules"])[0]["id"] rules = delete_rules(client, None, id) assert rules.status_code == 200 diff --git a/moon_manager/tests/unit_python/api/test_unit_models.py b/moon_manager/tests/unit_python/api/test_unit_models.py index 52cb2871..d754b976 100644 --- a/moon_manager/tests/unit_python/api/test_unit_models.py +++ b/moon_manager/tests/unit_python/api/test_unit_models.py @@ -5,6 +5,8 @@ import json import api.utilities as utilities +from helpers import data_builder as builder +from uuid import uuid4 def get_models(client): @@ -14,10 +16,14 @@ def get_models(client): def add_models(client, name): + subject_category_id, object_category_id, action_category_id, meta_rule_id = builder.create_new_meta_rule( + subject_category_name="subject_category"+uuid4().hex, + object_category_name="object_category"+uuid4().hex, action_category_name="action_category"+uuid4().hex, + meta_rule_name="meta_rule" + uuid4().hex) data = { "name": name, "description": "description of {}".format(name), - "meta_rules": ["meta_rule_id1", "meta_rule_id2"] + "meta_rules": [meta_rule_id] } req = client.post("/models", data=json.dumps(data), headers={'Content-Type': 'application/json'}) @@ -26,13 +32,18 @@ def add_models(client, name): def update_model(client, name, model_id): + subject_category_id, object_category_id, action_category_id, meta_rule_id = builder.create_new_meta_rule( + subject_category_name="subject_category" + uuid4().hex, + object_category_name="object_category" + uuid4().hex, action_category_name="action_category" + uuid4().hex, + meta_rule_name="meta_rule" + uuid4().hex) + data = { "name": name, "description": "description of {}".format(name), - "meta_rules": ["meta_rule_id1_update", "meta_rule_id2_update"] + "meta_rules": [meta_rule_id] } req = client.patch("/models/{}".format(model_id), data=json.dumps(data), - headers={'Content-Type': 'application/json'}) + headers={'Content-Type': 'application/json'}) models = utilities.get_json(req.data) return req, models @@ -56,7 +67,7 @@ def update_model_without_meta_rules_ids(client, name): "meta_rules": [] } req = client.patch("/models", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) + headers={'Content-Type': 'application/json'}) models = utilities.get_json(req.data) return req, models @@ -77,7 +88,7 @@ def delete_models_without_id(client): def clean_models(): client = utilities.register_client() - req, models= get_models(client) + req, models = get_models(client) for key, value in models['models'].items(): print(key) print(value) @@ -86,7 +97,7 @@ def clean_models(): def test_get_models(): client = utilities.register_client() - req, models= get_models(client) + req, models = get_models(client) assert req.status_code == 200 assert isinstance(models, dict) assert "models" in models @@ -98,11 +109,10 @@ def test_add_models(): req, models = add_models(client, "testuser") assert req.status_code == 200 assert isinstance(models, dict) - value = list(models["models"].values())[0] + model_id = list(models["models"])[0] assert "models" in models - assert value['name'] == "testuser" - assert value["description"] == "description of {}".format("testuser") - assert value["meta_rules"][0] == "meta_rule_id1" + assert models['models'][model_id]['name'] == "testuser" + assert models['models'][model_id]["description"] == "description of {}".format("testuser") def test_delete_models(): @@ -114,31 +124,32 @@ def test_delete_models(): def test_delete_models_without_id(): client = utilities.register_client() req = delete_models_without_id(client) - assert req.status_code == 500 + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "400: Model Unknown" def test_add_model_with_empty_user(): clean_models() client = utilities.register_client() req, models = add_models(client, "") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "Empty String" + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [Empty String]" def test_add_model_with_user_contain_space(): clean_models() client = utilities.register_client() req, models = add_models(client, "test user") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == "String contains space" + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'name', [String contains space]" def test_add_model_without_meta_rules(): clean_models() client = utilities.register_client() req, meta_rules = add_model_without_meta_rules_ids(client, "testuser") - assert req.status_code == 500 - assert json.loads(req.data)["message"] == 'Empty Container' + assert req.status_code == 400 + assert json.loads(req.data)["message"] == "Key: 'meta_rules', [Empty Container]" def test_update_model(): @@ -148,8 +159,8 @@ def test_update_model(): model_id = list(req[1]['models'])[0] req_update = update_model(client, "testuser", model_id) assert req_update[0].status_code == 200 - value = list(req_update[1]["models"].values())[0] - assert value["meta_rules"][0] == "meta_rule_id1_update" + model_id = list(req_update[1]["models"])[0] + assert req_update[1]["models"][model_id]["meta_rules"][0] is not None delete_models(client, "testuser") @@ -157,19 +168,19 @@ def test_update_meta_rules_without_id(): clean_models() client = utilities.register_client() req_update = update_model(client, "testuser", "") - assert req_update[0].status_code == 500 + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "400: Model Unknown" def test_update_meta_rules_without_user(): client = utilities.register_client() req_update = update_model(client, "", "") - assert req_update[0].status_code == 500 - assert json.loads(req_update[0].data)["message"] == "Empty String" + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "Key: 'name', [Empty String]" def test_update_meta_rules_without_meta_rules(): client = utilities.register_client() req_update = update_model_without_meta_rules_ids(client, "testuser") - assert req_update[0].status_code == 500 - assert json.loads(req_update[0].data)["message"] == "Empty Container" - + assert req_update[0].status_code == 400 + assert json.loads(req_update[0].data)["message"] == "Key: 'meta_rules', [Empty Container]" diff --git a/moon_manager/tests/unit_python/api/utilities.py b/moon_manager/tests/unit_python/api/utilities.py index ce897619..2e51fec8 100644 --- a/moon_manager/tests/unit_python/api/utilities.py +++ b/moon_manager/tests/unit_python/api/utilities.py @@ -1,5 +1,5 @@ import json - +from uuid import uuid4 def get_json(data): return json.loads(data.decode("utf-8")) @@ -13,16 +13,14 @@ def register_client(): def get_policy_id(): - import api.test_policies as policies - client = register_client() - policy_id = '' - req, policy = policies.get_policies(client) - for id in policy['policies']: - if id: - policy_id = id - break - print("policy id {}".format(policy_id)) - if not policy_id: - policies.add_policies(client, "testuser") - policy_id = get_policy_id() + from helpers import policy_helper + value = { + "name": "test_policy"+uuid4().hex, + "model_id": "", + "genre": "authz", + "description": "test", + } + policy_helper.add_policies(value=value) + req = policy_helper.get_policies() + policy_id = list(req.keys())[0] return policy_id diff --git a/moon_manager/tests/unit_python/conftest.py b/moon_manager/tests/unit_python/conftest.py index 902a41a2..d9899231 100644 --- a/moon_manager/tests/unit_python/conftest.py +++ b/moon_manager/tests/unit_python/conftest.py @@ -187,12 +187,14 @@ def no_requests(monkeypatch): 'DELETE', 'http://keystone:5000/v3/auth/tokens', headers={'X-Subject-Token': "111111111"} ) + + def match_request_text(request): + # request.url may be None, or '' prevents a TypeError. + return 'http://keystone:5000/v3/users?name=testuser' in request.url + m.register_uri( - 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + requests_mock.ANY, '/v3/users', + additional_matcher=match_request_text, json={"users": {}} ) m.register_uri( diff --git a/moon_manager/tests/unit_python/helpers/__init__.py b/moon_manager/tests/unit_python/helpers/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/__init__.py diff --git a/moon_manager/tests/unit_python/helpers/assignment_helper.py b/moon_manager/tests/unit_python/helpers/assignment_helper.py new file mode 100644 index 00000000..22a56e38 --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/assignment_helper.py @@ -0,0 +1,49 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +def get_action_assignments(policy_id, action_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_action_assignments("", policy_id, action_id, category_id) + + +def add_action_assignment(policy_id, action_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_action_assignment("", policy_id, action_id, category_id, data_id) + + +def delete_action_assignment(policy_id, action_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action_assignment("", policy_id, action_id, category_id, data_id) + + +def get_object_assignments(policy_id, object_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_object_assignments("", policy_id, object_id, category_id) + + +def add_object_assignment(policy_id, object_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_object_assignment("", policy_id, object_id, category_id, data_id) + + +def delete_object_assignment(policy_id, object_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object_assignment("", policy_id, object_id, category_id, data_id) + + +def get_subject_assignments(policy_id, subject_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subject_assignments("", policy_id, subject_id, category_id) + + +def add_subject_assignment(policy_id, subject_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_subject_assignment("", policy_id, subject_id, category_id, data_id) + + +def delete_subject_assignment(policy_id, subject_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject_assignment("", policy_id, subject_id, category_id, data_id) + diff --git a/moon_manager/tests/unit_python/helpers/category_helper.py b/moon_manager/tests/unit_python/helpers/category_helper.py new file mode 100644 index 00000000..6c419ca8 --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/category_helper.py @@ -0,0 +1,40 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +def add_subject_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_subject_category(user_id=None, category_id=cat_id, value=value) + return category + + +def get_subject_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_subject_categories(user_id=None, category_id=cat_id) + return category + + +def add_object_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_object_category(user_id=None, category_id=cat_id, value=value) + return category + + +def get_object_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_object_categories(user_id=None, category_id=cat_id) + return category + + +def add_action_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_action_category(user_id=None, category_id=cat_id, value=value) + return category + + +def get_action_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_action_categories(user_id=None, category_id=cat_id) + return category diff --git a/moon_manager/tests/unit_python/helpers/data_builder.py b/moon_manager/tests/unit_python/helpers/data_builder.py new file mode 100644 index 00000000..2a7c5979 --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/data_builder.py @@ -0,0 +1,209 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from .category_helper import * +from .policy_helper import * +from .data_helper import * +from helpers import model_helper +from .meta_rule_helper import * +import api.utilities as utilities +import json + + +def create_subject_category(name): + subject_category = add_subject_category( + value={"name": name + uuid4().hex, "description": "description 1"}) + return list(subject_category.keys())[0] + + +def create_object_category(name): + object_category = add_object_category( + value={"name": name + uuid4().hex, "description": "description 1"}) + return list(object_category.keys())[0] + + +def create_action_category(name): + action_category = add_action_category( + value={"name": name + uuid4().hex, "description": "description 1"}) + return list(action_category.keys())[0] + + +def create_model(meta_rule_id, model_name="test_model"): + value = { + "name": model_name + uuid4().hex, + "description": "test", + "meta_rules": [meta_rule_id] + + } + return value + + +def create_policy(model_id, policy_name="policy_1"): + value = { + "name": policy_name, + "model_id": model_id, + "genre": "authz", + "description": "test", + } + return value + + +def create_pdp(policies_ids): + value = { + "name": "test_pdp", + "security_pipeline": policies_ids, + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + return value + + +def create_new_policy(subject_category_name="subjectCategory", object_category_name="objectCategory", + action_category_name="actionCategory", + model_name="test_model" + uuid4().hex, policy_name="policy_1" + uuid4().hex, + meta_rule_name="meta_rule1" + uuid4().hex): + subject_category_id, object_category_id, action_category_id, meta_rule_id = create_new_meta_rule( + subject_category_name=subject_category_name + uuid4().hex, + object_category_name=object_category_name + uuid4().hex, + action_category_name=action_category_name + uuid4().hex, meta_rule_name=meta_rule_name + uuid4().hex) + model = model_helper.add_model(value=create_model(meta_rule_id, model_name)) + model_id = list(model.keys())[0] + value = create_policy(model_id, policy_name) + policy = add_policies(value=value) + assert policy + policy_id = list(policy.keys())[0] + return subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id + + +def create_new_meta_rule(subject_category_name="subjectCategory", object_category_name="objectCategory", + action_category_name="actionCategory", + meta_rule_name="meta_rule1" + uuid4().hex): + subject_category_id = create_subject_category(subject_category_name) + object_category_id = create_object_category(object_category_name) + action_category_id = create_action_category(action_category_name) + value = {"name": meta_rule_name, + "algorithm": "name of the meta rule algorithm", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rule = add_meta_rule(value=value) + return subject_category_id, object_category_id, action_category_id, list(meta_rule.keys())[0] + + +def create_subject(policy_id): + value = { + "name": "testuser" + uuid4().hex, + "description": "test", + } + subject = add_subject(policy_id=policy_id, value=value) + return list(subject.keys())[0] + + +def create_object(policy_id): + value = { + "name": "testobject" + uuid4().hex, + "description": "test", + } + object = add_object(policy_id=policy_id, value=value) + return list(object.keys())[0] + + +def create_action(policy_id): + value = { + "name": "testaction" + uuid4().hex, + "description": "test", + } + action = add_action(policy_id=policy_id, value=value) + return list(action.keys())[0] + + +def create_subject_data(policy_id, category_id): + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = add_subject_data(policy_id=policy_id, category_id=category_id, value=value).get('data') + assert subject_data + return list(subject_data.keys())[0] + + +def create_object_data(policy_id, category_id): + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = add_object_data(policy_id=policy_id, category_id=category_id, value=value).get('data') + return list(object_data.keys())[0] + + +def create_action_data(policy_id, category_id): + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = add_action_data(policy_id=policy_id, category_id=category_id, value=value).get('data') + return list(action_data.keys())[0] + + +def get_policy_id_with_subject_assignment(): + client = utilities.register_client() + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) + subject_id = create_subject(policy_id) + data_id = create_subject_data(policy_id=policy_id, category_id=subject_category_id) + + data = { + "id": subject_id, + "category_id": subject_category_id, + "data_id": data_id + } + client.post("/policies/{}/subject_assignments".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + return policy_id + + +def get_policy_id_with_object_assignment(): + client = utilities.register_client() + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) + object_id = create_object(policy_id) + data_id = create_object_data(policy_id=policy_id, category_id=object_category_id) + + data = { + "id": object_id, + "category_id": object_category_id, + "data_id": data_id + } + + client.post("/policies/{}/object_assignments".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + return policy_id + + +def get_policy_id_with_action_assignment(): + client = utilities.register_client() + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = create_new_policy( + subject_category_name="subject_category1" + uuid4().hex, + object_category_name="object_category1" + uuid4().hex, + action_category_name="action_category1" + uuid4().hex, + meta_rule_name="meta_rule_1" + uuid4().hex) + action_id = create_action(policy_id) + data_id = create_action_data(policy_id=policy_id, category_id=action_category_id) + + data = { + "id": action_id, + "category_id": action_category_id, + "data_id": data_id + } + client.post("/policies/{}/action_assignments".format(policy_id), data=json.dumps(data), + headers={'Content-Type': 'application/json'}) + return policy_id diff --git a/moon_manager/tests/unit_python/helpers/data_helper.py b/moon_manager/tests/unit_python/helpers/data_helper.py new file mode 100644 index 00000000..da6b9376 --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/data_helper.py @@ -0,0 +1,99 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +def get_action_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_action_data("", policy_id, data_id, category_id) + + +def add_action_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_action_data("", policy_id, data_id, category_id, value) + + +def delete_action_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action_data("", policy_id, data_id) + + +def get_object_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_object_data("", policy_id, data_id, category_id) + + +def add_object_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_object_data("", policy_id, data_id, category_id, value) + + +def delete_object_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object_data("", policy_id, data_id) + + +def get_subject_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subject_data("", policy_id, data_id, category_id) + + +def add_subject_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.set_subject_data("", policy_id, data_id, category_id, value) + + +def delete_subject_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject_data("", policy_id, data_id) + + +def get_actions(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_actions("", policy_id, perimeter_id) + + +def add_action(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_action("", policy_id, perimeter_id, value) + + +def delete_action(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action("", policy_id, perimeter_id) + + +def get_objects(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_objects("", policy_id, perimeter_id) + + +def add_object(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_object("", policy_id, perimeter_id, value) + + +def delete_object(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object("", policy_id, perimeter_id) + + +def get_subjects(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subjects("", policy_id, perimeter_id) + + +def add_subject(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_subject("", policy_id, perimeter_id, value) + + +def delete_subject(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject("", policy_id, perimeter_id) + + +def get_available_metadata(policy_id): + from python_moondb.core import PolicyManager + return PolicyManager.get_available_metadata("", policy_id) diff --git a/moon_manager/tests/unit_python/helpers/meta_rule_helper.py b/moon_manager/tests/unit_python/helpers/meta_rule_helper.py new file mode 100644 index 00000000..e882706b --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/meta_rule_helper.py @@ -0,0 +1,49 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from helpers import data_builder as builder +from uuid import uuid4 + + +def set_meta_rule(meta_rule_id, value=None): + from python_moondb.core import ModelManager + if not value: + action_category_id = builder.create_action_category("action_category_id1"+uuid4().hex) + subject_category_id = builder.create_subject_category("subject_category_id1"+uuid4().hex) + object_category_id = builder.create_object_category("object_category_id1"+uuid4().hex) + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + return ModelManager.set_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) + + +def add_meta_rule(meta_rule_id=None, value=None): + from python_moondb.core import ModelManager + if not value: + action_category_id = builder.create_action_category("action_category_id1"+uuid4().hex) + subject_category_id = builder.create_subject_category("subject_category_id1"+uuid4().hex) + object_category_id = builder.create_object_category("object_category_id1"+uuid4().hex) + value = { + "name": "MLS_meta_rule"+uuid4().hex, + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + return ModelManager.add_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) + + +def get_meta_rules(meta_rule_id=None): + from python_moondb.core import ModelManager + return ModelManager.get_meta_rules(user_id=None, meta_rule_id=meta_rule_id) + + +def delete_meta_rules(meta_rule_id=None): + from python_moondb.core import ModelManager + ModelManager.delete_meta_rule(user_id=None, meta_rule_id=meta_rule_id) diff --git a/moon_manager/tests/unit_python/helpers/model_helper.py b/moon_manager/tests/unit_python/helpers/model_helper.py new file mode 100644 index 00000000..d2ffb85b --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/model_helper.py @@ -0,0 +1,51 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from helpers import data_builder as builder +from uuid import uuid4 + + +def get_models(model_id=None): + from python_moondb.core import ModelManager + return ModelManager.get_models(user_id=None, model_id=model_id) + + +def add_model(model_id=None, value=None): + from python_moondb.core import ModelManager + if not value: + subject_category_id, object_category_id, action_category_id, meta_rule_id = builder.create_new_meta_rule( + subject_category_name="subject_category1"+uuid4().hex, + object_category_name="object_category1"+uuid4().hex, + action_category_name="action_category1"+uuid4().hex) + name = "MLS" if model_id is None else "MLS " + model_id + value = { + "name": name, + "description": "test", + "meta_rules": [meta_rule_id] + } + return ModelManager.add_model(user_id=None, model_id=model_id, value=value) + + +def delete_models(uuid=None, name=None): + from python_moondb.core import ModelManager + if not uuid: + for model_id, model_value in get_models(): + if name == model_value['name']: + uuid = model_id + break + ModelManager.delete_model(user_id=None, model_id=uuid) + + +def delete_all_models(): + from python_moondb.core import ModelManager + models_values = get_models() + print(models_values) + for model_id, model_value in models_values.items(): + ModelManager.delete_model(user_id=None, model_id=model_id) + + +def update_model(model_id=None, value=None): + from python_moondb.core import ModelManager + return ModelManager.update_model(user_id=None, model_id=model_id, value=value) diff --git a/moon_manager/tests/unit_python/helpers/pdp_helper.py b/moon_manager/tests/unit_python/helpers/pdp_helper.py new file mode 100644 index 00000000..3d169b06 --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/pdp_helper.py @@ -0,0 +1,23 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +def update_pdp(pdp_id, value): + from python_moondb.core import PDPManager + return PDPManager.update_pdp("", pdp_id, value) + + +def delete_pdp(pdp_id): + from python_moondb.core import PDPManager + PDPManager.delete_pdp("", pdp_id) + + +def add_pdp(pdp_id=None, value=None): + from python_moondb.core import PDPManager + return PDPManager.add_pdp("", pdp_id, value) + + +def get_pdp(pdp_id=None): + from python_moondb.core import PDPManager + return PDPManager.get_pdp("", pdp_id) diff --git a/moon_manager/tests/unit_python/helpers/policy_helper.py b/moon_manager/tests/unit_python/helpers/policy_helper.py new file mode 100644 index 00000000..c932ee3a --- /dev/null +++ b/moon_manager/tests/unit_python/helpers/policy_helper.py @@ -0,0 +1,61 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +def get_policies(): + from python_moondb.core import PolicyManager + return PolicyManager.get_policies("admin") + + +def add_policies(policy_id=None, value=None): + from python_moondb.core import PolicyManager + if not value: + value = { + "name": "test_policy", + "model_id": "", + "genre": "authz", + "description": "test", + } + return PolicyManager.add_policy("admin", policy_id=policy_id, value=value) + + +def delete_policies(uuid=None, name=None): + from python_moondb.core import PolicyManager + if not uuid: + for policy_id, policy_value in get_policies(): + if name == policy_value['name']: + uuid = policy_id + break + PolicyManager.delete_policy("admin", uuid) + + +def update_policy(policy_id, value): + from python_moondb.core import PolicyManager + return PolicyManager.update_policy("admin", policy_id, value) + + +def get_policy_from_meta_rules(meta_rule_id): + from python_moondb.core import PolicyManager + return PolicyManager.get_policy_from_meta_rules("admin", meta_rule_id) + + +def get_rules(policy_id=None, meta_rule_id=None, rule_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_rules("", policy_id, meta_rule_id, rule_id) + + +def add_rule(policy_id=None, meta_rule_id=None, value=None): + from python_moondb.core import PolicyManager + if not value: + value = { + "rule": ("high", "medium", "vm-action"), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + return PolicyManager.add_rule("", policy_id, meta_rule_id, value) + + +def delete_rule(policy_id=None, rule_id=None): + from python_moondb.core import PolicyManager + PolicyManager.delete_rule("", policy_id, rule_id) diff --git a/moon_manager/tests/unit_python/requirements.txt b/moon_manager/tests/unit_python/requirements.txt index 21975ce3..6c6e5bb8 100644 --- a/moon_manager/tests/unit_python/requirements.txt +++ b/moon_manager/tests/unit_python/requirements.txt @@ -2,4 +2,4 @@ flask flask_cors flask_restful python_moondb -python_moonutilities
\ No newline at end of file +python_moonutilities |