aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_interface/tests/apitests/scenario/session.py
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_interface/tests/apitests/scenario/session.py')
-rw-r--r--moonv4/moon_interface/tests/apitests/scenario/session.py55
1 files changed, 55 insertions, 0 deletions
diff --git a/moonv4/moon_interface/tests/apitests/scenario/session.py b/moonv4/moon_interface/tests/apitests/scenario/session.py
new file mode 100644
index 00000000..6b7e0f18
--- /dev/null
+++ b/moonv4/moon_interface/tests/apitests/scenario/session.py
@@ -0,0 +1,55 @@
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+
+subjects = {"user0": "", "user1": "", }
+objects = {"admin": "", "employee": "", }
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {"user0": "", "user1": ""}}
+object_data = {"role": {"admin": "", "employee": ""}}
+action_data = {"session-action": {"activate": "", "deactivate": ""}}
+
+subject_assignments = {"user0": {"subjectid": "user0"}, "user1": {"subjectid": "user1"}, }
+object_assignments = {"admin": {"role": "admin"}, "employee": {"role": "employee"}}
+action_assignments = {"activate": {"session-action": "activate"}, "deactivate": {"session-action": "deactivate"}}
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "admin", "activate"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "deactivate"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+