diff options
Diffstat (limited to 'moonv4/moon_interface/tests/apitests/scenario/session.py')
-rw-r--r-- | moonv4/moon_interface/tests/apitests/scenario/session.py | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/moonv4/moon_interface/tests/apitests/scenario/session.py b/moonv4/moon_interface/tests/apitests/scenario/session.py index 6b7e0f18..97d7aec3 100644 --- a/moonv4/moon_interface/tests/apitests/scenario/session.py +++ b/moonv4/moon_interface/tests/apitests/scenario/session.py @@ -2,6 +2,7 @@ pdp_name = "pdp1" policy_name = "Session policy example" model_name = "Session" +policy_genre = "session" subjects = {"user0": "", "user1": "", } objects = {"admin": "", "employee": "", } @@ -12,12 +13,16 @@ object_categories = {"role": "", } action_categories = {"session-action": "", } subject_data = {"subjectid": {"user0": "", "user1": ""}} -object_data = {"role": {"admin": "", "employee": ""}} -action_data = {"session-action": {"activate": "", "deactivate": ""}} +object_data = {"role": {"admin": "", "employee": "", "*": ""}} +action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}} -subject_assignments = {"user0": {"subjectid": "user0"}, "user1": {"subjectid": "user1"}, } -object_assignments = {"admin": {"role": "admin"}, "employee": {"role": "employee"}} -action_assignments = {"activate": {"session-action": "activate"}, "deactivate": {"session-action": "deactivate"}} +subject_assignments = {"user0": ({"subjectid": "user0"}, ), "user1": ({"subjectid": "user1"}, ), } +object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}), + "employee": ({"role": "employee"}, {"role": "employee"}) + } +action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ), + "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, ) + } meta_rule = { "session": {"id": "", "value": ("subjectid", "role", "session-action")}, @@ -26,7 +31,7 @@ meta_rule = { rules = { "session": ( { - "rule": ("user0", "admin", "activate"), + "rule": ("user0", "employee", "*"), "instructions": ( { "update": { @@ -34,11 +39,11 @@ rules = { "target": "rbac:role:admin" # add the role admin to the current user } }, - {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac + {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac ) }, { - "rule": ("user1", "employee", "deactivate"), + "rule": ("user1", "employee", "*"), "instructions": ( { "update": { @@ -46,7 +51,7 @@ rules = { "target": "rbac:role:employee" # delete the role employee from the current user } }, - {"chain": [{"security_pipeline": "rbac"}]} # chain with the meta_rule named rbac + {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac ) }, ) |