aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/tests
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/tests')
-rw-r--r--moonv4/tests/get_keystone_projects.py16
-rw-r--r--moonv4/tests/performance/README.md69
-rw-r--r--moonv4/tests/populate_default_values.py37
-rw-r--r--moonv4/tests/scenario/delegation.py40
-rw-r--r--moonv4/tests/scenario/mls.py54
-rw-r--r--moonv4/tests/scenario/rbac.py44
-rw-r--r--moonv4/tests/scenario/rbac_custom_100.py89
-rw-r--r--moonv4/tests/scenario/rbac_custom_1000.py89
-rw-r--r--moonv4/tests/scenario/rbac_custom_50.py89
-rw-r--r--moonv4/tests/scenario/rbac_large.py233
-rw-r--r--moonv4/tests/scenario/rbac_mls.py50
-rw-r--r--moonv4/tests/scenario/session.py60
-rw-r--r--moonv4/tests/scenario/session_large.py389
-rw-r--r--moonv4/tests/send_authz.py32
14 files changed, 0 insertions, 1291 deletions
diff --git a/moonv4/tests/get_keystone_projects.py b/moonv4/tests/get_keystone_projects.py
deleted file mode 100644
index 9b5d87cd..00000000
--- a/moonv4/tests/get_keystone_projects.py
+++ /dev/null
@@ -1,16 +0,0 @@
-from python_moonclient import parse, models, policies, pdp
-
-
-if __name__ == "__main__":
- args = parse.parse()
- consul_host = args.consul_host
- consul_port = args.consul_port
-
- models.init(consul_host, consul_port)
- policies.init(consul_host, consul_port)
- pdp.init(consul_host, consul_port)
-
- projects = pdp.get_keystone_projects()
-
- for _project in projects['projects']:
- print("{} {}".format(_project['id'], _project['name']))
diff --git a/moonv4/tests/performance/README.md b/moonv4/tests/performance/README.md
deleted file mode 100644
index 52613d2c..00000000
--- a/moonv4/tests/performance/README.md
+++ /dev/null
@@ -1,69 +0,0 @@
-# Moon Yardstick and Bottlenecks Performance Tests
-
-The main objective of this document is to describe the performance tests for the Moon project/module.
-Moon is a security managment platform which provides a set of security functions to project the underlying OPNFV infrastructure and/or VNFs.
-Moon is consisted of 2 parts: a master and a set of slaves. The master holds all security-related information and each slave only fetches and holds
-related informations for its local usage from master.
-
-## Moon Master Performance Tests
-In this test, we should:
-- setup a Moon master service on a physical server
-- create a tenant/scope through the Moon master service
-- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant
-
-- increase N to find the limit of the security policy (implemented in format of a Docker)
- - create N users and N resources (VMs in our case) in this tenant
- - simulate 2 operation requests per user per second to Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, determine the capacity limit for one Docker
-
-- setup 20 user and 20 resources (VMs in our case) for one tenant
- - increase the number of tenants to test the maximal number of tenants on the server
-
-- setup 5 tenants of N users and N resources (VMs in our case) in each tenant
- - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server
-
-- setup 10 tenants of N users and N resources (VMs in our case) in each tenant
- - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server
-
-- setup 20 tenants of N users and N resources (VMs in our case) in each tenant
- - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server
-
-## Moon Slave Performace Tests
-In this test, we should:
-- setup a Moon master service on a physical server
-- setup a Moon slave service on a physical server
-- create a tenant/scope through the Moon master service
-- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant through the Moon master service
-
-- increase N to find the limit of the security policy (implemented in format of a Docker)
- - create N users and N resources (VMs in our case) in this tenant
- - simulate 2 operation requests per user per second to Moon slave's authorizatoin endpoint
- - gather performance metrics like CPU, memory, network usages of Moon slave
- - throught the iteration, dermine the capacity limit for one Docker of Moon slave
-
-- setup 20 user and 20 resources (VMs in our case) for one tenant through the Moon slave service
- - increate the number of tenants to test the maximal number of tenants on the server of the Moon slave
-
-- setup 5 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service
- - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint
- - gather performance metrics like CPU, memory, network usages of both Moon master and Moon slave
- - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server of Moon slave
-
-- setup 10 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service
- - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint
- - gather performance metrics like CPU, memory, network usages of both Moon master and slave
- - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server of the Moon slave
-
-- setup 20 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service
- - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint
- - gather performance metrics like CPU, memory, network usages of both Moon master and slave
- - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server of the Moon slave
-
-
diff --git a/moonv4/tests/populate_default_values.py b/moonv4/tests/populate_default_values.py
deleted file mode 100644
index d5a5769b..00000000
--- a/moonv4/tests/populate_default_values.py
+++ /dev/null
@@ -1,37 +0,0 @@
-import logging
-from importlib.machinery import SourceFileLoader
-from python_moonclient import parse, models, policies, pdp
-
-logger = logging.getLogger("moonforming")
-
-
-if __name__ == "__main__":
- requests_log = logging.getLogger("requests.packages.urllib3")
- requests_log.setLevel(logging.WARNING)
- requests_log.propagate = True
-
- args = parse.parse()
- consul_host = args.consul_host
- consul_port = args.consul_port
- project_id = args.keystone_pid
-
- models.init(consul_host, consul_port)
- policies.init(consul_host, consul_port)
- pdp.init(consul_host, consul_port)
-
- if args.filename:
- print("Loading: {}".format(args.filename[0]))
- m = SourceFileLoader("scenario", args.filename[0])
- scenario = m.load_module()
-
- _models = models.check_model()
- for _model_id, _model_value in _models['models'].items():
- if _model_value['name'] == scenario.model_name:
- model_id = _model_id
- meta_rule_list = _model_value['meta_rules']
- models.create_model(scenario, model_id)
- break
- else:
- model_id, meta_rule_list = models.create_model(scenario)
- policy_id = policies.create_policy(scenario, model_id, meta_rule_list)
- pdp_id = pdp.create_pdp(scenario, policy_id=policy_id, project_id=project_id)
diff --git a/moonv4/tests/scenario/delegation.py b/moonv4/tests/scenario/delegation.py
deleted file mode 100644
index 839e74ce..00000000
--- a/moonv4/tests/scenario/delegation.py
+++ /dev/null
@@ -1,40 +0,0 @@
-
-pdp_name = "pdp1"
-policy_name = "Delegation policy example"
-model_name = "Delegation"
-
-subjects = {"user0": "", }
-objects = {"user1": "", }
-actions = {"delegate": ""}
-
-subject_categories = {"subjectid": "", }
-object_categories = {"delegated": "", }
-action_categories = {"delegation-action": "", }
-
-subject_data = {"subjectid": {"user0": ""}}
-object_data = {"delegated": {"user1": ""}}
-action_data = {"delegation-action": {"delegate": ""}}
-
-subject_assignments = {"user0": {"subjectid": "user0"}}
-object_assignments = {"user1": {"delegated": "user1"}}
-action_assignments = {"delegate": {"delegation-action": "delegate"}}
-
-meta_rule = {
- "session": {"id": "", "value": ("subjectid", "delegated", "delegation-action")},
-}
-
-rules = {
- "session": (
- {
- "rule": ("user0", "user1", "delegate"),
- "instructions": (
- {
- "update": {"request:subject": "user1"} # update the current user with "user1"
- },
- {"chain": {"security_pipeline": "rbac"}}
- )
- },
- )
-}
-
-
diff --git a/moonv4/tests/scenario/mls.py b/moonv4/tests/scenario/mls.py
deleted file mode 100644
index 3a3ded43..00000000
--- a/moonv4/tests/scenario/mls.py
+++ /dev/null
@@ -1,54 +0,0 @@
-
-pdp_name = "pdp1"
-policy_name = "MLS Policy example"
-model_name = "MLS"
-
-subjects = {"user0": "", "user1": "", "user2": "", }
-objects = {"vm0": "", "vm1": "", }
-actions = {"start": "", "stop": ""}
-
-subject_categories = {"subject-security-level": "", }
-object_categories = {"object-security-level": "", }
-action_categories = {"action-type": "", }
-
-subject_data = {
- "subject-security-level": {"low": "", "medium": "", "high": ""},
-}
-object_data = {
- "object-security-level": {"low": "", "medium": "", "high": ""},
-}
-action_data = {"action-type": {"vm-action": "", "storage-action": "", }}
-
-subject_assignments = {
- "user0": {"subject-security-level": "high"},
- "user1": {"subject-security-level": "medium"},
-}
-object_assignments = {
- "vm0": {"object-security-level": "medium"},
- "vm1": {"object-security-level": "low"},
-}
-action_assignments = {
- "start": {"action-type": "vm-action"},
- "stop": {"action-type": "vm-action"}
-}
-
-meta_rule = {
- "mls": {"id": "", "value": ("subject-security-level", "object-security-level", "action-type")},
-}
-
-rules = {
- "mls": (
- {
- "rules": ("high", "medium", "vm-action"),
- "instructions": ({"decision": "grant"})
- },
- {
- "rules": ("high", "low", "vm-action"),
- "instructions": ({"decision": "grant"})
- },
- {
- "rules": ("medium", "low", "vm-action"),
- "instructions": ({"decision": "grant"})
- },
- )
-}
diff --git a/moonv4/tests/scenario/rbac.py b/moonv4/tests/scenario/rbac.py
deleted file mode 100644
index 89fd7de8..00000000
--- a/moonv4/tests/scenario/rbac.py
+++ /dev/null
@@ -1,44 +0,0 @@
-
-pdp_name = "pdp1"
-policy_name = "RBAC policy example"
-model_name = "RBAC"
-policy_genre = "authz"
-
-subjects = {"user0": "", "user1": "", }
-objects = {"vm0": "", "vm1": "", }
-actions = {"start": "", "stop": ""}
-
-subject_categories = {"role": "", }
-object_categories = {"id": "", }
-action_categories = {"action-type": "", }
-
-subject_data = {"role": {"admin": "", "employee": "", "*": ""}}
-object_data = {"id": {"vm0": "", "vm1": "", "*": ""}}
-action_data = {"action-type": {"vm-action": "", "*": ""}}
-
-subject_assignments = {"user0": ({"role": "employee"}, {"role": "*"}), "user1": ({"role": "employee"}, {"role": "*"}), }
-object_assignments = {"vm0": ({"id": "vm0"}, {"id": "*"}), "vm1": ({"id": "vm1"}, {"id": "*"})}
-action_assignments = {"start": ({"action-type": "vm-action"}, {"action-type": "*"}), "stop": ({"action-type": "vm-action"}, {"action-type": "*"})}
-
-meta_rule = {
- "rbac": {"id": "", "value": ("role", "id", "action-type")},
-}
-
-rules = {
- "rbac": (
- {
- "rule": ("admin", "vm0", "vm-action"),
- "instructions": (
- {"decision": "grant"}, # "grant" to immediately exit, "continue" to wait for the result of next policy
- )
- },
- {
- "rule": ("employee", "vm1", "vm-action"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- )
-}
-
-
diff --git a/moonv4/tests/scenario/rbac_custom_100.py b/moonv4/tests/scenario/rbac_custom_100.py
deleted file mode 100644
index 9ee55dbd..00000000
--- a/moonv4/tests/scenario/rbac_custom_100.py
+++ /dev/null
@@ -1,89 +0,0 @@
-import random
-
-pdp_name = "pdp_100"
-policy_name = "RBAC policy example 100 users"
-model_name = "RBAC"
-policy_genre = "authz"
-
-SUBJECT_NUMBER = 100
-OBJECT_NUMBER = 100
-ROLE_NUMBER = 50
-
-subjects = {}
-for _id in range(SUBJECT_NUMBER):
- subjects["user{}".format(_id)] = ""
-objects = {}
-for _id in range(OBJECT_NUMBER):
- objects["vm{}".format(_id)] = ""
-actions = {
- "start": "",
- "stop": "",
- "pause": "",
- "unpause": "",
- "destroy": "",
-}
-
-subject_categories = {"role": "", }
-object_categories = {"id": "", }
-action_categories = {"action-type": "", }
-
-subject_data = {"role": {"admin": "", "*": ""}}
-for _id in range(ROLE_NUMBER):
- subject_data["role"]["role{}".format(_id)] = ""
-object_data = {"id": {"*": ""}}
-for _id in range(OBJECT_NUMBER):
- object_data["id"]["vm{}".format(_id)] = ""
-action_data = {"action-type": {
- "vm-read": "",
- "vm-write": "",
- "*": ""
-}}
-
-subject_assignments = {}
-for _id in range(SUBJECT_NUMBER):
- _role = "role{}".format(random.randrange(ROLE_NUMBER))
- subject_assignments["user{}".format(_id)] = [{"role": _role}, {"role": "*"}]
-object_assignments = {"vm0": ({"id": "vm0"}, {"id": "*"}), "vm1": ({"id": "vm1"}, {"id": "*"})}
-for _id in range(OBJECT_NUMBER):
- object_assignments["vm{}".format(_id)] = [{"id": "vm{}".format(_id)}, {"id": "*"}]
-action_assignments = {
- "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
-}
-
-meta_rule = {
- "rbac": {"id": "", "value": ("role", "id", "action-type")},
-}
-
-rules = {
- "rbac": [
- {
- "rule": ("admin", "vm0", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("admin", "vm0", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- ]
-}
-
-for _id in range(SUBJECT_NUMBER):
- _role = "role{}".format(random.randrange(ROLE_NUMBER))
- _vm = "vm{}".format(random.randrange(OBJECT_NUMBER))
- _action = random.choice(list(action_data['action-type'].keys()))
- rules["rbac"].append(
- {
- "rule": (_role, _vm, _action),
- "instructions": (
- {"decision": "grant"},
- )
- },
- )
diff --git a/moonv4/tests/scenario/rbac_custom_1000.py b/moonv4/tests/scenario/rbac_custom_1000.py
deleted file mode 100644
index d6850485..00000000
--- a/moonv4/tests/scenario/rbac_custom_1000.py
+++ /dev/null
@@ -1,89 +0,0 @@
-import random
-
-pdp_name = "pdp_1000"
-policy_name = "RBAC policy example 1000 users"
-model_name = "RBAC"
-policy_genre = "authz"
-
-SUBJECT_NUMBER = 1000
-OBJECT_NUMBER = 500
-ROLE_NUMBER = 50
-
-subjects = {}
-for _id in range(SUBJECT_NUMBER):
- subjects["user{}".format(_id)] = ""
-objects = {}
-for _id in range(OBJECT_NUMBER):
- objects["vm{}".format(_id)] = ""
-actions = {
- "start": "",
- "stop": "",
- "pause": "",
- "unpause": "",
- "destroy": "",
-}
-
-subject_categories = {"role": "", }
-object_categories = {"id": "", }
-action_categories = {"action-type": "", }
-
-subject_data = {"role": {"admin": "", "*": ""}}
-for _id in range(ROLE_NUMBER):
- subject_data["role"]["role{}".format(_id)] = ""
-object_data = {"id": {"*": ""}}
-for _id in range(OBJECT_NUMBER):
- object_data["id"]["vm{}".format(_id)] = ""
-action_data = {"action-type": {
- "vm-read": "",
- "vm-write": "",
- "*": ""
-}}
-
-subject_assignments = {}
-for _id in range(SUBJECT_NUMBER):
- _role = "role{}".format(random.randrange(ROLE_NUMBER))
- subject_assignments["user{}".format(_id)] = [{"role": _role}, {"role": "*"}]
-object_assignments = {"vm0": ({"id": "vm0"}, {"id": "*"}), "vm1": ({"id": "vm1"}, {"id": "*"})}
-for _id in range(OBJECT_NUMBER):
- object_assignments["vm{}".format(_id)] = [{"id": "vm{}".format(_id)}, {"id": "*"}]
-action_assignments = {
- "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
-}
-
-meta_rule = {
- "rbac": {"id": "", "value": ("role", "id", "action-type")},
-}
-
-rules = {
- "rbac": [
- {
- "rule": ("admin", "vm0", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("admin", "vm0", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- ]
-}
-
-for _id in range(SUBJECT_NUMBER):
- _role = "role{}".format(random.randrange(ROLE_NUMBER))
- _vm = "vm{}".format(random.randrange(OBJECT_NUMBER))
- _action = random.choice(list(action_data['action-type'].keys()))
- rules["rbac"].append(
- {
- "rule": (_role, _vm, _action),
- "instructions": (
- {"decision": "grant"},
- )
- },
- )
diff --git a/moonv4/tests/scenario/rbac_custom_50.py b/moonv4/tests/scenario/rbac_custom_50.py
deleted file mode 100644
index e1437cf4..00000000
--- a/moonv4/tests/scenario/rbac_custom_50.py
+++ /dev/null
@@ -1,89 +0,0 @@
-import random
-
-pdp_name = "pdp_50"
-policy_name = "RBAC policy example 50 users"
-model_name = "RBAC"
-policy_genre = "authz"
-
-SUBJECT_NUMBER = 50
-OBJECT_NUMBER = 50
-ROLE_NUMBER = 10
-
-subjects = {}
-for _id in range(SUBJECT_NUMBER):
- subjects["user{}".format(_id)] = ""
-objects = {}
-for _id in range(OBJECT_NUMBER):
- objects["vm{}".format(_id)] = ""
-actions = {
- "start": "",
- "stop": "",
- "pause": "",
- "unpause": "",
- "destroy": "",
-}
-
-subject_categories = {"role": "", }
-object_categories = {"id": "", }
-action_categories = {"action-type": "", }
-
-subject_data = {"role": {"admin": "", "*": ""}}
-for _id in range(ROLE_NUMBER):
- subject_data["role"]["role{}".format(_id)] = ""
-object_data = {"id": {"*": ""}}
-for _id in range(OBJECT_NUMBER):
- object_data["id"]["vm{}".format(_id)] = ""
-action_data = {"action-type": {
- "vm-read": "",
- "vm-write": "",
- "*": ""
-}}
-
-subject_assignments = {}
-for _id in range(SUBJECT_NUMBER):
- _role = "role{}".format(random.randrange(ROLE_NUMBER))
- subject_assignments["user{}".format(_id)] = [{"role": _role}, {"role": "*"}]
-object_assignments = {"vm0": ({"id": "vm0"}, {"id": "*"}), "vm1": ({"id": "vm1"}, {"id": "*"})}
-for _id in range(OBJECT_NUMBER):
- object_assignments["vm{}".format(_id)] = [{"id": "vm{}".format(_id)}, {"id": "*"}]
-action_assignments = {
- "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
-}
-
-meta_rule = {
- "rbac": {"id": "", "value": ("role", "id", "action-type")},
-}
-
-rules = {
- "rbac": [
- {
- "rule": ("admin", "vm0", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("admin", "vm0", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- ]
-}
-
-for _id in range(SUBJECT_NUMBER):
- _role = "role{}".format(random.randrange(ROLE_NUMBER))
- _vm = "vm{}".format(random.randrange(OBJECT_NUMBER))
- _action = random.choice(list(action_data['action-type'].keys()))
- rules["rbac"].append(
- {
- "rule": (_role, _vm, _action),
- "instructions": (
- {"decision": "grant"},
- )
- },
- )
diff --git a/moonv4/tests/scenario/rbac_large.py b/moonv4/tests/scenario/rbac_large.py
deleted file mode 100644
index ef5dd9b2..00000000
--- a/moonv4/tests/scenario/rbac_large.py
+++ /dev/null
@@ -1,233 +0,0 @@
-
-pdp_name = "pdp1"
-policy_name = "RBAC policy example"
-model_name = "RBAC"
-policy_genre = "authz"
-
-subjects = {
- "user0": "",
- "user1": "",
- "user2": "",
- "user3": "",
- "user4": "",
- "user5": "",
- "user6": "",
- "user7": "",
- "user8": "",
- "user9": "",
-}
-objects = {
- "vm0": "",
- "vm1": "",
- "vm2": "",
- "vm3": "",
- "vm4": "",
- "vm5": "",
- "vm6": "",
- "vm7": "",
- "vm8": "",
- "vm9": "",
-}
-actions = {
- "start": "",
- "stop": "",
- "pause": "",
- "unpause": "",
- "destroy": "",
-}
-
-subject_categories = {"role": "", }
-object_categories = {"id": "", }
-action_categories = {"action-type": "", }
-
-subject_data = {"role": {
- "admin": "",
- "employee": "",
- "dev1": "",
- "dev2": "",
- "*": ""
-}}
-object_data = {"id": {
- "vm0": "",
- "vm1": "",
- "vm2": "",
- "vm3": "",
- "vm4": "",
- "vm5": "",
- "vm6": "",
- "vm7": "",
- "vm8": "",
- "vm9": "",
- "*": ""
-}}
-action_data = {"action-type": {
- "vm-read": "",
- "vm-write": "",
- "*": ""
-}}
-
-subject_assignments = {
- "user0": ({"role": "employee"}, {"role": "*"}),
- "user1": ({"role": "employee"}, {"role": "*"}),
- "user2": ({"role": "dev1"}, {"role": "*"}),
- "user3": ({"role": "dev1"}, {"role": "*"}),
- "user4": ({"role": "dev1"}, {"role": "*"}),
- "user5": ({"role": "dev1"}, {"role": "*"}),
- "user6": ({"role": "dev2"}, {"role": "*"}),
- "user7": ({"role": "dev2"}, {"role": "*"}),
- "user8": ({"role": "dev2"}, {"role": "*"}),
- "user9": ({"role": "dev2"}, {"role": "*"}),
-}
-object_assignments = {
- "vm0": ({"id": "vm0"}, {"id": "*"}),
- "vm1": ({"id": "vm1"}, {"id": "*"}),
- "vm2": ({"id": "vm2"}, {"id": "*"}),
- "vm3": ({"id": "vm3"}, {"id": "*"}),
- "vm4": ({"id": "vm4"}, {"id": "*"}),
- "vm5": ({"id": "vm5"}, {"id": "*"}),
- "vm6": ({"id": "vm6"}, {"id": "*"}),
- "vm7": ({"id": "vm7"}, {"id": "*"}),
- "vm8": ({"id": "vm8"}, {"id": "*"}),
- "vm9": ({"id": "vm9"}, {"id": "*"}),
-}
-action_assignments = {
- "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
- "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
- "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
-}
-
-meta_rule = {
- "rbac": {"id": "", "value": ("role", "id", "action-type")},
-}
-
-rules = {
- "rbac": (
- {
- "rule": ("admin", "vm0", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("admin", "vm0", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- # Rules for grant all employee to do read actions to all VM except vm0
- {
- "rule": ("employee", "vm1", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm2", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm3", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm4", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm5", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm6", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm7", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm8", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("employee", "vm9", "vm-read"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- # Rules for grant all dev1 to do read actions to some VM
- {
- "rule": ("dev1", "vm1", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("dev1", "vm2", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("dev1", "vm3", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("dev1", "vm4", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- # Rules for grant all dev2 to do read actions to some VM
- {
- "rule": ("dev2", "vm5", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("dev2", "vm6", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("dev2", "vm7", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("dev2", "vm8", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- {
- "rule": ("dev2", "vm9", "vm-write"),
- "instructions": (
- {"decision": "grant"},
- )
- },
- )
-}
-
-
diff --git a/moonv4/tests/scenario/rbac_mls.py b/moonv4/tests/scenario/rbac_mls.py
deleted file mode 100644
index 8a5362ea..00000000
--- a/moonv4/tests/scenario/rbac_mls.py
+++ /dev/null
@@ -1,50 +0,0 @@
-
-pdp_name = "pdp1"
-policy_name = "Multi policy example"
-model_name = "RBAC"
-
-subjects = {"user0": "", "user1": "", "user2": "", }
-objects = {"vm0": "", "vm1": "", }
-actions = {"start": "", "stop": ""}
-
-subject_categories = {"role": "", "subject-security-level": "", }
-object_categories = {"id": "", "object-security-level": "", }
-action_categories = {"action-type": "", }
-
-subject_data = {
- "role": {"admin": "", "employee": ""},
- "subject-security-level": {"low": "", "medium": "", "high": ""},
-}
-object_data = {
- "id": {"vm1": "", "vm2": ""},
- "object-security-level": {"low": "", "medium": "", "high": ""},
-}
-action_data = {"action-type": {"vm-action": "", "storage-action": "", }}
-
-subject_assignments = {
- "user0": {"role": "admin", "subject-security-level": "high"},
- "user1": {"role": "employee", "subject-security-level": "medium"},
-}
-object_assignments = {
- "vm0": {"id": "vm1", "object-security-level": "medium"},
- "vm1": {"id": "vm2", "object-security-level": "low"},
-}
-action_assignments = {
- "start": {"action-type": "vm-action"},
- "stop": {"action-type": "vm-action"}
-}
-
-meta_rule = {
- "rbac": {"id": "", "value": ("role", "id", "action-type")},
- "mls": {"id": "", "value": ("subject-security-level", "object-security-level", "action-type")},
-}
-
-rules = {
- "rbac": (
- ("admin", "vm1", "vm-action"),
- ),
- "mls": (
- ("high", "medium", "vm-action"),
- ("medium", "low", "vm-action"),
- )
-}
diff --git a/moonv4/tests/scenario/session.py b/moonv4/tests/scenario/session.py
deleted file mode 100644
index 97d7aec3..00000000
--- a/moonv4/tests/scenario/session.py
+++ /dev/null
@@ -1,60 +0,0 @@
-
-pdp_name = "pdp1"
-policy_name = "Session policy example"
-model_name = "Session"
-policy_genre = "session"
-
-subjects = {"user0": "", "user1": "", }
-objects = {"admin": "", "employee": "", }
-actions = {"activate": "", "deactivate": ""}
-
-subject_categories = {"subjectid": "", }
-object_categories = {"role": "", }
-action_categories = {"session-action": "", }
-
-subject_data = {"subjectid": {"user0": "", "user1": ""}}
-object_data = {"role": {"admin": "", "employee": "", "*": ""}}
-action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
-
-subject_assignments = {"user0": ({"subjectid": "user0"}, ), "user1": ({"subjectid": "user1"}, ), }
-object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
- "employee": ({"role": "employee"}, {"role": "employee"})
- }
-action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
- "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
- }
-
-meta_rule = {
- "session": {"id": "", "value": ("subjectid", "role", "session-action")},
-}
-
-rules = {
- "session": (
- {
- "rule": ("user0", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user1", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "delete",
- "target": "rbac:role:employee" # delete the role employee from the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- )
-}
-
-
diff --git a/moonv4/tests/scenario/session_large.py b/moonv4/tests/scenario/session_large.py
deleted file mode 100644
index 5b4a64b6..00000000
--- a/moonv4/tests/scenario/session_large.py
+++ /dev/null
@@ -1,389 +0,0 @@
-
-pdp_name = "pdp1"
-policy_name = "Session policy example"
-model_name = "Session"
-policy_genre = "session"
-
-subjects = {
- "user0": "",
- "user1": "",
- "user2": "",
- "user3": "",
- "user4": "",
- "user5": "",
- "user6": "",
- "user7": "",
- "user8": "",
- "user9": "",
-}
-objects = {"admin": "", "employee": "", "dev1": "", "dev2": "", }
-actions = {"activate": "", "deactivate": ""}
-
-subject_categories = {"subjectid": "", }
-object_categories = {"role": "", }
-action_categories = {"session-action": "", }
-
-subject_data = {"subjectid": {
- "user0": "",
- "user1": "",
- "user2": "",
- "user3": "",
- "user4": "",
- "user5": "",
- "user6": "",
- "user7": "",
- "user8": "",
- "user9": "",
-}}
-object_data = {"role": {
- "admin": "",
- "employee": "",
- "dev1": "",
- "dev2": "",
- "*": ""
-}}
-action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
-
-subject_assignments = {
- "user0": ({"subjectid": "user0"}, ),
- "user1": ({"subjectid": "user1"}, ),
- "user2": ({"subjectid": "user2"}, ),
- "user3": ({"subjectid": "user3"}, ),
- "user4": ({"subjectid": "user4"}, ),
- "user5": ({"subjectid": "user5"}, ),
- "user6": ({"subjectid": "user6"}, ),
- "user7": ({"subjectid": "user7"}, ),
- "user8": ({"subjectid": "user8"}, ),
- "user9": ({"subjectid": "user9"}, ),
-}
-object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
- "employee": ({"role": "employee"}, {"role": "*"}),
- "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
- "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
- }
-action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
- "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
- }
-
-meta_rule = {
- "session": {"id": "", "value": ("subjectid", "role", "session-action")},
-}
-
-rules = {
- "session": (
- {
- "rule": ("user0", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user1", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "delete",
- "target": "rbac:role:employee" # delete the role employee from the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user2", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user2", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user2", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user3", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user3", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user3", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user4", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user4", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user4", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user5", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user5", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user5", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user6", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user6", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user6", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user7", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user7", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user7", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user8", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user8", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user8", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user9", "employee", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user9", "dev1", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- {
- "rule": ("user9", "dev2", "*"),
- "instructions": (
- {
- "update": {
- "operation": "add",
- "target": "rbac:role:admin" # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
- )
- },
- )
-}
-
-
diff --git a/moonv4/tests/send_authz.py b/moonv4/tests/send_authz.py
deleted file mode 100644
index b4ed1d2f..00000000
--- a/moonv4/tests/send_authz.py
+++ /dev/null
@@ -1,32 +0,0 @@
-from importlib.machinery import SourceFileLoader
-from python_moonclient import config, parse, models, policies, pdp, authz
-
-
-if __name__ == "__main__":
- args = parse.parse()
- consul_host = args.consul_host
- consul_port = args.consul_port
-
- models.init(consul_host, consul_port)
- policies.init(consul_host, consul_port)
- pdp.init(consul_host, consul_port)
-
- if args.filename:
- print("Loading: {}".format(args.filename[0]))
- m = SourceFileLoader("scenario", args.filename[0])
- scenario = m.load_module()
-
- keystone_project_id = pdp.get_keystone_id(args.pdp)
- time_data = authz.send_requests(
- scenario,
- args.authz_host,
- args.authz_port,
- keystone_project_id,
- request_second=args.request_second,
- limit=args.limit,
- dry_run=args.dry_run,
- stress_test=args.stress_test,
- destination=args.destination
- )
- if not args.dry_run:
- authz.save_data(args.write, time_data)