diff options
Diffstat (limited to 'moonv4/tests')
-rw-r--r-- | moonv4/tests/get_keystone_projects.py | 19 | ||||
-rw-r--r-- | moonv4/tests/populate_default_values.py | 135 | ||||
-rw-r--r-- | moonv4/tests/send_authz.py | 243 | ||||
-rw-r--r-- | moonv4/tests/utils/config.py | 62 | ||||
-rw-r--r-- | moonv4/tests/utils/models.py | 19 | ||||
-rw-r--r-- | moonv4/tests/utils/parse.py | 83 | ||||
-rw-r--r-- | moonv4/tests/utils/pdp.py | 42 | ||||
-rw-r--r-- | moonv4/tests/utils/policies.py | 23 |
8 files changed, 508 insertions, 118 deletions
diff --git a/moonv4/tests/get_keystone_projects.py b/moonv4/tests/get_keystone_projects.py new file mode 100644 index 00000000..7b37b0e7 --- /dev/null +++ b/moonv4/tests/get_keystone_projects.py @@ -0,0 +1,19 @@ +from utils import pdp +from utils import parse +from utils import models +from utils import policies +from utils import pdp + +if __name__ == "__main__": + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + projects = pdp.get_keystone_projects() + + for _project in projects['projects']: + print("{} {}".format(_project['id'], _project['name'])) diff --git a/moonv4/tests/populate_default_values.py b/moonv4/tests/populate_default_values.py index 740ad8ed..28795526 100644 --- a/moonv4/tests/populate_default_values.py +++ b/moonv4/tests/populate_default_values.py @@ -1,42 +1,11 @@ -import argparse import logging from importlib.machinery import SourceFileLoader -from utils.pdp import * -from utils.models import * -from utils.policies import * +from utils import parse +from utils import models +from utils import policies +from utils import pdp -parser = argparse.ArgumentParser() -parser.add_argument('filename', help='scenario filename', nargs=1) -parser.add_argument("--verbose", "-v", action='store_true', help="verbose mode") -parser.add_argument("--debug", "-d", action='store_true', help="debug mode") -args = parser.parse_args() - -FORMAT = '%(asctime)-15s %(levelname)s %(message)s' -if args.debug: - logging.basicConfig( - format=FORMAT, - level=logging.DEBUG) -elif args.verbose: - logging.basicConfig( - format=FORMAT, - level=logging.INFO) -else: - logging.basicConfig( - format=FORMAT, - level=logging.WARNING) - -requests_log = logging.getLogger("requests.packages.urllib3") -requests_log.setLevel(logging.WARNING) -requests_log.propagate = True - -logger = logging.getLogger(__name__) - -if args.filename: - print("Loading: {}".format(args.filename[0])) - -m = SourceFileLoader("scenario", args.filename[0]) - -scenario = m.load_module() +logger = None def create_model(model_id=None): @@ -44,16 +13,16 @@ def create_model(model_id=None): logger.info("Creating model {}".format(scenario.model_name)) if not model_id: logger.info("Add model") - model_id = add_model(name=scenario.model_name) + model_id = models.add_model(name=scenario.model_name) logger.info("Add subject categories") for cat in scenario.subject_categories: - scenario.subject_categories[cat] = add_subject_category(name=cat) + scenario.subject_categories[cat] = models.add_subject_category(name=cat) logger.info("Add object categories") for cat in scenario.object_categories: - scenario.object_categories[cat] = add_object_category(name=cat) + scenario.object_categories[cat] = models.add_object_category(name=cat) logger.info("Add action categories") for cat in scenario.action_categories: - scenario.action_categories[cat] = add_action_category(name=cat) + scenario.action_categories[cat] = models.add_action_category(name=cat) sub_cat = [] ob_cat = [] act_cat = [] @@ -66,14 +35,14 @@ def create_model(model_id=None): ob_cat.append(scenario.object_categories[item]) elif item in scenario.action_categories: act_cat.append(scenario.action_categories[item]) - meta_rules = check_meta_rule(meta_rule_id=None) + meta_rules = models.check_meta_rule(meta_rule_id=None) for _meta_rule_id, _meta_rule_value in meta_rules['meta_rules'].items(): if _meta_rule_value['name'] == item_name: meta_rule_id = _meta_rule_id break else: logger.info("Add meta rule") - meta_rule_id = add_meta_rule(item_name, sub_cat, ob_cat, act_cat) + meta_rule_id = models.add_meta_rule(item_name, sub_cat, ob_cat, act_cat) item_value["id"] = meta_rule_id if meta_rule_id not in meta_rule_list: meta_rule_list.append(meta_rule_id) @@ -83,51 +52,51 @@ def create_model(model_id=None): def create_policy(model_id, meta_rule_list): if args.verbose: logger.info("Creating policy {}".format(scenario.policy_name)) - _policies = check_policy() + _policies = policies.check_policy() for _policy_id, _policy_value in _policies["policies"].items(): if _policy_value['name'] == scenario.policy_name: policy_id = _policy_id break else: - policy_id = add_policy(name=scenario.policy_name, genre=scenario.policy_genre) + policy_id = policies.add_policy(name=scenario.policy_name, genre=scenario.policy_genre) - update_policy(policy_id, model_id) + policies.update_policy(policy_id, model_id) for meta_rule_id in meta_rule_list: logger.debug("add_meta_rule_to_model {} {}".format(model_id, meta_rule_id)) - add_meta_rule_to_model(model_id, meta_rule_id) + models.add_meta_rule_to_model(model_id, meta_rule_id) logger.info("Add subject data") for subject_cat_name in scenario.subject_data: for subject_data_name in scenario.subject_data[subject_cat_name]: - data_id = scenario.subject_data[subject_cat_name][subject_data_name] = add_subject_data( + data_id = scenario.subject_data[subject_cat_name][subject_data_name] = policies.add_subject_data( policy_id=policy_id, category_id=scenario.subject_categories[subject_cat_name], name=subject_data_name) scenario.subject_data[subject_cat_name][subject_data_name] = data_id logger.info("Add object data") for object_cat_name in scenario.object_data: for object_data_name in scenario.object_data[object_cat_name]: - data_id = scenario.object_data[object_cat_name][object_data_name] = add_object_data( + data_id = scenario.object_data[object_cat_name][object_data_name] = policies.add_object_data( policy_id=policy_id, category_id=scenario.object_categories[object_cat_name], name=object_data_name) scenario.object_data[object_cat_name][object_data_name] = data_id logger.info("Add action data") for action_cat_name in scenario.action_data: for action_data_name in scenario.action_data[action_cat_name]: - data_id = scenario.action_data[action_cat_name][action_data_name] = add_action_data( + data_id = scenario.action_data[action_cat_name][action_data_name] = policies.add_action_data( policy_id=policy_id, category_id=scenario.action_categories[action_cat_name], name=action_data_name) scenario.action_data[action_cat_name][action_data_name] = data_id logger.info("Add subjects") for name in scenario.subjects: - scenario.subjects[name] = add_subject(policy_id, name=name) + scenario.subjects[name] = policies.add_subject(policy_id, name=name) logger.info("Add objects") for name in scenario.objects: - scenario.objects[name] = add_object(policy_id, name=name) + scenario.objects[name] = policies.add_object(policy_id, name=name) logger.info("Add actions") for name in scenario.actions: - scenario.actions[name] = add_action(policy_id, name=name) + scenario.actions[name] = policies.add_action(policy_id, name=name) logger.info("Add subject assignments") for subject_name in scenario.subject_assignments: @@ -138,14 +107,14 @@ def create_policy(model_id, meta_rule_list): subject_cat_id = scenario.subject_categories[subject_category_name] for data in scenario.subject_assignments[subject_name]: subject_data_id = scenario.subject_data[subject_category_name][data[subject_category_name]] - add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) + policies.add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) else: for subject_category_name in scenario.subject_assignments[subject_name]: subject_id = scenario.subjects[subject_name] subject_cat_id = scenario.subject_categories[subject_category_name] subject_data_id = scenario.subject_data[subject_category_name][scenario.subject_assignments[subject_name][subject_category_name]] - add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) - + policies.add_subject_assignments(policy_id, subject_id, subject_cat_id, subject_data_id) + logger.info("Add object assignments") for object_name in scenario.object_assignments: if type(scenario.object_assignments[object_name]) in (list, tuple): @@ -155,13 +124,13 @@ def create_policy(model_id, meta_rule_list): object_cat_id = scenario.object_categories[object_category_name] for data in scenario.object_assignments[object_name]: object_data_id = scenario.object_data[object_category_name][data[object_category_name]] - add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) + policies.add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) else: for object_category_name in scenario.object_assignments[object_name]: object_id = scenario.objects[object_name] object_cat_id = scenario.object_categories[object_category_name] object_data_id = scenario.object_data[object_category_name][scenario.object_assignments[object_name][object_category_name]] - add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) + policies.add_object_assignments(policy_id, object_id, object_cat_id, object_data_id) logger.info("Add action assignments") for action_name in scenario.action_assignments: @@ -172,13 +141,13 @@ def create_policy(model_id, meta_rule_list): action_cat_id = scenario.action_categories[action_category_name] for data in scenario.action_assignments[action_name]: action_data_id = scenario.action_data[action_category_name][data[action_category_name]] - add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) + policies.add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) else: for action_category_name in scenario.action_assignments[action_name]: action_id = scenario.actions[action_name] action_cat_id = scenario.action_categories[action_category_name] action_data_id = scenario.action_data[action_category_name][scenario.action_assignments[action_name][action_category_name]] - add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) + policies.add_action_assignments(policy_id, action_id, action_cat_id, action_data_id) logger.info("Add rules") for meta_rule_name in scenario.rules: @@ -195,30 +164,50 @@ def create_policy(model_id, meta_rule_list): elif category_name in scenario.action_categories: data_list.append(scenario.action_data[category_name][data_name]) instructions = rule["instructions"] - add_rule(policy_id, meta_rule_value["id"], data_list, instructions) + policies.add_rule(policy_id, meta_rule_value["id"], data_list, instructions) return policy_id -def create_pdp(policy_id=None): +def create_pdp(policy_id=None, project_id=None): logger.info("Creating PDP {}".format(scenario.pdp_name)) - projects = get_keystone_projects() - admin_project_id = None - for _project in projects['projects']: - if _project['name'] == "admin": - admin_project_id = _project['id'] - assert admin_project_id - pdps = check_pdp()["pdps"] + projects = pdp.get_keystone_projects() + if not project_id: + for _project in projects['projects']: + if _project['name'] == "admin": + project_id = _project['id'] + assert project_id + pdps = pdp.check_pdp()["pdps"] for pdp_id, pdp_value in pdps.items(): if scenario.pdp_name == pdp_value["name"]: - update_pdp(pdp_id, policy_id=policy_id) + pdp.update_pdp(pdp_id, policy_id=policy_id) logger.debug("Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, policy_id)) return pdp_id - _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id) - map_to_keystone(pdp_id=_pdp_id, keystone_project_id=admin_project_id) + _pdp_id = pdp.add_pdp(name=scenario.pdp_name, policy_id=policy_id) + pdp.map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) return _pdp_id + if __name__ == "__main__": - _models = check_model() + logger = logging.getLogger("moonforming") + requests_log = logging.getLogger("requests.packages.urllib3") + requests_log.setLevel(logging.WARNING) + requests_log.propagate = True + + args = parse.parse() + consul_host = args.consul_host + consul_port = args.consul_port + project_id = args.keystone_pid + + models.init(consul_host, consul_port) + policies.init(consul_host, consul_port) + pdp.init(consul_host, consul_port) + + if args.filename: + print("Loading: {}".format(args.filename[0])) + m = SourceFileLoader("scenario", args.filename[0]) + scenario = m.load_module() + + _models = models.check_model() for _model_id, _model_value in _models['models'].items(): if _model_value['name'] == scenario.model_name: model_id = _model_id @@ -228,4 +217,4 @@ if __name__ == "__main__": else: model_id, meta_rule_list = create_model() policy_id = create_policy(model_id, meta_rule_list) - pdp_id = create_pdp(policy_id) + pdp_id = create_pdp(policy_id=policy_id, project_id=project_id) diff --git a/moonv4/tests/send_authz.py b/moonv4/tests/send_authz.py new file mode 100644 index 00000000..5766a0ec --- /dev/null +++ b/moonv4/tests/send_authz.py @@ -0,0 +1,243 @@ +import sys +import copy +import logging +import threading +from importlib.machinery import SourceFileLoader +import requests +import time +import json +import random +from uuid import uuid4 +from utils.pdp import check_pdp +from utils.parse import parse +import utils.config + + +logger = None +HOST_MANAGER = None +PORT_MANAGER = None +HOST_AUTHZ = None +PORT_AUTHZ = None +HOST_KEYSTONE = None +PORT_KEYSTONE = None + +lock = threading.Lock() +logger = logging.getLogger(__name__) + + +def get_scenario(args): + m = SourceFileLoader("scenario", args.filename[0]) + return m.load_module() + + +def get_keystone_id(pdp_name): + global HOST_MANAGER, PORT_MANAGER + keystone_project_id = None + for pdp_key, pdp_value in check_pdp(moon_url="http://{}:{}".format(HOST_MANAGER, PORT_MANAGER))["pdps"].items(): + if pdp_name: + if pdp_name != pdp_value["name"]: + continue + if pdp_value['security_pipeline'] and pdp_value["keystone_project_id"]: + logger.debug("Found pdp with keystone_project_id={}".format(pdp_value["keystone_project_id"])) + keystone_project_id = pdp_value["keystone_project_id"] + + if not keystone_project_id: + logger.error("Cannot find PDP with keystone project ID") + sys.exit(1) + return keystone_project_id + + +def _construct_payload(creds, current_rule, enforcer, target): + # Convert instances of object() in target temporarily to + # empty dict to avoid circular reference detection + # errors in jsonutils.dumps(). + temp_target = copy.deepcopy(target) + for key in target.keys(): + element = target.get(key) + if type(element) is object: + temp_target[key] = {} + _data = _json = None + if enforcer: + _data = {'rule': json.dumps(current_rule), + 'target': json.dumps(temp_target), + 'credentials': json.dumps(creds)} + else: + _json = {'rule': current_rule, + 'target': temp_target, + 'credentials': creds} + return _data, _json + + +def _send(url, data=None, stress_test=False): + current_request = dict() + current_request['url'] = url + try: + if stress_test: + current_request['start'] = time.time() + # with lock: + res = requests.get(url) + current_request['end'] = time.time() + current_request['delta'] = current_request["end"] - current_request["start"] + else: + with lock: + current_request['start'] = time.time() + if data: + data, _ = _construct_payload(data['credentials'], data['rule'], True, data['target']) + res = requests.post(url, json=data, + headers={'content-type': "application/x-www-form-urlencode"} + ) + else: + res = requests.get(url) + current_request['end'] = time.time() + current_request['delta'] = current_request["end"] - current_request["start"] + except requests.exceptions.ConnectionError: + logger.warning("Unable to connect to server") + return {} + if not stress_test: + try: + j = res.json() + if res.status_code == 200: + logger.warning("\033[1m{}\033[m \033[32mGrant\033[m".format(url)) + elif res.status_code == 401: + logger.warning("\033[1m{}\033[m \033[31mDeny\033[m".format(url)) + else: + logger.error("\033[1m{}\033[m {} {}".format(url, res.status_code, res.text)) + except Exception as e: + if res.text == "True": + logger.warning("\033[1m{}\033[m \033[32mGrant\033[m".format(url)) + elif res.text == "False": + logger.warning("\033[1m{}\033[m \033[31mDeny\033[m".format(url)) + else: + logger.error("\033[1m{}\033[m {} {}".format(url, res.status_code, res.text)) + logger.exception(e) + logger.error(res.text) + else: + if j.get("result"): + # logger.warning("{} \033[32m{}\033[m".format(url, j.get("result"))) + logger.debug("{}".format(j.get("error", ""))) + current_request['result'] = "Grant" + else: + # logger.warning("{} \033[31m{}\033[m".format(url, "Deny")) + logger.debug("{}".format(j)) + current_request['result'] = "Deny" + return current_request + + +class AsyncGet(threading.Thread): + + def __init__(self, url, semaphore=None, **kwargs): + threading.Thread.__init__(self) + self.url = url + self.kwargs = kwargs + self.sema = semaphore + self.result = dict() + self.uuid = uuid4().hex + self.index = kwargs.get("index", 0) + + def run(self): + self.result = _send(self.url, + data=self.kwargs.get("data"), + stress_test=self.kwargs.get("stress_test", False)) + self.result['index'] = self.index + + +def send_requests(scenario, keystone_project_id, request_second=1, limit=500, + dry_run=None, stress_test=False, destination="wrapper"): + global HOST_AUTHZ, PORT_AUTHZ + backgrounds = [] + time_data = list() + start_timing = time.time() + request_cpt = 0 + SUBJECTS = tuple(scenario.subjects.keys()) + OBJECTS = tuple(scenario.objects.keys()) + ACTIONS = tuple(scenario.actions.keys()) + while request_cpt < limit: + rule = (random.choice(SUBJECTS), random.choice(OBJECTS), random.choice(ACTIONS)) + if destination.lower() == "wrapper": + url = "http://{}:{}/authz".format(HOST_AUTHZ, PORT_AUTHZ) + data = { + 'target': { + "user_id": random.choice(SUBJECTS), + "target": { + "name": random.choice(OBJECTS) + }, + "project_id": keystone_project_id + }, + 'credentials': None, + 'rule': random.choice(ACTIONS) + } + else: + url = "http://{}:{}/authz/{}/{}".format(HOST_AUTHZ, PORT_AUTHZ, keystone_project_id, "/".join(rule)) + data = None + if dry_run: + logger.info(url) + continue + request_cpt += 1 + if stress_test: + time_data.append(copy.deepcopy(_send(url, stress_test=stress_test))) + else: + background = AsyncGet(url, stress_test=stress_test, data=data, + index=request_cpt) + backgrounds.append(background) + background.start() + if request_second > 0: + if request_cpt % request_second == 0: + if time.time()-start_timing < 1: + while True: + if time.time()-start_timing > 1: + break + start_timing = time.time() + if not stress_test: + for background in backgrounds: + background.join() + if background.result: + time_data.append(copy.deepcopy(background.result)) + return time_data + + +def save_data(filename, time_data): + json.dump(time_data, open(filename, "w")) + + +def get_delta(time_data): + time_delta = list() + time_delta_sum1 = 0 + for item in time_data: + time_delta.append(item['delta']) + time_delta_sum1 += item['delta'] + time_delta_average1 = time_delta_sum1 / len(time_data) + return time_delta, time_delta_average1 + + +def main(): + global HOST_MANAGER, PORT_MANAGER, HOST_AUTHZ, PORT_AUTHZ + + args = parse() + consul_host = args.consul_host + consul_port = args.consul_port + conf_data = utils.config.get_config_data(consul_host, consul_port) + + HOST_MANAGER = conf_data['manager_host'] + PORT_MANAGER = conf_data['manager_port'] + HOST_AUTHZ = args.authz_host + PORT_AUTHZ = args.authz_port + # HOST_KEYSTONE = conf_data['keystone_host'] + # PORT_KEYSTONE = conf_data['manager_host'] + + scenario = get_scenario(args) + keystone_project_id = get_keystone_id(args.pdp) + time_data = send_requests( + scenario, + keystone_project_id, + request_second=args.request_second, + limit=args.limit, + dry_run=args.dry_run, + stress_test=args.stress_test, + destination=args.destination + ) + if not args.dry_run: + save_data(args.write, time_data) + + +if __name__ == "__main__": + main() diff --git a/moonv4/tests/utils/config.py b/moonv4/tests/utils/config.py index 30c8ea4f..d6317820 100644 --- a/moonv4/tests/utils/config.py +++ b/moonv4/tests/utils/config.py @@ -1,22 +1,44 @@ -import yaml +import base64 +import json +import requests -def get_config_data(filename="moon.conf"): - data_config = None - for _file in ( - filename, - "conf/moon.conf", - "../moon.conf", - "../conf/moon.conf", - "/etc/moon/moon.conf", - ): - try: - data_config = yaml.safe_load(open(_file)) - except FileNotFoundError: - data_config = None - continue - else: - break - if not data_config: - raise Exception("Configuration file not found...") - return data_config +def get_configuration(consul_host, consul_port, key): + url = "http://{}:{}/v1/kv/{}".format(consul_host, consul_port, key) + req = requests.get(url) + if req.status_code != 200: + raise Exception("xxx") + data = req.json() + if len(data) == 1: + data = data[0] + return {data["Key"]: json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} + else: + return [ + {item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8"))} + for item in data + ] + + +def get_config_data(consul_host, consul_port): + conf_data = dict() + conf_data['manager_host'] = get_configuration(consul_host, consul_port, + 'components/manager')['components/manager']['external']['hostname'] + conf_data['manager_port'] = get_configuration(consul_host, consul_port, + 'components/manager')['components/manager']['external']['port'] + # conf_data['authz_host'] = get_configuration(consul_host, consul_port, + # 'components/interface')['components/interface']['external']['hostname'] + # conf_data['authz_port'] = get_configuration(consul_host, consul_port, + # 'components/interface')['components/interface']['external']['port'] + conf_data['keystone_host'] = get_configuration(consul_host, consul_port, + 'openstack/keystone')['openstack/keystone']['external']['url'] + # conf_data['keystone_port'] = '5000' + conf_data['keystone_user'] = get_configuration(consul_host, consul_port, + 'openstack/keystone')['openstack/keystone']['user'] + conf_data['keystone_password'] = get_configuration(consul_host, consul_port, + 'openstack/keystone')['openstack/keystone']['password'] + conf_data['keystone_project'] = get_configuration(consul_host, consul_port, + 'openstack/keystone')['openstack/keystone']['project'] + return conf_data + +# get_conf_data('88.88.88.2', '30005') +# get_conf_data('127.0.0.1', 8082) diff --git a/moonv4/tests/utils/models.py b/moonv4/tests/utils/models.py index 3cf31354..61fa6179 100644 --- a/moonv4/tests/utils/models.py +++ b/moonv4/tests/utils/models.py @@ -2,13 +2,8 @@ import requests import copy import utils.config -config = utils.config.get_config_data() - -URL = "http://{}:{}".format( - config['components']['manager']['hostname'], - config['components']['manager']['port']) -URL = URL + "{}" -HEADERS = {"content-type": "application/json"} +URL = None +HEADERS = None model_template = { "name": "test_model", @@ -29,6 +24,16 @@ meta_rule_template = { } +def init(consul_host, consul_port): + conf_data = utils.config.get_config_data(consul_host, consul_port) + global URL, HEADERS + URL = "http://{}:{}".format( + conf_data['manager_host'], + conf_data['manager_port']) + URL = URL + "{}" + HEADERS = {"content-type": "application/json"} + + def check_model(model_id=None, check_model_name=True): req = requests.get(URL.format("/models")) assert req.status_code == 200 diff --git a/moonv4/tests/utils/parse.py b/moonv4/tests/utils/parse.py new file mode 100644 index 00000000..34a4a996 --- /dev/null +++ b/moonv4/tests/utils/parse.py @@ -0,0 +1,83 @@ +import logging +import argparse + + +logger = None + + +def parse(): + global logger + logger = logging.getLogger(__name__) + requests_log = logging.getLogger("requests.packages.urllib3") + requests_log.setLevel(logging.WARNING) + requests_log.propagate = True + + parser = argparse.ArgumentParser() + parser.add_argument('filename', help='scenario filename', nargs=1) + parser.add_argument("--verbose", "-v", action='store_true', + help="verbose mode") + parser.add_argument("--debug", "-d", action='store_true', + help="debug mode") + parser.add_argument("--dry-run", "-n", action='store_true', + help="Dry run", dest="dry_run") + parser.add_argument("--destination", + help="Set the type of output needed " + "(default: wrapper, other possible type: " + "interface).", + default="wrapper") + parser.add_argument("--consul-host", + help="Set the name of the consul server" + "(default: 127.0.0.1).", + default="127.0.0.1") + parser.add_argument("--consul-port", + help="Set the port of the consult server" + "(default: 8082).", + default="8082") + parser.add_argument("--authz-host", + help="Set the name of the authz server to test" + "(default: 127.0.0.1).", + default="127.0.0.1") + parser.add_argument("--authz-port", + help="Set the port of the authz server to test" + "(default: 31002).", + default="31002") + parser.add_argument("--keystone-pid", "--keystone-project-id", + help="Set the Keystone project ID" + "(default: None).", + default=None) + parser.add_argument("--stress-test", "-s", action='store_true', + dest='stress_test', + help="Execute stressing tests (warning delta measures " + "will be false, implies -t)") + parser.add_argument("--write", "-w", help="Write test data to a JSON file", + default="/tmp/data.json") + parser.add_argument("--pdp", help="Test on pdp PDP") + parser.add_argument("--request-per-second", + help="Number of requests per seconds", + type=int, dest="request_second", default=-1) + parser.add_argument("--limit", help="Limit request to LIMIT", type=int, + default=500) + + args = parser.parse_args() + + FORMAT = '%(asctime)-15s %(levelname)s %(message)s' + if args.debug: + logging.basicConfig( + format=FORMAT, + level=logging.DEBUG) + elif args.verbose: + logging.basicConfig( + format=FORMAT, + level=logging.INFO) + else: + logging.basicConfig( + format=FORMAT, + level=logging.WARNING) + + if args.stress_test: + args.testonly = True + + if args.filename: + logger.info("Loading: {}".format(args.filename[0])) + + return args diff --git a/moonv4/tests/utils/pdp.py b/moonv4/tests/utils/pdp.py index 4f513aa6..50998507 100644 --- a/moonv4/tests/utils/pdp.py +++ b/moonv4/tests/utils/pdp.py @@ -1,27 +1,42 @@ +import logging import requests import utils.config -config = utils.config.get_config_data() +logger = logging.getLogger("moonforming.utils.policies") +URL = None +HEADER = None +KEYSTONE_USER = None +KEYSTONE_PASSWORD = None +KEYSTONE_PROJECT = None +KEYSTONE_SERVER = None + +# config = utils.config.get_config_data() -URL = "http://{}:{}".format( - config['components']['manager']['hostname'], - config['components']['manager']['port']) -HEADERS = {"content-type": "application/json"} -KEYSTONE_USER = config['openstack']['keystone']['user'] -KEYSTONE_PASSWORD = config['openstack']['keystone']['password'] -KEYSTONE_PROJECT = config['openstack']['keystone']['project'] -KEYSTONE_SERVER = config['openstack']['keystone']['url'] pdp_template = { "name": "test_pdp", "security_pipeline": [], - "keystone_project_id": "", + "keystone_project_id": None, "description": "test", } -def get_keystone_projects(): +def init(consul_host, consul_port): + conf_data = utils.config.get_config_data(consul_host, consul_port) + global URL, HEADER, KEYSTONE_USER, KEYSTONE_PASSWORD, KEYSTONE_PROJECT, KEYSTONE_SERVER + URL = "http://{}:{}".format( + conf_data['manager_host'], + conf_data['manager_port']) + # URL = URL + "{}" + HEADER = {"content-type": "application/json"} + KEYSTONE_USER = conf_data['keystone_user'] + KEYSTONE_PASSWORD = conf_data['keystone_password'] + KEYSTONE_PROJECT = conf_data['keystone_project'] + KEYSTONE_SERVER = conf_data['keystone_host'] + +def get_keystone_projects(): + global HEADERS HEADERS = { "Content-Type": "application/json" } @@ -46,6 +61,8 @@ def get_keystone_projects(): } req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) + logger.debug("{}/auth/tokens".format(KEYSTONE_SERVER)) + logger.debug(req.text) assert req.status_code in (200, 201) TOKEN = req.headers['X-Subject-Token'] HEADERS['X-Auth-Token'] = TOKEN @@ -95,6 +112,8 @@ def add_pdp(name="test_pdp", policy_id=None): if policy_id: pdp_template['security_pipeline'].append(policy_id) req = requests.post(URL + "/pdp", json=pdp_template, headers=HEADERS) + logger.debug(req.status_code) + logger.debug(req) assert req.status_code == 200 result = req.json() assert type(result) is dict @@ -154,4 +173,3 @@ def delete_pdp(pdp_id): assert type(result) is dict assert "result" in result assert result["result"] - diff --git a/moonv4/tests/utils/policies.py b/moonv4/tests/utils/policies.py index 2180317e..fd4d238f 100644 --- a/moonv4/tests/utils/policies.py +++ b/moonv4/tests/utils/policies.py @@ -1,12 +1,11 @@ +import logging import requests import utils.config -config = utils.config.get_config_data() - -URL = "http://{}:{}".format(config['components']['manager']['hostname'], config['components']['manager']['port']) -URL = URL + "{}" -HEADERS = {"content-type": "application/json"} +URL = None +HEADERS = None FILE = open("/tmp/test.log", "w") +logger = logging.getLogger("utils.policies") policy_template = { "name": "test_policy", @@ -54,8 +53,17 @@ subject_assignment_template = { } +def init(consul_host, consul_port): + conf_data = utils.config.get_config_data(consul_host, consul_port) + global URL, HEADERS + URL = "http://{}:{}".format( + conf_data['manager_host'], + conf_data['manager_port']) + URL = URL + "{}" + HEADERS = {"content-type": "application/json"} + + def check_policy(policy_id=None): - print("URL={}".format(URL.format("/policies"))) req = requests.get(URL.format("/policies")) assert req.status_code == 200 result = req.json() @@ -109,10 +117,13 @@ def delete_policy(policy_id): def add_subject(policy_id=None, name="test_subject"): subject_template['name'] = name if policy_id: + logger.debug(URL.format("/policies/{}/subjects".format(policy_id))) req = requests.post(URL.format("/policies/{}/subjects".format(policy_id)), json=subject_template, headers=HEADERS) else: + logger.debug(URL.format("/subjects")) req = requests.post(URL.format("/subjects"), json=subject_template, headers=HEADERS) + logger.debug(req.text) assert req.status_code == 200 result = req.json() assert "subjects" in result |