aboutsummaryrefslogtreecommitdiffstats
path: root/old/moon_manager/tests/functional_pod
diff options
context:
space:
mode:
Diffstat (limited to 'old/moon_manager/tests/functional_pod')
-rw-r--r--old/moon_manager/tests/functional_pod/conftest.py12
-rw-r--r--old/moon_manager/tests/functional_pod/json/mls.json89
-rw-r--r--old/moon_manager/tests/functional_pod/json/rbac.json85
-rw-r--r--old/moon_manager/tests/functional_pod/run_functional_tests.sh11
-rw-r--r--old/moon_manager/tests/functional_pod/test_manager.py116
-rw-r--r--old/moon_manager/tests/functional_pod/test_models.py79
6 files changed, 392 insertions, 0 deletions
diff --git a/old/moon_manager/tests/functional_pod/conftest.py b/old/moon_manager/tests/functional_pod/conftest.py
new file mode 100644
index 00000000..b5811755
--- /dev/null
+++ b/old/moon_manager/tests/functional_pod/conftest.py
@@ -0,0 +1,12 @@
+import pytest
+
+print("ANALYSING CONFTEST")
+
+
+@pytest.fixture
+def context():
+ print("CREATING CONTEXT")
+ yield {
+ "hostname": "manager",
+ "port": 8082,
+ }
diff --git a/old/moon_manager/tests/functional_pod/json/mls.json b/old/moon_manager/tests/functional_pod/json/mls.json
new file mode 100644
index 00000000..01ef6deb
--- /dev/null
+++ b/old/moon_manager/tests/functional_pod/json/mls.json
@@ -0,0 +1,89 @@
+{
+ "pdps": [{"name" : "pdp_mls", "keystone_project_id" : "", "description": "", "policies": [{"name": "MLS policy example"}]}],
+
+ "policies":[{ "name": "MLS policy example", "genre": "authz", "description": "", "model": {"name": "MLS"} , "mandatory" :false , "override":true}],
+
+ "models":[{"name":"MLS", "description":"","meta_rules": [{"name" : "mls"}], "override":true}],
+
+
+
+
+
+ "subjects": [{ "name":"adminuser", "description": "", "extra": {}, "policies": [{ "name": "MLS policy example"}]} ,
+ { "name": "user1", "description": "", "extra": {}, "policies": [{ "name": "MLS policy example"}] },
+ { "name": "user2", "description": "", "extra": {}, "policies": [{ "name": "MLS policy example"}] }],
+
+ "subject_categories": [{ "name":"subject-security-level", "description": "" }],
+
+ "subject_data": [{ "name":"low", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}},
+ { "name":"medium", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}},
+ { "name":"high", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}}],
+
+ "subject_assignments":[{ "subject" : {"name": "adminuser"}, "category" : {"name": "subject-security-level"}, "assignments": [{"name" : "high"}]},
+ { "subject" : {"name": "user1"}, "category" : {"name": "subject-security-level"}, "assignments": [{"name" : "medium"}] }],
+
+
+
+
+
+
+ "objects": [{ "name":"vm0", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]} ,
+ {"name": "vm1", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]} ],
+
+ "object_categories": [{"name":"object-security-level", "description": ""}],
+
+ "object_data": [{ "name":"low", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}},
+ { "name":"medium", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}},
+ { "name":"high", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}}],
+
+ "object_assignments":[{ "object" : {"name": "vm0"}, "category" : {"name": "object-security-level"}, "assignments": [{"name" : "medium"}]},
+ { "object" : {"name": "vm1"}, "category" : {"name": "object-security-level"}, "assignments": [{"name" : "low"}]}],
+
+
+
+
+
+
+ "actions": [{ "name": "start", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]} ,
+ { "name": "stop", "description": "", "extra": {}, "policies": [{"name": "MLS policy example"}]}],
+
+ "action_categories": [{"name":"action-type", "description": ""}],
+
+ "action_data": [{"name":"vm-action", "description": "", "policies": [{"name": "MLS policy example"}], "category": {"name": "action-type"}},
+ {"name":"storage-action", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "action-type"}}],
+
+ "action_assignments":[{ "action" : {"name": "start"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}]},
+ { "action" : {"name": "stop"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}]}],
+
+
+
+
+
+
+ "meta_rules":[{"name":"mls", "description": "",
+ "subject_categories": [{"name": "subject-security-level"}],
+ "object_categories": [{"name": "object-security-level"}],
+ "action_categories": [{"name": "action-type"}]
+ }],
+
+ "rules": [{
+ "meta_rule": {"name" : "mls"},
+ "rule": {"subject_data" : [{"name":"high"}], "object_data": [{"name": "medium"}], "action_data": [{"name": "vm-action"}]},
+ "policy": {"name" :"MLS policy example"},
+ "instructions" : {"decision" : "grant"}
+ }, {
+ "meta_rule": {"name" : "mls"},
+ "rule": {"subject_data" : [{"name":"high"}], "object_data": [{"name": "low"}], "action_data": [{"name": "vm-action"}]},
+ "policy": {"name" :"MLS policy example"},
+ "instructions" : {"decision" : "grant"}
+ }, {
+ "meta_rule": {"name" : "mls"},
+ "rule": {"subject_data" : [{"name":"medium"}], "object_data": [{"name": "low"}], "action_data": [{"name": "vm-action"}]},
+ "policy": {"name" :"MLS policy example"},
+ "instructions" : {"decision" : "grant"}
+ }]
+
+
+
+
+} \ No newline at end of file
diff --git a/old/moon_manager/tests/functional_pod/json/rbac.json b/old/moon_manager/tests/functional_pod/json/rbac.json
new file mode 100644
index 00000000..a75f291b
--- /dev/null
+++ b/old/moon_manager/tests/functional_pod/json/rbac.json
@@ -0,0 +1,85 @@
+{
+ "pdps": [{"name" : "pdp_rbac", "keystone_project_id" : "", "description": "", "policies": [{"name": "RBAC policy example"}]}],
+
+ "policies":[{ "name": "RBAC policy example", "genre": "authz", "description": "", "model": {"name": "RBAC"} , "mandatory" :true , "override":true}],
+
+ "models":[{"name":"RBAC", "description":"","meta_rules": [{"name" : "rbac"}], "override":true}],
+
+
+
+
+
+ "subjects": [{ "name":"adminuser", "description": "", "extra": {}, "policies": [{ "name": "RBAC policy example"}]} ,
+ { "name": "user1", "description": "", "extra": {}, "policies": [{ "name": "RBAC policy example"}] },
+ { "name": "public", "description": "", "extra": {}, "policies": [] }],
+
+ "subject_categories": [{ "name":"role", "description": "" }],
+
+ "subject_data": [{ "name":"admin", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "role"}},
+ { "name":"employee", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "role"}},
+ { "name":"*", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "role"}}],
+
+ "subject_assignments":[{ "subject" : {"name": "adminuser"}, "category" : {"name": "role"}, "assignments": [{"name" : "admin"}, {"name" : "employee"}, {"name" : "*"}]},
+ { "subject" : {"name": "user1"}, "category" : {"name": "role"}, "assignments": [{"name" : "employee"}, {"name" : "*"}] }],
+
+
+
+
+
+
+ "objects": [{ "name":"vm0", "description": "", "extra": {}, "policies": [{"name": "RBAC policy example"}]} ,
+ {"name": "vm1", "description": "", "extra": {}, "policies": [{"name": "RBAC policy example"}]} ],
+
+ "object_categories": [{"name":"id", "description": ""}],
+
+ "object_data": [{ "name":"vm0", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "id"}},
+ { "name":"vm1", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "id"}},
+ { "name":"*", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "id"}}],
+
+ "object_assignments":[{ "object" : {"name": "vm0"}, "category" : {"name": "id"}, "assignments": [{"name" : "vm0"}, {"name" : "*"}]},
+ { "object" : {"name": "vm1"}, "category" : {"name": "id"}, "assignments": [{"name" : "vm1"}, {"name" : "*"}]}],
+
+
+
+
+
+
+ "actions": [{ "name": "start", "description": "", "extra": {}, "policies": [{"name": "RBAC policy example"}]} ,
+ { "name": "stop", "description": "", "extra": {}, "policies": [{"name": "RBAC policy example"}]}],
+
+ "action_categories": [{"name":"action-type", "description": ""}],
+
+ "action_data": [{"name":"vm-action", "description": "", "policies": [{"name": "RBAC policy example"}], "category": {"name": "action-type"}},
+ {"name":"*", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "action-type"}}],
+
+ "action_assignments":[{ "action" : {"name": "start"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}, {"name" : "*"}]},
+ { "action" : {"name": "stop"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}, {"name" : "*"}]}],
+
+
+
+
+
+
+ "meta_rules":[{"name":"rbac", "description": "",
+ "subject_categories": [{"name": "role"}],
+ "object_categories": [{"name": "id"}],
+ "action_categories": [{"name": "action-type"}]
+ }],
+
+ "rules": [{
+ "meta_rule": {"name" : "rbac"},
+ "rule": {"subject_data" : [{"name":"admin"}], "object_data": [{"name": "vm0"}], "action_data": [{"name": "vm-action"}]},
+ "policy": {"name" :"RBAC policy example"},
+ "instructions" : {"decision" : "grant"},
+ "enabled": true
+ }, {
+ "meta_rule": {"name" : "rbac"},
+ "rule": {"subject_data" : [{"name":"employee"}], "object_data": [{"name": "vm1"}], "action_data": [{"name": "vm-action"}]},
+ "policy": {"name" :"RBAC policy example"},
+ "instructions" : {"decision" : "grant"}
+ }]
+
+
+
+
+} \ No newline at end of file
diff --git a/old/moon_manager/tests/functional_pod/run_functional_tests.sh b/old/moon_manager/tests/functional_pod/run_functional_tests.sh
new file mode 100644
index 00000000..960e9480
--- /dev/null
+++ b/old/moon_manager/tests/functional_pod/run_functional_tests.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+if [ -d /data/dist ];
+then
+ pip install /data/dist/*.tar.gz --upgrade
+ pip install /data/dist/*.whl --upgrade
+fi
+
+
+cd /data/tests/functional_pod
+pytest .
diff --git a/old/moon_manager/tests/functional_pod/test_manager.py b/old/moon_manager/tests/functional_pod/test_manager.py
new file mode 100644
index 00000000..454d861b
--- /dev/null
+++ b/old/moon_manager/tests/functional_pod/test_manager.py
@@ -0,0 +1,116 @@
+import json
+import requests
+
+def test_import_rbac(context):
+ files = {'file': open('/data/tests/functional_pod/json/rbac.json', 'r')}
+ req = requests.post("http://{}:{}/import".format(
+ context.get("hostname"),
+ context.get("port"))
+ , files=files)
+ print(req)
+ result = req.json()
+ print(result)
+ req.raise_for_status()
+
+def test_import_mls(context):
+ files = {'file': open('/data/tests/functional_pod/json/mls.json', 'r')}
+ req = requests.post("http://{}:{}/import".format(
+ context.get("hostname"),
+ context.get("port"))
+ , files=files)
+ req.raise_for_status()
+
+
+def test_export_rbac(context):
+ test_import_rbac(context)
+ req = requests.get("http://{}:{}/export".format(
+ context.get("hostname"),
+ context.get("port")),
+ data={"filename":"/data/tests/functional_pod/json/rbac_export.json"}
+ )
+ req.raise_for_status()
+
+
+def test_export_mls(context):
+ test_import_mls(context)
+ req = requests.get("http://{}:{}/export".format(
+ context.get("hostname"),
+ context.get("port")),
+ data={"filename":"/data/tests/functional_pod/json/mls_export.json"}
+ )
+ req.raise_for_status()
+
+
+def get_json(data):
+ return json.loads(data.decode("utf-8"))
+
+
+def get_pdp(context):
+ req = requests.get("http://{}:{}/pdp".format(
+ context.get("hostname"),
+ context.get("port")),
+ timeout=3)
+ pdp = req.json()
+ return req, pdp
+
+
+def add_pdp(context, data):
+ req = requests.post("http://{}:{}/pdp".format(
+ context.get("hostname"),
+ context.get("port")),
+ data=json.dumps(data),
+ headers={'Content-Type': 'application/json'},
+ timeout=3)
+ pdp = req.json()
+ return req, pdp
+
+
+def delete_pdp(context, key):
+ req = requests.delete("http://{}:{}/pdp/{}".format(
+ context.get("hostname"),
+ context.get("port"), key),
+ timeout=3)
+ return req
+
+
+def delete_pdp_without_id(context):
+ req = requests.delete("http://{}:{}/pdp/{}".format(
+ context.get("hostname"),
+ context.get("port"), ""),
+ timeout=3)
+ return req
+
+
+def test_get_pdp(context):
+ req, pdp = get_pdp(context)
+ assert req.status_code == 200
+ assert isinstance(pdp, dict)
+ assert "pdps" in pdp
+
+
+def test_add_pdp(context):
+ data = {
+ "name": "testuser",
+ "security_pipeline": ["policy_id_1", "policy_id_2"],
+ "keystone_project_id": "keystone_project_id",
+ "description": "description of testuser"
+ }
+ req, pdp = add_pdp(context, data)
+ assert req.status_code == 200
+ assert isinstance(pdp, dict)
+ value = list(pdp["pdps"].values())[0]
+ assert "pdps" in pdp
+ assert value['name'] == "testuser"
+ assert value["description"] == "description of {}".format("testuser")
+ assert value["keystone_project_id"] == "keystone_project_id"
+
+
+def test_delete_pdp(context):
+ request, pdp = get_pdp(context)
+ success_req = None
+ for key, value in pdp['pdps'].items():
+ if value['name'] == "testuser":
+ success_req = delete_pdp(context, key)
+ break
+ assert success_req
+ assert success_req.status_code == 200
diff --git a/old/moon_manager/tests/functional_pod/test_models.py b/old/moon_manager/tests/functional_pod/test_models.py
new file mode 100644
index 00000000..8b4ceef5
--- /dev/null
+++ b/old/moon_manager/tests/functional_pod/test_models.py
@@ -0,0 +1,79 @@
+import json
+import requests
+
+
+def get_models(context):
+ req = requests.get("http://{}:{}/models".format(
+ context.get("hostname"),
+ context.get("port")),
+ timeout=3)
+ models = req.json()
+ return req, models
+
+
+def add_models(context, name):
+ data = {
+ "name": name,
+ "description": "description of {}".format(name),
+ "meta_rules": ["meta_rule_id1", "meta_rule_id2"]
+ }
+ req = requests.post("http://{}:{}/models".format(
+ context.get("hostname"),
+ context.get("port")),
+ data=json.dumps(data),
+ headers={'Content-Type': 'application/json'},
+ timeout=3)
+ models = req.json()
+ return req, models
+
+
+def delete_models(context, name):
+ _, models = get_models(context)
+ request = None
+ for key, value in models['models'].items():
+ if value['name'] == name:
+ request = requests.delete("http://{}:{}/models/{}".format(
+ context.get("hostname"),
+ context.get("port"),
+ key),
+ timeout=3)
+ break
+ return request
+
+
+def delete_models_without_id(context):
+ req = requests.delete("http://{}:{}/models/{}".format(
+ context.get("hostname"),
+ context.get("port"),
+ ""),
+ timeout=3)
+ return req
+
+
+def test_get_models(context):
+ req, models = get_models(context)
+ assert req.status_code == 200
+ assert isinstance(models, dict)
+ assert "models" in models
+
+
+def test_add_models(context):
+ req, models = add_models(context, "testuser")
+ assert req.status_code == 200
+ assert isinstance(models, dict)
+ value = list(models["models"].values())[0]
+ assert "models" in models
+ assert value['name'] == "testuser"
+ assert value["description"] == "description of {}".format("testuser")
+ assert value["meta_rules"][0] == "meta_rule_id1"
+
+
+def test_delete_models(context):
+ req = delete_models(context, "testuser")
+ assert req.status_code == 200
+
+
+def test_delete_models_without_id(context):
+ req = delete_models_without_id(context)
+ assert req.status_code == 500
+