aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/tests/02_smpolicy_chaining_overhead
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/tests/02_smpolicy_chaining_overhead')
-rw-r--r--moonv4/tests/02_smpolicy_chaining_overhead/exec.sh22
-rw-r--r--moonv4/tests/02_smpolicy_chaining_overhead/plot.sh20
-rw-r--r--moonv4/tests/02_smpolicy_chaining_overhead/rbac_10.py233
-rw-r--r--moonv4/tests/02_smpolicy_chaining_overhead/rbac_20.py371
-rw-r--r--moonv4/tests/02_smpolicy_chaining_overhead/session_10.py389
-rw-r--r--moonv4/tests/02_smpolicy_chaining_overhead/session_20.py744
6 files changed, 1779 insertions, 0 deletions
diff --git a/moonv4/tests/02_smpolicy_chaining_overhead/exec.sh b/moonv4/tests/02_smpolicy_chaining_overhead/exec.sh
new file mode 100644
index 00000000..3a10ef4a
--- /dev/null
+++ b/moonv4/tests/02_smpolicy_chaining_overhead/exec.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+TEST_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/set_authz.py
+POPULATE_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/populate_default_values.py
+RESULT_DIR=${MOON_HOME}/tests/02_smpolicy_chaining_overhead/10_users_rbac
+SCENARIO_RBAC=${MOON_HOME}/tests/02_smpolicy_chaining_overhead/rbac_10.py
+SCENARIO_SESSION=${MOON_HOME}/tests/02_smpolicy_chaining_overhead/session.py
+
+mkdir -p ${RESULT_DIR} 2>/dev/null
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_1.json" --write-html="${RESULT_DIR}/data_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_2.json" --write-html="${RESULT_DIR}/data_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_3.json" --write-html="${RESULT_DIR}/data_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_4.json" --write-html="${RESULT_DIR}/data_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_5.json" --write-html="${RESULT_DIR}/data_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_10.json" --write-html="${RESULT_DIR}/data_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_15.json" --write-html="${RESULT_DIR}/data_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_20.json" --write-html="${RESULT_DIR}/data_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_25.json" --write-html="${RESULT_DIR}/data_25.html" ${SCENARIO_RBAC}
diff --git a/moonv4/tests/02_smpolicy_chaining_overhead/plot.sh b/moonv4/tests/02_smpolicy_chaining_overhead/plot.sh
new file mode 100644
index 00000000..e67babce
--- /dev/null
+++ b/moonv4/tests/02_smpolicy_chaining_overhead/plot.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+DIR=$1
+
+cd ${DIR}
+
+python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+ --input="data_1.json,data_2.json,data_3.json,data_4.json,data_5.json,data_10.json,data_15.json,data_20.json" \
+ --legend="1 req/s,2 req/s,3 req/s,4 req/s,5 req/s,10 req/s,15 req/s,20 req/s" \
+ --plot-result="Deny" \
+ --plot-average \
+ -d
+#python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+# --input="data_1.json,data_5.json,data_10.json,data_15.json,data_20.json" \
+# --legend="1 req/s,5 req/s,10 req/s,15 req/s,20 req/s" \
+# -d
+#python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+# --input="data_1.json,data_2.json,data_3.json,data_4.json,data_5.json,data_10.json,data_15.json,data_20.json,data_25.json" \
+# --legend="1 req/s,2 req/s,3 req/s,4 req/s,5 req/s,10 req/s,15 req/s,20 req/s,25 req/s" \
+# -d
diff --git a/moonv4/tests/02_smpolicy_chaining_overhead/rbac_10.py b/moonv4/tests/02_smpolicy_chaining_overhead/rbac_10.py
new file mode 100644
index 00000000..ef5dd9b2
--- /dev/null
+++ b/moonv4/tests/02_smpolicy_chaining_overhead/rbac_10.py
@@ -0,0 +1,233 @@
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
diff --git a/moonv4/tests/02_smpolicy_chaining_overhead/rbac_20.py b/moonv4/tests/02_smpolicy_chaining_overhead/rbac_20.py
new file mode 100644
index 00000000..b1a72769
--- /dev/null
+++ b/moonv4/tests/02_smpolicy_chaining_overhead/rbac_20.py
@@ -0,0 +1,371 @@
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+ "user10": ({"role": "employee"}, {"role": "*"}),
+ "user11": ({"role": "employee"}, {"role": "*"}),
+ "user12": ({"role": "dev3"}, {"role": "*"}),
+ "user13": ({"role": "dev3"}, {"role": "*"}),
+ "user14": ({"role": "dev4"}, {"role": "*"}),
+ "user15": ({"role": "dev4"}, {"role": "*"}),
+ "user16": ({"role": "dev5"}, {"role": "*"}),
+ "user17": ({"role": "dev6"}, {"role": "*"}),
+ "user18": ({"role": "dev7"}, {"role": "*"}),
+ "user19": ({"role": "dev8"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev3 to do read actions to some VM
+ {
+ "rule": ("dev3", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev4 to do read actions to some VM
+ {
+ "rule": ("dev4", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev5 to do read actions to some VM
+ {
+ "rule": ("dev5", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev6 to do read actions to some VM
+ {
+ "rule": ("dev6", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
diff --git a/moonv4/tests/02_smpolicy_chaining_overhead/session_10.py b/moonv4/tests/02_smpolicy_chaining_overhead/session_10.py
new file mode 100644
index 00000000..5b4a64b6
--- /dev/null
+++ b/moonv4/tests/02_smpolicy_chaining_overhead/session_10.py
@@ -0,0 +1,389 @@
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev2": "", }
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
diff --git a/moonv4/tests/02_smpolicy_chaining_overhead/session_20.py b/moonv4/tests/02_smpolicy_chaining_overhead/session_20.py
new file mode 100644
index 00000000..d548f29e
--- /dev/null
+++ b/moonv4/tests/02_smpolicy_chaining_overhead/session_20.py
@@ -0,0 +1,744 @@
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev3": "",
+ "dev4": "", "dev5": "", "dev6": "", "dev7": "", "dev8": ""}
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+ "user10": ({"subjectid": "user10"}, ),
+ "user11": ({"subjectid": "user11"}, ),
+ "user12": ({"subjectid": "user12"}, ),
+ "user13": ({"subjectid": "user13"}, ),
+ "user14": ({"subjectid": "user14"}, ),
+ "user15": ({"subjectid": "user15"}, ),
+ "user16": ({"subjectid": "user16"}, ),
+ "user17": ({"subjectid": "user17"}, ),
+ "user18": ({"subjectid": "user18"}, ),
+ "user19": ({"subjectid": "user19"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ "dev3": ({"role": "employee"}, {"role": "dev3"}, {"role": "*"}),
+ "dev4": ({"role": "employee"}, {"role": "dev4"}, {"role": "*"}),
+ "dev5": ({"role": "employee"}, {"role": "dev5"}, {"role": "*"}),
+ "dev6": ({"role": "employee"}, {"role": "dev6"}, {"role": "*"}),
+ "dev7": ({"role": "employee"}, {"role": "dev7"}, {"role": "*"}),
+ "dev8": ({"role": "employee"}, {"role": "dev8"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user10", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user11", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+