diff options
Diffstat (limited to 'old/python_moondb')
47 files changed, 8267 insertions, 0 deletions
diff --git a/old/python_moondb/.gitignore b/old/python_moondb/.gitignore new file mode 100644 index 00000000..9c29724f --- /dev/null +++ b/old/python_moondb/.gitignore @@ -0,0 +1,106 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +/tests/unit_python/database.db diff --git a/old/python_moondb/Changelog b/old/python_moondb/Changelog new file mode 100644 index 00000000..9236c260 --- /dev/null +++ b/old/python_moondb/Changelog @@ -0,0 +1,128 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +CHANGES +======= + +0.1.0 +----- +- First version of the moon_db library. + +1.0.0 +----- +- First public version of the moon_db library. + +1.0.1 +----- +- Update setup.py to force the installation of requirements. + +1.0.2 +----- +- Test PyPi upload + +1.0.3 +----- +- Fix a bug in core.py +- Update db_manager + +1.1.0 +----- +- When adding a subject, check the existence of that user in the Keystone DB and + create it if necessary + +1.2.0 +----- +- Update the db_manager in order to use it for tests + +1.2.1 +----- +- Update moon_db_manager in order to use it for unit tests + +1.2.2 +----- +- Fix a bug in moon_db_manager + +1.2.3 +----- +- Cleanup moon_db code + +1.2.4 +----- +- Update the name of the library (from moon_db) + +1.2.5 +----- +- Code cleaning + +1.2.6 +----- +- Remove some code duplication in moon_db +- handle the extra field for the perimeter + +1.2.7 +----- +- Fix some bugs + +1.2.8 +----- +- Add unique constraints on db tables + +1.2.9 +----- +- Add some verifications when deleting some elements in database + +1.2.10 +----- +- Update the migration script because of a bug introduced in 1.2.8 in rule table +- Fix bugs due to the previous version + +1.2.11 +------ +- adding test cases for perimeter +- adding subject_object_action to model_test +- update import of exception +- add unit_test to test_model +- add validation for not accepting blank perimeter name or category name + +1.2.12 +------ +- Fix the SubjectExisting exception problem + +1.2.13 +------ +- Add validations and refactor test cases + +1.2.14 +------ +- Fix some bugs for the manager and clean the code + +1.2.15 +------ +- Fix test cases after removing syntax error in exceptions + +1.2.16 +------ +- Fix the "key length error" in meta_rule table + +1.2.17 +------ +- adding extra validation for addition and deletion dependencies + +1.2.18 +------ +- adding changelog + +1.2.19 +------ +- adding extra validation for update requests + +1.2.20 +------ +- adding extra validation of rule content +- update validation for category with meta-rule dependencies +- update validation on updating meta-rule +- applying PyLint +- fixing Jira issues related to update policy
\ No newline at end of file diff --git a/old/python_moondb/LICENSE b/old/python_moondb/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/old/python_moondb/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/old/python_moondb/MANIFEST.in b/old/python_moondb/MANIFEST.in new file mode 100644 index 00000000..02655837 --- /dev/null +++ b/old/python_moondb/MANIFEST.in @@ -0,0 +1,10 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +include README.md +include LICENSE +include setup.py +include requirements.txt +graft bin
\ No newline at end of file diff --git a/old/python_moondb/README.md b/old/python_moondb/README.md new file mode 100644 index 00000000..d36c6ae3 --- /dev/null +++ b/old/python_moondb/README.md @@ -0,0 +1,32 @@ +# python_moondb + +This package contains the database module for the Moon project +It is designed to provide a driver to access the Moon database. + +For any other information, refer to the parent project: + + https://git.opnfv.org/moon + +## Build +### Build Python Package +```bash +cd ${MOON_HOME}/python_moondb +python3 setup.py sdist bdist_wheel +``` + +### Push Python Package to PIP +```bash +cd ${MOON_HOME}/python_moondb +gpg --detach-sign -u "${GPG_ID}" -a dist/python_moondb-X.Y.Z-py3-none-any.whl +gpg --detach-sign -u "${GPG_ID}" -a dist/python_moondb-X.Y.Z.tar.gz +twine upload dist/python_moondb-X.Y.Z-py3-none-any.whl dist/python_moondb-X.Y.Z-py3-none-any.whl.asc +twine upload dist/python_moondb-X.Y.Z.tar.gz dist/python_moondb-X.Y.Z.tar.gz.asc +``` + +## Test +### Python Unit Test +launch Docker for Python unit tests +```bash +cd ${MOON_HOME}/python_moondb +docker run --rm --volume $(pwd):/data wukongsun/moon_python_unit_test:latest +```
\ No newline at end of file diff --git a/old/python_moondb/bin/drop_tables.sql b/old/python_moondb/bin/drop_tables.sql new file mode 100644 index 00000000..f5f65ea7 --- /dev/null +++ b/old/python_moondb/bin/drop_tables.sql @@ -0,0 +1,18 @@ +use moon; +drop table action_assignments; +drop table object_assignments; +drop table subject_assignments; +drop table subject_scopes; +drop table action_scopes; +drop table object_scopes; +drop table action_categories; +drop table subject_categories; +drop table object_categories; +drop table rules; +drop table sub_meta_rules; +drop table actions; +drop table objects; +drop table subjects; +drop table tenants; +drop table intra_extensions; +show tables; diff --git a/old/python_moondb/python_moondb/__init__.py b/old/python_moondb/python_moondb/__init__.py new file mode 100644 index 00000000..37c9a725 --- /dev/null +++ b/old/python_moondb/python_moondb/__init__.py @@ -0,0 +1,6 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +__version__ = "1.2.20" diff --git a/old/python_moondb/python_moondb/api/__init__.py b/old/python_moondb/python_moondb/api/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/old/python_moondb/python_moondb/api/__init__.py diff --git a/old/python_moondb/python_moondb/api/keystone.py b/old/python_moondb/python_moondb/api/keystone.py new file mode 100644 index 00000000..57521c36 --- /dev/null +++ b/old/python_moondb/python_moondb/api/keystone.py @@ -0,0 +1,105 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import os +import requests +import json +from uuid import uuid4 +import logging +from python_moonutilities import exceptions, configuration +from python_moonutilities.security_functions import filter_input, login, logout +from python_moondb.api.managers import Managers + +logger = logging.getLogger("moon.db.api.keystone") + + +class KeystoneManager(Managers): + + def __init__(self, connector=None): + self.driver = connector.driver + Managers.KeystoneManager = self + conf = configuration.get_configuration("openstack/keystone")['openstack/keystone'] + + self.__url = conf['url'] + self.__user = conf['user'] + self.__password = conf['password'] + self.__domain = conf['domain'] + self.__project = conf['project'] + try: + os.environ.pop("http_proxy") + os.environ.pop("https_proxy") + except KeyError: + pass + + def __get(self, endpoint, _exception=exceptions.KeystoneError): + _headers = login() + req = requests.get("{}{}".format(self.__url, endpoint), headers=_headers, verify=False) + if req.status_code not in (200, 201): + logger.error(req.text) + raise _exception + data = req.json() + logout(_headers) + return data + + def __post(self, endpoint, data=None, _exception=exceptions.KeystoneError): + _headers = login() + req = requests.post("{}{}".format(self.__url, endpoint), + data=json.dumps(data), + headers=_headers, verify=False) + if req.status_code == 409: + logger.warning(req.text) + raise exceptions.KeystoneUserConflict + if req.status_code not in (200, 201): + logger.error(req.text) + raise _exception + data = req.json() + logout(_headers) + return data + + def list_projects(self): + return self.__get(endpoint="/projects/", _exception=exceptions.KeystoneProjectError) + + @filter_input + def create_project(self, tenant_dict): + if "name" not in tenant_dict: + raise exceptions.KeystoneProjectError("Cannot get the project name.") + _project = { + "project": { + "description": tenant_dict['description'] if 'description' in tenant_dict else "", + "domain_id": tenant_dict['domain'] if 'domain' in tenant_dict else "default", + "enabled": True, + "is_domain": False, + "name": tenant_dict['name'] + } + } + return self.__post(endpoint="/projects/", + data=_project, + _exception=exceptions.KeystoneProjectError) + + @filter_input + def get_user_by_name(self, username, domain_id="default"): + return self.__get(endpoint="/users?name={}&domain_id={}".format(username, domain_id), + _exception=exceptions.KeystoneUserError) + + @filter_input + def create_user(self, subject_dict): + _user = { + "user": { + "enabled": True, + "name": subject_dict['name'] if 'name' in subject_dict else uuid4().hex, + } + } + if 'project' in subject_dict: + _user['user']['default_project_id'] = subject_dict['project'] + if 'domain' in subject_dict: + _user['user']['domain_id'] = subject_dict['domain'] + if 'password' in subject_dict: + _user['user']['password'] = subject_dict['password'] + try: + return self.__post(endpoint="/users/", + data=_user, + _exception=exceptions.KeystoneUserError) + except exceptions.KeystoneUserConflict: + return True diff --git a/old/python_moondb/python_moondb/api/managers.py b/old/python_moondb/python_moondb/api/managers.py new file mode 100644 index 00000000..414725f6 --- /dev/null +++ b/old/python_moondb/python_moondb/api/managers.py @@ -0,0 +1,16 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import logging + +logger = logging.getLogger("moon.db.api.managers") + + +class Managers(object): + """Object that links managers together""" + ModelManager = None + KeystoneManager = None + PDPManager = None + PolicyManager = None diff --git a/old/python_moondb/python_moondb/api/model.py b/old/python_moondb/python_moondb/api/model.py new file mode 100644 index 00000000..4f6c34cb --- /dev/null +++ b/old/python_moondb/python_moondb/api/model.py @@ -0,0 +1,338 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from uuid import uuid4 +import logging +from python_moonutilities import exceptions +from python_moonutilities.security_functions import filter_input, enforce +from python_moondb.api.managers import Managers +import copy + +logger = logging.getLogger("moon.db.api.model") + + +class ModelManager(Managers): + + def __init__(self, connector=None): + self.driver = connector.driver + Managers.ModelManager = self + + @enforce(("read", "write"), "models") + def update_model(self, user_id, model_id, value): + if model_id not in self.driver.get_models(model_id=model_id): + raise exceptions.ModelUnknown + + if not value['name'].strip(): + raise exceptions.ModelContentError('Model name invalid') + + if 'meta_rules' not in value: + raise exceptions.MetaRuleUnknown + + if not value['name']: + raise exceptions.ModelContentError + + model = self.get_models(user_id=user_id, model_id=model_id) + model = model[next(iter(model))] + if ((model['meta_rules'] and value['meta_rules'] and model['meta_rules'] != value[ + 'meta_rules']) \ + or (model['meta_rules'] and not value['meta_rules'])): + policies = Managers.PolicyManager.get_policies(user_id=user_id) + for policy_id in policies: + if policies[policy_id]["model_id"] == model_id: + raise exceptions.DeleteModelWithPolicy + + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if not self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown + + return self.driver.update_model(model_id=model_id, value=value) + + @enforce(("read", "write"), "models") + def delete_model(self, user_id, model_id): + if model_id not in self.driver.get_models(model_id=model_id): + raise exceptions.ModelUnknown + # TODO (asteroide): check that no policy is connected to this model + policies = Managers.PolicyManager.get_policies(user_id=user_id) + for policy in policies: + if policies[policy]['model_id'] == model_id: + raise exceptions.DeleteModelWithPolicy + return self.driver.delete_model(model_id=model_id) + + @enforce(("read", "write"), "models") + def add_model(self, user_id, model_id=None, value=None): + + if not value['name']: + raise exceptions.ModelContentError + + if not value['name'].strip(): + raise exceptions.ModelContentError('Model name invalid') + + models = self.driver.get_models() + if model_id in models: + raise exceptions.ModelExisting + + for model in models: + if models[model]['name'] == value['name']: + raise exceptions.ModelExisting("Model Name Existed") + same_meta_rule_counter = 0 + for meta_rule_id in models[model]['meta_rules']: + if meta_rule_id in value['meta_rules']: + same_meta_rule_counter += 1 + if same_meta_rule_counter == len(value['meta_rules']) and \ + len(models[model]['meta_rules']) == len(value['meta_rules']): + raise exceptions.ModelExisting("Meta Rules List Existed in another Model") + + if not model_id: + model_id = uuid4().hex + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if not meta_rule_id: + raise exceptions.MetaRuleUnknown + meta_rule = self.driver.get_meta_rules(meta_rule_id=meta_rule_id) + if not meta_rule: + raise exceptions.MetaRuleUnknown + + meta_rule_content = meta_rule[next(iter(meta_rule))] + if (not meta_rule_content['subject_categories']) or ( + not meta_rule_content['object_categories']) or ( + not meta_rule_content['action_categories']): + raise exceptions.MetaRuleContentError + + return self.driver.add_model(model_id=model_id, value=value) + + @enforce("read", "models") + def get_models(self, user_id, model_id=None): + return self.driver.get_models(model_id=model_id) + + @enforce(("read", "write"), "meta_rules") + def update_meta_rule(self, user_id, meta_rule_id, value): + meta_rules=self.driver.get_meta_rules() + if not meta_rule_id or meta_rule_id not in meta_rules: + raise exceptions.MetaRuleUnknown + self.__check_meta_rule_dependencies(user_id=user_id, meta_rule_id=meta_rule_id) + if value: + if 'subject_categories' in value: + for subject_category_id in value['subject_categories']: + if not subject_category_id or not self.driver.get_subject_categories( + category_id=subject_category_id): + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + for object_category_id in value['object_categories']: + if not object_category_id or not self.driver.get_object_categories( + category_id=object_category_id): + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + for action_category_id in value['action_categories']: + if not action_category_id or not self.driver.get_action_categories( + category_id=action_category_id): + raise exceptions.ActionCategoryUnknown + + for meta_rule_obj_id in meta_rules: + counter_matched_list = 0 + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'], + value['subject_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'], + value['object_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'], + value['action_categories']) + if counter_matched_list == 3 and meta_rule_obj_id!=meta_rule_id: + raise exceptions.MetaRuleExisting("Same categories combination existed") + + return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) + + def __check_meta_rule_dependencies(self, user_id, meta_rule_id): + policies = Managers.PolicyManager.get_policies(user_id=user_id) + for policy_id in policies: + rules = Managers.PolicyManager.get_rules(user_id=user_id, policy_id=policy_id, + meta_rule_id=meta_rule_id) + if len(rules['rules']): + raise exceptions.MetaRuleUpdateError + + @enforce("read", "meta_rules") + def get_meta_rules(self, user_id, meta_rule_id=None): + return self.driver.get_meta_rules(meta_rule_id=meta_rule_id) + + @enforce(("read", "write"), "meta_rules") + def add_meta_rule(self, user_id, meta_rule_id=None, value=None): + + if not value['name']: + raise exceptions.MetaRuleContentError + + meta_rules = self.driver.get_meta_rules() + + if meta_rule_id in meta_rules: + raise exceptions.MetaRuleExisting + + if value: + if 'subject_categories' in value: + for subject_category_id in value['subject_categories']: + if not self.driver.get_subject_categories(category_id=subject_category_id): + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + for object_category_id in value['object_categories']: + if not self.driver.get_object_categories(category_id=object_category_id): + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + for action_category_id in value['action_categories']: + if not self.driver.get_action_categories(category_id=action_category_id): + raise exceptions.ActionCategoryUnknown + + for meta_rule_obj_id in meta_rules: + counter_matched_list = 0 + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['subject_categories'], + value['subject_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['object_categories'], + value['object_categories']) + counter_matched_list += self.check_combination(meta_rules[meta_rule_obj_id]['action_categories'], + value['action_categories']) + if counter_matched_list == 3: + raise exceptions.MetaRuleExisting("Same categories combination existed") + + return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) + + @enforce(("read", "write"), "meta_rules") + def check_combination(self, list_one, list_two): + counter_removed_items = 0 + temp_list_two = copy.deepcopy(list_two) + for item in list_one: + if item in temp_list_two: + temp_list_two.remove(item) + counter_removed_items += 1 + + if counter_removed_items == len(list_two) and len(list_two) == len(list_one) and len(list_two): + return 1 + return 0 + + @enforce(("read", "write"), "meta_rules") + def delete_meta_rule(self, user_id, meta_rule_id=None): + if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown + # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule + models = self.get_models(user_id=user_id) + for model_id in models: + for id in models[model_id]['meta_rules']: + if id == meta_rule_id: + raise exceptions.DeleteMetaRuleWithModel + return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id) + + @enforce("read", "meta_data") + def get_subject_categories(self, user_id, category_id=None): + return self.driver.get_subject_categories(category_id=category_id) + + @enforce(("read", "write"), "meta_data") + def add_subject_category(self, user_id, category_id=None, value=None): + subject_categories = self.driver.get_subject_categories(category_id=category_id) + + if not value['name']: + raise exceptions.CategoryNameInvalid + + if category_id in subject_categories: + raise exceptions.SubjectCategoryExisting + + return self.driver.add_subject_category(name=value["name"], + description=value["description"], uuid=category_id) + + @enforce(("read", "write"), "meta_data") + def delete_subject_category(self, user_id, category_id): + # TODO (asteroide): delete all data linked to that category + # TODO (asteroide): delete all meta_rules linked to that category + if category_id not in self.driver.get_subject_categories(category_id=category_id): + raise exceptions.SubjectCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: + logger.info( + "delete_subject_category {} {}".format(subject_category_id, meta_rule_id)) + logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id])) + if subject_category_id == category_id: + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteSubjectCategoryWithMetaRule + + if self.driver.is_subject_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + + if self.driver.is_subject_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData + + return self.driver.delete_subject_category(category_id=category_id) + + @enforce("read", "meta_data") + def get_object_categories(self, user_id, category_id=None): + return self.driver.get_object_categories(category_id) + + @enforce(("read", "write"), "meta_data") + def add_object_category(self, user_id, category_id=None, value=None): + if not value['name']: + raise exceptions.CategoryNameInvalid + + object_categories = self.driver.get_object_categories(category_id=category_id) + if category_id in object_categories: + raise exceptions.ObjectCategoryExisting + + return self.driver.add_object_category(name=value["name"], description=value["description"], + uuid=category_id) + + @enforce(("read", "write"), "meta_data") + def delete_object_category(self, user_id, category_id): + # TODO (asteroide): delete all data linked to that category + # TODO (asteroide): delete all meta_rules linked to that category + if category_id not in self.driver.get_object_categories(category_id=category_id): + raise exceptions.ObjectCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for object_category_id in meta_rules[meta_rule_id]['object_categories']: + if object_category_id == category_id: + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteObjectCategoryWithMetaRule + + if self.driver.is_object_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + + if self.driver.is_object_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData + + return self.driver.delete_object_category(category_id=category_id) + + @enforce("read", "meta_data") + def get_action_categories(self, user_id, category_id=None): + return self.driver.get_action_categories(category_id=category_id) + + @enforce(("read", "write"), "meta_data") + def add_action_category(self, user_id, category_id=None, value=None): + + if not value['name']: + raise exceptions.CategoryNameInvalid + + action_categories = self.driver.get_action_categories(category_id=category_id) + if category_id in action_categories: + raise exceptions.ActionCategoryExisting + + return self.driver.add_action_category(name=value["name"], description=value["description"], + uuid=category_id) + + @enforce(("read", "write"), "meta_data") + def delete_action_category(self, user_id, category_id): + # TODO (asteroide): delete all data linked to that category + # TODO (asteroide): delete all meta_rules linked to that category + if category_id not in self.driver.get_action_categories(category_id=category_id): + raise exceptions.ActionCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for action_category_id in meta_rules[meta_rule_id]['action_categories']: + if action_category_id == category_id: + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteActionCategoryWithMetaRule + + if self.driver.is_action_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + + if self.driver.is_action_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData + + return self.driver.delete_action_category(category_id=category_id) diff --git a/old/python_moondb/python_moondb/api/pdp.py b/old/python_moondb/python_moondb/api/pdp.py new file mode 100644 index 00000000..d0a071c9 --- /dev/null +++ b/old/python_moondb/python_moondb/api/pdp.py @@ -0,0 +1,51 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from uuid import uuid4 +import logging +from python_moonutilities.security_functions import enforce +from python_moondb.api.managers import Managers +from python_moonutilities import exceptions + +logger = logging.getLogger("moon.db.api.pdp") + + +class PDPManager(Managers): + + def __init__(self, connector=None): + self.driver = connector.driver + Managers.PDPManager = self + + @enforce(("read", "write"), "pdp") + def update_pdp(self, user_id, pdp_id, value): + if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id): + raise exceptions.PdpUnknown + if value and 'security_pipeline' in value: + for policy_id in value['security_pipeline']: + if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown + return self.driver.update_pdp(pdp_id=pdp_id, value=value) + + @enforce(("read", "write"), "pdp") + def delete_pdp(self, user_id, pdp_id): + if pdp_id not in self.driver.get_pdp(pdp_id=pdp_id): + raise exceptions.PdpUnknown + return self.driver.delete_pdp(pdp_id=pdp_id) + + @enforce(("read", "write"), "pdp") + def add_pdp(self, user_id, pdp_id=None, value=None): + if pdp_id in self.driver.get_pdp(pdp_id=pdp_id): + raise exceptions.PdpExisting + if not pdp_id: + pdp_id = uuid4().hex + if value and 'security_pipeline' in value: + for policy_id in value['security_pipeline']: + if not Managers.PolicyManager.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown + return self.driver.add_pdp(pdp_id=pdp_id, value=value) + + @enforce("read", "pdp") + def get_pdp(self, user_id, pdp_id=None): + return self.driver.get_pdp(pdp_id=pdp_id) diff --git a/old/python_moondb/python_moondb/api/policy.py b/old/python_moondb/python_moondb/api/policy.py new file mode 100644 index 00000000..03a93ff5 --- /dev/null +++ b/old/python_moondb/python_moondb/api/policy.py @@ -0,0 +1,751 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from uuid import uuid4 +import logging +from python_moonutilities.security_functions import enforce +from python_moondb.api.managers import Managers +from python_moonutilities import exceptions + +# from python_moondb.core import PDPManager + +logger = logging.getLogger("moon.db.api.policy") + + +class PolicyManager(Managers): + + def __init__(self, connector=None): + self.driver = connector.driver + Managers.PolicyManager = self + + def get_policy_from_meta_rules(self, user_id, meta_rule_id): + policies = self.PolicyManager.get_policies("admin") + models = self.ModelManager.get_models("admin") + for pdp_key, pdp_value in self.PDPManager.get_pdp(user_id).items(): + if 'security_pipeline' not in pdp_value: + raise exceptions.PdpContentError + for policy_id in pdp_value["security_pipeline"]: + if not policies or policy_id not in policies: + raise exceptions.PolicyUnknown + model_id = policies[policy_id]["model_id"] + if not models: + raise exceptions.ModelUnknown + if model_id not in models: + raise exceptions.ModelUnknown + if meta_rule_id in models[model_id]["meta_rules"]: + return policy_id + + @enforce(("read", "write"), "policies") + def update_policy(self, user_id, policy_id, value): + + if not value or not value['name']: + raise exceptions.PolicyContentError + + policyList = self.driver.get_policies(policy_id=policy_id) + if not policy_id or policy_id not in policyList: + raise exceptions.PolicyUnknown + + policies = self.driver.get_policies(policy_name=value['name']) + if len(policies) and not (policy_id in policies): + raise exceptions.PolicyExisting("Policy name Existed") + + if 'model_id' in value and value['model_id']: + if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): + raise exceptions.ModelUnknown + + policy_obj = policyList[policy_id] + if (policy_obj["model_id"] and value["model_id"] != policy_obj["model_id"]): + + subjects = self.driver.get_subjects(policy_id=policy_id) + if subjects: + raise exceptions.PolicyUpdateError("Policy is used in subject") + objects = self.driver.get_objects(policy_id=policy_id) + if objects: + raise exceptions.PolicyUpdateError("Policy is used in object") + actions = self.driver.get_actions(policy_id=policy_id) + if actions: + raise exceptions.PolicyUpdateError("Policy is used in action") + + rules = self.driver.get_rules(policy_id=policy_id)["rules"] + if rules: + raise exceptions.PolicyUpdateError("Policy is used in rule") + + subject_data = self.get_subject_data(user_id, policy_id=policy_id) + if subject_data and subject_data[0]["data"]: + raise exceptions.PolicyUpdateError("Policy is used in subject_data") + object_data = self.get_object_data(user_id, policy_id=policy_id) + if object_data and object_data[0]["data"]: + raise exceptions.PolicyUpdateError("Policy is used in object_data") + action_data = self.get_action_data(user_id, policy_id=policy_id) + if action_data and action_data[0]["data"]: + raise exceptions.PolicyUpdateError("Policy is used in action_data") + + return self.driver.update_policy(policy_id=policy_id, value=value) + + @enforce(("read", "write"), "policies") + def delete_policy(self, user_id, policy_id): + # TODO (asteroide): unmap PDP linked to that policy + if policy_id not in self.driver.get_policies(policy_id=policy_id): + raise exceptions.PolicyUnknown + pdps = self.PDPManager.get_pdp(user_id=user_id) + for pdp in pdps: + for policy_id in pdps[pdp]['security_pipeline']: + if policy_id == policy_id: + raise exceptions.DeletePolicyWithPdp + subjects = self.driver.get_subjects(policy_id=policy_id) + if subjects: + raise exceptions.DeletePolicyWithPerimeter + objects = self.driver.get_objects(policy_id=policy_id) + if objects: + raise exceptions.DeletePolicyWithPerimeter + actions = self.driver.get_actions(policy_id=policy_id) + if actions: + raise exceptions.DeletePolicyWithPerimeter + + rules = self.driver.get_rules(policy_id=policy_id)["rules"] + if rules: + raise exceptions.DeletePolicyWithRules + + subject_data = self.get_subject_data(user_id, policy_id=policy_id) + if subject_data and subject_data[0]["data"]: + raise exceptions.DeletePolicyWithData + object_data = self.get_object_data(user_id, policy_id=policy_id) + if object_data and object_data[0]["data"]: + raise exceptions.DeletePolicyWithData + action_data = self.get_action_data(user_id, policy_id=policy_id) + if action_data and action_data[0]["data"]: + raise exceptions.DeletePolicyWithData + + return self.driver.delete_policy(policy_id=policy_id) + + @enforce(("read", "write"), "policies") + def add_policy(self, user_id, policy_id=None, value=None): + + if not value or not value['name']: + raise exceptions.PolicyContentError + if policy_id in self.driver.get_policies(policy_id=policy_id): + raise exceptions.PolicyExisting + + if len(self.driver.get_policies(policy_name=value['name'])): + raise exceptions.PolicyExisting("Policy name Existed") + + if not policy_id: + policy_id = uuid4().hex + if 'model_id' in value and value['model_id'] != "": + if not Managers.ModelManager.get_models(user_id, model_id=value['model_id']): + raise exceptions.ModelUnknown + return self.driver.add_policy(policy_id=policy_id, value=value) + + @enforce("read", "policies") + def get_policies(self, user_id, policy_id=None): + return self.driver.get_policies(policy_id=policy_id) + + @enforce("read", "perimeter") + def get_subjects(self, user_id, policy_id, perimeter_id=None): + # if not policy_id: + # raise exceptions.PolicyUnknown + if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown + return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id) + + @enforce(("read", "write"), "perimeter") + def add_subject(self, user_id, policy_id, perimeter_id=None, value=None): + + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterContentError('invalid name') + + if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown + + if perimeter_id: + subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id) + if subjects and subjects[perimeter_id]['name'] != value['name']: + raise exceptions.PerimeterContentError + + if not perimeter_id: + subject_per = self.driver.get_subject_by_name(value['name']) + if len(subject_per): + perimeter_id = next(iter(subject_per)) + + k_user = Managers.KeystoneManager.get_user_by_name(value.get('name')) + if not k_user['users']: + k_user = Managers.KeystoneManager.create_user(value) + if not perimeter_id: + try: + logger.info("k_user={}".format(k_user)) + perimeter_id = k_user['users'][0].get('id', uuid4().hex) + except IndexError: + k_user = Managers.KeystoneManager.get_user_by_name( + value.get('name')) + perimeter_id = uuid4().hex + except KeyError: + k_user = Managers.KeystoneManager.get_user_by_name( + value.get('name')) + perimeter_id = uuid4().hex + + value.update(k_user['users'][0]) + + return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") + def update_subject(self, user_id, perimeter_id, value): + logger.debug("update_subject perimeter_id = {}".format(perimeter_id)) + + if not perimeter_id: + raise exceptions.SubjectUnknown + + subjects = self.driver.get_subjects(policy_id=None, perimeter_id=perimeter_id) + if not subjects or not (perimeter_id in subjects): + raise exceptions.PerimeterContentError + + if 'policy_list' in value or ('name' in value and not value['name']): + raise exceptions.PerimeterContentError + + return self.driver.update_subject(perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") + def delete_subject(self, user_id, policy_id, perimeter_id): + + if not perimeter_id: + raise exceptions.SubjectUnknown + + if not policy_id: + raise exceptions.PolicyUnknown + + if not self.get_subjects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): + raise exceptions.SubjectUnknown + + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown + + subj_assig = self.driver.get_subject_assignments(policy_id=policy_id, + subject_id=perimeter_id) + if subj_assig: + raise exceptions.DeletePerimeterWithAssignment + + return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id) + + @enforce("read", "perimeter") + def get_objects(self, user_id, policy_id, perimeter_id=None): + # if not policy_id: + # pass + if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown + return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id) + + @enforce(("read", "write"), "perimeter") + def add_object(self, user_id, policy_id, perimeter_id=None, value=None): + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterContentError('invalid name') + + if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown + + if perimeter_id: + object_perimeter = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id) + if not object_perimeter: + raise exceptions.PerimeterContentError + + if not perimeter_id: + object_perimeter = self.driver.get_object_by_name(value['name']) + if len(object_perimeter): + perimeter_id = next(iter(object_perimeter)) + + if perimeter_id and object_perimeter[perimeter_id]['name'] != value['name']: + raise exceptions.PerimeterContentError + + if not perimeter_id: + perimeter_id = uuid4().hex + return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") + def update_object(self, user_id, perimeter_id, value): + logger.debug("update_object perimeter_id = {}".format(perimeter_id)) + + if not perimeter_id: + raise exceptions.ObjectUnknown + + objects = self.driver.get_objects(policy_id=None, perimeter_id=perimeter_id) + if not objects or not (perimeter_id in objects): + raise exceptions.PerimeterContentError + + if 'policy_list' in value or ('name' in value and not value['name']): + raise exceptions.PerimeterContentError + + return self.driver.update_object(perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") + def delete_object(self, user_id, policy_id, perimeter_id): + + if not perimeter_id: + raise exceptions.ObjectUnknown + + if not policy_id: + raise exceptions.PolicyUnknown + + if not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): + raise exceptions.ObjectUnknown + + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown + + obj_assig = self.driver.get_object_assignments(policy_id=policy_id, object_id=perimeter_id) + if obj_assig: + raise exceptions.DeletePerimeterWithAssignment + + return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id) + + @enforce("read", "perimeter") + def get_actions(self, user_id, policy_id, perimeter_id=None): + # if not policy_id: + # pass + if policy_id and (not self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown + return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id) + + @enforce(("read", "write"), "perimeter") + def add_action(self, user_id, policy_id, perimeter_id=None, value=None): + logger.debug("add_action {}".format(policy_id)) + + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterContentError('invalid name') + + if not policy_id or (not self.get_policies(user_id=user_id, policy_id=policy_id)): + raise exceptions.PolicyUnknown + + if perimeter_id: + action_perimeter = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id) + if not action_perimeter: + raise exceptions.PerimeterContentError + + if not perimeter_id: + action_perimeter = self.driver.get_action_by_name(value['name']) + if len(action_perimeter): + perimeter_id = next(iter(action_perimeter)) + + if perimeter_id and action_perimeter[perimeter_id]['name'] != value['name']: + raise exceptions.PerimeterContentError + + if not perimeter_id: + perimeter_id = uuid4().hex + + return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") + def update_action(self, user_id, perimeter_id, value): + logger.debug("update_action perimeter_id = {}".format(perimeter_id)) + + if not perimeter_id: + raise exceptions.ActionUnknown + + actions = self.driver.get_actions(policy_id=None, perimeter_id=perimeter_id) + if not actions or not (perimeter_id in actions): + raise exceptions.PerimeterContentError + + if 'policy_list' in value or ('name' in value and not value['name']): + raise exceptions.PerimeterContentError + + return self.driver.update_action(perimeter_id=perimeter_id, value=value) + + @enforce(("read", "write"), "perimeter") + def delete_action(self, user_id, policy_id, perimeter_id): + + if not perimeter_id: + raise exceptions.ActionUnknown + + if not policy_id: + raise exceptions.PolicyUnknown + + if not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=perimeter_id): + raise exceptions.ActionUnknown + + logger.debug("delete_action {}Â {}Â {}".format(policy_id, perimeter_id, + self.get_policies(user_id=user_id, + policy_id=policy_id))) + if not self.get_policies(user_id=user_id, policy_id=policy_id): + raise exceptions.PolicyUnknown + + act_assig = self.driver.get_action_assignments(policy_id=policy_id, action_id=perimeter_id) + if act_assig: + raise exceptions.DeletePerimeterWithAssignment + return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id) + + @enforce("read", "data") + def get_subject_data(self, user_id, policy_id, data_id=None, category_id=None): + available_metadata = self.get_available_metadata(user_id, policy_id) + results = [] + if not category_id: + for cat in available_metadata["subject"]: + results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id, + category_id=cat)) + if category_id and category_id in available_metadata["subject"]: + results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id, + category_id=category_id)) + return results + + @enforce(("read", "write"), "data") + def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id or ( + not Managers.ModelManager.get_subject_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.SubjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories') + + if not data_id: + data_id = uuid4().hex + return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, + category_id=category_id, value=value) + + @enforce(("read", "write"), "data") + def delete_subject_data(self, user_id, policy_id, data_id, category_id=None): + # TODO (asteroide): check and/or delete assignments linked to that data + subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id, + category_id=category_id) + if subject_assignments: + raise exceptions.DeleteData + return self.driver.delete_subject_data(policy_id=policy_id, category_id=category_id, + data_id=data_id) + + @enforce("read", "data") + def get_object_data(self, user_id, policy_id, data_id=None, category_id=None): + available_metadata = self.get_available_metadata(user_id, policy_id) + results = [] + if not category_id: + for cat in available_metadata["object"]: + results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id, + category_id=cat)) + if category_id and category_id in available_metadata["object"]: + results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id, + category_id=category_id)) + return results + + @enforce(("read", "write"), "data") + def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + + if not category_id or ( + not Managers.ModelManager.get_object_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ObjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories') + + if not data_id: + data_id = uuid4().hex + return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, + category_id=category_id, value=value) + + @enforce(("read", "write"), "data") + def delete_object_data(self, user_id, policy_id, data_id, category_id=None): + # TODO (asteroide): check and/or delete assignments linked to that data + object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id, + category_id=category_id) + if object_assignments: + raise exceptions.DeleteData + return self.driver.delete_object_data(policy_id=policy_id, category_id=category_id, + data_id=data_id) + + @enforce("read", "data") + def get_action_data(self, user_id, policy_id, data_id=None, category_id=None): + available_metadata = self.get_available_metadata(user_id, policy_id) + results = [] + if not category_id: + for cat in available_metadata["action"]: + results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, + category_id=cat)) + if category_id and category_id in available_metadata["action"]: + results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id, + category_id=category_id)) + return results + + @enforce(("read", "write"), "data") + def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None): + if not category_id or ( + not Managers.ModelManager.get_action_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ActionCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories') + + if not data_id: + data_id = uuid4().hex + return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, + category_id=category_id, value=value) + + @enforce(("read", "write"), "data") + def delete_action_data(self, user_id, policy_id, data_id, category_id=None): + # TODO (asteroide): check and/or delete assignments linked to that data + action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id, + category_id=category_id) + if action_assignments: + raise exceptions.DeleteData + return self.driver.delete_action_data(policy_id=policy_id, category_id=category_id, + data_id=data_id) + + @enforce("read", "assignments") + def get_subject_assignments(self, user_id, policy_id, subject_id=None, category_id=None): + return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) + + @enforce(("read", "write"), "assignments") + def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): + + if not category_id or ( + not Managers.ModelManager.get_subject_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.SubjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'subject_categories') + + if not subject_id or ( + not self.get_subjects(user_id=user_id, policy_id=policy_id, + perimeter_id=subject_id)): + raise exceptions.SubjectUnknown + + if not data_id or ( + not self.get_subject_data(user_id=user_id, policy_id=policy_id, data_id=data_id, + category_id=category_id)): + raise exceptions.DataUnknown + + return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id, + category_id=category_id, data_id=data_id) + + @enforce(("read", "write"), "assignments") + def delete_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id): + return self.driver.delete_subject_assignment(policy_id=policy_id, subject_id=subject_id, + category_id=category_id, data_id=data_id) + + @enforce("read", "assignments") + def get_object_assignments(self, user_id, policy_id, object_id=None, category_id=None): + return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id, + category_id=category_id) + + @enforce(("read", "write"), "assignments") + def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): + + if not category_id or ( + not Managers.ModelManager.get_object_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ObjectCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'object_categories') + + if not object_id or ( + not self.get_objects(user_id=user_id, policy_id=policy_id, perimeter_id=object_id)): + raise exceptions.ObjectUnknown + + if not data_id or ( + not self.get_object_data(user_id=user_id, policy_id=policy_id, data_id=data_id, + category_id=category_id)): + raise exceptions.DataUnknown + + return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id, + category_id=category_id, data_id=data_id) + + @enforce(("read", "write"), "assignments") + def delete_object_assignment(self, user_id, policy_id, object_id, category_id, data_id): + return self.driver.delete_object_assignment(policy_id=policy_id, object_id=object_id, + category_id=category_id, data_id=data_id) + + @enforce("read", "assignments") + def get_action_assignments(self, user_id, policy_id, action_id=None, category_id=None): + return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id, + category_id=category_id) + + @enforce(("read", "write"), "assignments") + def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): + + if not category_id or ( + not Managers.ModelManager.get_action_categories(user_id=user_id, + category_id=category_id)): + raise exceptions.ActionCategoryUnknown + + self.__category_dependency_validation(user_id, policy_id, category_id, 'action_categories') + + if not action_id or ( + not self.get_actions(user_id=user_id, policy_id=policy_id, perimeter_id=action_id)): + raise exceptions.ActionUnknown + + if not data_id or ( + not self.get_action_data(user_id=user_id, policy_id=policy_id, data_id=data_id, + category_id=category_id)): + raise exceptions.DataUnknown + + return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id, + category_id=category_id, data_id=data_id) + + @enforce(("read", "write"), "assignments") + def delete_action_assignment(self, user_id, policy_id, action_id, category_id, data_id): + return self.driver.delete_action_assignment(policy_id=policy_id, action_id=action_id, + category_id=category_id, data_id=data_id) + + @enforce("read", "rules") + def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None): + return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, + rule_id=rule_id) + + @enforce(("read", "write"), "rules") + def add_rule(self, user_id, policy_id, meta_rule_id, value): + if not meta_rule_id or ( + not self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)): + raise exceptions.MetaRuleUnknown + + self.__check_existing_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, user_id=user_id, + rule_value=value) + self.__dependencies_validation(user_id, policy_id, meta_rule_id) + + return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + + def __check_existing_rule(self, user_id, policy_id, meta_rule_id, rule_value): + + if not meta_rule_id: + raise exceptions.MetaRuleUnknown + + meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) + if not meta_rule: + raise exceptions.MetaRuleUnknown + + if len(meta_rule[meta_rule_id]['subject_categories']) + len( + meta_rule[meta_rule_id]['object_categories']) \ + + len(meta_rule[meta_rule_id]['action_categories']) > len(rule_value['rule']): + raise exceptions.RuleContentError(message="Missing Data") + + if len(meta_rule[meta_rule_id]['subject_categories']) + len( + meta_rule[meta_rule_id]['object_categories']) \ + + len(meta_rule[meta_rule_id]['action_categories']) < len(rule_value['rule']): + raise exceptions.MetaRuleContentError(message="Missing Data") + + temp_rule_data = list( + rule_value['rule'][0:len(meta_rule[meta_rule_id]['subject_categories'])]) + found_data_counter = 0 + start_sub = len(meta_rule[meta_rule_id]['subject_categories']) + + for sub_cat_id in meta_rule[meta_rule_id]['subject_categories']: + subjects_data = self.get_subject_data(user_id=user_id, + category_id=sub_cat_id, policy_id=policy_id) + found_data_counter = self.__validate_data_id(sub_cat_id, subjects_data[0]['data'], + temp_rule_data, + "Missing Subject_category " + , found_data_counter) + + if found_data_counter != len(meta_rule[meta_rule_id]['subject_categories']): + raise exceptions.RuleContentError(message="Missing Data") + + temp_rule_data = list( + rule_value['rule'][ + start_sub:start_sub + len(meta_rule[meta_rule_id]['object_categories'])]) + found_data_counter = 0 + start_sub = start_sub + len(meta_rule[meta_rule_id]['object_categories']) + + for ob_cat_id in meta_rule[meta_rule_id]['object_categories']: + object_data = self.get_object_data(user_id=user_id, + category_id=ob_cat_id, policy_id=policy_id) + + found_data_counter = self.__validate_data_id(ob_cat_id, object_data[0]['data'], + temp_rule_data, + "Missing Object_category ", + found_data_counter) + + if found_data_counter != len(meta_rule[meta_rule_id]['object_categories']): + raise exceptions.RuleContentError(message="Missing Data") + + temp_rule_data = list( + rule_value['rule'][ + start_sub:start_sub + len(meta_rule[meta_rule_id]['action_categories'])]) + found_data_counter = 0 + + for act_cat_id in meta_rule[meta_rule_id]['action_categories']: + action_data = self.get_action_data(user_id=user_id, category_id=act_cat_id, + policy_id=policy_id) + found_data_counter = self.__validate_data_id(act_cat_id, action_data[0]['data'], + temp_rule_data, + "Missing Action_category ", + found_data_counter) + + if found_data_counter != len(meta_rule[meta_rule_id]['action_categories']): + raise exceptions.RuleContentError(message="Missing Data") + + def __validate_data_id(self, cat_id, data_ids, temp_rule_data, error_msg, found_data_counter): + for ID in data_ids: + if ID in temp_rule_data: + temp_rule_data.remove(ID) + found_data_counter += 1 + # if no data id found in the rule, so rule not valid + if found_data_counter < 1: + raise exceptions.RuleContentError(message=error_msg + cat_id) + return found_data_counter + + @enforce(("read", "write"), "rules") + def delete_rule(self, user_id, policy_id, rule_id): + return self.driver.delete_rule(policy_id=policy_id, rule_id=rule_id) + + @enforce("read", "meta_data") + def get_available_metadata(self, user_id, policy_id): + categories = { + "subject": [], + "object": [], + "action": [] + } + policy = self.driver.get_policies(policy_id=policy_id) + if not policy: + raise exceptions.PolicyUnknown + model_id = policy[policy_id]["model_id"] + model = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id) + try: + meta_rule_list = model[model_id]["meta_rules"] + for meta_rule_id in meta_rule_list: + meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id, + meta_rule_id=meta_rule_id) + categories["subject"].extend(meta_rule[meta_rule_id]["subject_categories"]) + categories["object"].extend(meta_rule[meta_rule_id]["object_categories"]) + categories["action"].extend(meta_rule[meta_rule_id]["action_categories"]) + finally: + return categories + + def __dependencies_validation(self, user_id, policy_id, meta_rule_id=None): + + policies = self.get_policies(user_id=user_id, policy_id=policy_id) + if not policy_id or (not policies): + raise exceptions.PolicyUnknown + + policy_content = policies[next(iter(policies))] + model_id = policy_content['model_id'] + models = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id) + if not model_id or not models: + raise exceptions.ModelUnknown + + model_content = models[next(iter(models))] + if meta_rule_id: + meta_rule_exists = False + + for model_meta_rule_id in model_content['meta_rules']: + if model_meta_rule_id == meta_rule_id: + meta_rule_exists = True + break + + if not meta_rule_exists: + raise exceptions.MetaRuleNotLinkedWithPolicyModel + + meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id) + meta_rule_content = meta_rule[next(iter(meta_rule))] + if (not meta_rule_content['subject_categories']) or ( + not meta_rule_content['object_categories']) or ( + not meta_rule_content['action_categories']): + raise exceptions.MetaRuleContentError + return model_content + + def __category_dependency_validation(self, user_id, policy_id, category_id, category_key): + model = self.__dependencies_validation(user_id=user_id, policy_id=policy_id) + category_found = False + for model_meta_rule_id in model['meta_rules']: + meta_rule = self.ModelManager.get_meta_rules(user_id=user_id, + meta_rule_id=model_meta_rule_id) + meta_rule_content = meta_rule[next(iter(meta_rule))] + if meta_rule_content[category_key] and category_id in meta_rule_content[category_key]: + category_found = True + break + + if not category_found: + raise exceptions.CategoryNotAssignedMetaRule diff --git a/old/python_moondb/python_moondb/backends/__init__.py b/old/python_moondb/python_moondb/backends/__init__.py new file mode 100644 index 00000000..6f1cd3d5 --- /dev/null +++ b/old/python_moondb/python_moondb/backends/__init__.py @@ -0,0 +1,96 @@ +""" +intra_extensions = { + intra_extension_id1: { + name: xxx, + model: yyy, + description: zzz}, + intra_extension_id2: {...}, + ... +} + +tenants = { + tenant_id1: { + name: xxx, + description: yyy, + intra_authz_extension_id: zzz, + intra_admin_extension_id: zzz, + }, + tenant_id2: {...}, + ... +} + +--------------- for each intra-extension ----------------- + +subject_categories = { + subject_category_id1: { + name: xxx, + description: yyy}, + subject_category_id2: {...}, + ... +} + +subjects = { + subject_id1: { + name: xxx, + description: yyy, + ...}, + subject_id2: {...}, + ... +} + +subject_scopes = { + subject_category_id1: { + subject_scope_id1: { + name: xxx, + description: aaa}, + subject_scope_id2: { + name: yyy, + description: bbb}, + ...}, + subject_scope_id3: { + ...} + subject_category_id2: {...}, + ... +} + +subject_assignments = { + subject_id1: { + subject_category_id1: [subject_scope_id1, subject_scope_id2, ...], + subject_category_id2: [subject_scope_id3, subject_scope_id4, ...], + ... + }, + subject_id2: { + subject_category_id1: [subject_scope_id1, subject_scope_id2, ...], + subject_category_id2: [subject_scope_id3, subject_scope_id4, ...], + ... + }, + ... +} + +aggregation_algorithm = { + aggregation_algorithm_id: { + name: xxx, + description: yyy + } + } + +sub_meta_rules = { + sub_meta_rule_id_1: { + "name": xxx, + "algorithm": yyy, + "subject_categories": [subject_category_id1, subject_category_id2,...], + "object_categories": [object_category_id1, object_category_id2,...], + "action_categories": [action_category_id1, action_category_id2,...] + sub_meta_rule_id_2: {...}, + ... +} + +rules = { + sub_meta_rule_id1: { + rule_id1: [subject_scope1, subject_scope2, ..., action_scope1, ..., object_scope1, ... ], + rule_id2: [subject_scope3, subject_scope4, ..., action_scope3, ..., object_scope3, ... ], + rule_id3: [thomas, write, admin.subjects] + ...}, + sub_meta_rule_id2: { }, + ...} +""" diff --git a/old/python_moondb/python_moondb/backends/sql.py b/old/python_moondb/python_moondb/backends/sql.py new file mode 100644 index 00000000..d25586ba --- /dev/null +++ b/old/python_moondb/python_moondb/backends/sql.py @@ -0,0 +1,1884 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import copy +import json +from uuid import uuid4 +import sqlalchemy as sql +import logging +from sqlalchemy.orm import sessionmaker +from sqlalchemy.ext.declarative import declarative_base, declared_attr +from sqlalchemy import create_engine +from contextlib import contextmanager +from sqlalchemy import types as sql_types +from python_moonutilities import configuration +from python_moonutilities import exceptions +from python_moondb.core import PDPDriver, PolicyDriver, ModelDriver +import sqlalchemy + +logger = logging.getLogger("moon.db.driver.sql") +Base = declarative_base() +DEBUG = True if configuration.get_configuration("logging")['logging']['loggers']['moon'][ + 'level'] == "DEBUG" else False + + +class DictBase: + attributes = [] + + @classmethod + def from_dict(cls, d): + new_d = d.copy() + return cls(**new_d) + # new_d = d.copy() + # + # new_d['extra'] = {k: new_d.pop(k) for k in six.iterkeys(d) + # if k not in cls.attributes and k != 'extra'} + # + # return cls(**new_d) + + def to_dict(self): + d = dict() + for attr in self.__class__.attributes: + d[attr] = getattr(self, attr) + return d + + def __getitem__(self, key): + # if "extra" in dir(self) and key in self.extra: + # return self.extra[key] + return getattr(self, key) + + +class JsonBlob(sql_types.TypeDecorator): + impl = sql.Text + + def process_bind_param(self, value, dialect): + return json.dumps(value) + + def process_result_value(self, value, dialect): + return json.loads(value) + + +class Model(Base, DictBase): + __tablename__ = 'models' + attributes = ['id', 'name', 'value'] + id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + value = sql.Column(JsonBlob(), nullable=True) + + def to_dict(self): + return { + "name": self.name, + "description": self.value.get("description", ""), + "meta_rules": self.value.get("meta_rules", list()), + } + + +class Policy(Base, DictBase): + __tablename__ = 'policies' + attributes = ['id', 'name', 'model_id', 'value'] + id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + model_id = sql.Column(sql.String(64), nullable=True, default="") + value = sql.Column(JsonBlob(), nullable=True) + + def to_dict(self): + return { + "description": self.value.get("description", ""), + "genre": self.value.get("genre", ""), + "model_id": self.model_id, + "name": self.name + } + + +class PDP(Base, DictBase): + __tablename__ = 'pdp' + attributes = ['id', 'name', 'keystone_project_id', 'value'] + id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + keystone_project_id = sql.Column(sql.String(64), nullable=True, default="") + value = sql.Column(JsonBlob(), nullable=True) + + def to_dict(self): + return { + "name": self.name, + "description": self.value.get("description", ""), + "keystone_project_id": self.keystone_project_id, + "security_pipeline": self.value.get("security_pipeline", []), + } + + +class PerimeterCategoryBase(DictBase): + attributes = ['id', 'name', 'description'] + id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + description = sql.Column(sql.String(256), nullable=True) + + +class SubjectCategory(Base, PerimeterCategoryBase): + __tablename__ = 'subject_categories' + + +class ObjectCategory(Base, PerimeterCategoryBase): + __tablename__ = 'object_categories' + + +class ActionCategory(Base, PerimeterCategoryBase): + __tablename__ = 'action_categories' + + +class PerimeterBase(DictBase): + attributes = ['id', 'name', 'value'] + id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + value = sql.Column(JsonBlob(), nullable=True) + __mapper_args__ = {'concrete': True} + + def __repr__(self): + return "{} with name {} : {}".format(self.id, self.name, json.dumps(self.value)) + + def to_return(self): + return { + 'id': self.id, + 'name': self.name, + 'description': self.value.get("description", ""), + 'email': self.value.get("email", ""), + 'extra': self.value.get("extra", dict()), + 'policy_list': self.value.get("policy_list", []) + } + + def to_dict(self): + dict_value = copy.deepcopy(self.value) + dict_value["name"] = self.name + return { + 'id': self.id, + 'value': dict_value + } + + +class Subject(Base, PerimeterBase): + __tablename__ = 'subjects' + + +class Object(Base, PerimeterBase): + __tablename__ = 'objects' + + +class Action(Base, PerimeterBase): + __tablename__ = 'actions' + + +class PerimeterDataBase(DictBase): + attributes = ['id', 'name', 'value', 'category_id', 'policy_id'] + id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + value = sql.Column(JsonBlob(), nullable=True) + + @declared_attr + def policy_id(cls): + return sql.Column(sql.ForeignKey("policies.id"), nullable=False) + + def to_dict(self): + return { + 'id': self.id, + 'name': self.name, + 'description': self.value.get("description", ""), + 'category_id': self.category_id, + 'policy_id': self.policy_id + } + + +class SubjectData(Base, PerimeterDataBase): + __tablename__ = 'subject_data' + category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False) + + +class ObjectData(Base, PerimeterDataBase): + __tablename__ = 'object_data' + category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False) + + +class ActionData(Base, PerimeterDataBase): + __tablename__ = 'action_data' + category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False) + + +class PerimeterAssignmentBase(DictBase): + attributes = ['id', 'assignments', 'policy_id', 'subject_id', 'category_id'] + id = sql.Column(sql.String(64), primary_key=True) + assignments = sql.Column(JsonBlob(), nullable=True) + category_id = None + + @declared_attr + def policy_id(cls): + return sql.Column(sql.ForeignKey("policies.id"), nullable=False) + + def _to_dict(self, element_key, element_value): + return { + "id": self.id, + "policy_id": self.policy_id, + element_key: element_value, + "category_id": self.category_id, + "assignments": self.assignments, + } + + +class SubjectAssignment(Base, PerimeterAssignmentBase): + __tablename__ = 'subject_assignments' + subject_id = sql.Column(sql.ForeignKey("subjects.id"), nullable=False) + category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False) + + def to_dict(self): + return self._to_dict("subject_id", self.subject_id) + + +class ObjectAssignment(Base, PerimeterAssignmentBase): + __tablename__ = 'object_assignments' + attributes = ['id', 'assignments', 'policy_id', 'object_id', 'category_id'] + object_id = sql.Column(sql.ForeignKey("objects.id"), nullable=False) + category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False) + + def to_dict(self): + return self._to_dict("object_id", self.object_id) + + +class ActionAssignment(Base, PerimeterAssignmentBase): + __tablename__ = 'action_assignments' + attributes = ['id', 'assignments', 'policy_id', 'action_id', 'category_id'] + action_id = sql.Column(sql.ForeignKey("actions.id"), nullable=False) + category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False) + + def to_dict(self): + return self._to_dict("action_id", self.action_id) + + +class MetaRule(Base, DictBase): + __tablename__ = 'meta_rules' + attributes = ['id', 'name', 'subject_categories', 'object_categories', 'action_categories', + 'value'] + id = sql.Column(sql.String(64), primary_key=True) + name = sql.Column(sql.String(256), nullable=False) + subject_categories = sql.Column(JsonBlob(), nullable=True) + object_categories = sql.Column(JsonBlob(), nullable=True) + action_categories = sql.Column(JsonBlob(), nullable=True) + value = sql.Column(JsonBlob(), nullable=True) + + def to_dict(self): + return { + "name": self.name, + "description": self.value.get("description", ""), + "subject_categories": self.subject_categories, + "object_categories": self.object_categories, + "action_categories": self.action_categories, + } + + +class Rule(Base, DictBase): + __tablename__ = 'rules' + attributes = ['id', 'rule', 'policy_id', 'meta_rule_id'] + id = sql.Column(sql.String(64), primary_key=True) + rule = sql.Column(JsonBlob(), nullable=True) + policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False) + meta_rule_id = sql.Column(sql.ForeignKey("meta_rules.id"), nullable=False) + + def to_dict(self): + return { + 'id': self.id, + 'rule': self.rule["rule"], + 'instructions': self.rule["instructions"], + 'enabled': self.rule["enabled"], + 'policy_id': self.policy_id, + 'meta_rule_id': self.meta_rule_id + } + + def __repr__(self): + return "{}".format(self.rule) + + +@contextmanager +def session_scope(engine): + """Provide a transactional scope around a series of operations.""" + if type(engine) is str: + echo = DEBUG + engine = create_engine(engine, echo=echo) + session = sessionmaker(bind=engine)() + try: + yield session + session.commit() + except: + session.rollback() + raise + finally: + session.close() + + +class BaseConnector(object): + """Provide a base connector to connect them all""" + engine = "" + + def __init__(self, engine_name): + echo = DEBUG + self.engine = create_engine(engine_name, echo=echo) + + def init_db(self): + Base.metadata.create_all(self.engine) + + def set_engine(self, engine_name): + self.engine = engine_name + + def get_session(self): + return session_scope(self.engine) + + def get_session_for_read(self): + return self.get_session() + + def get_session_for_write(self): + return self.get_session() + + +class PDPConnector(BaseConnector, PDPDriver): + + def update_pdp(self, pdp_id, value): + try: + with self.get_session_for_write() as session: + query = session.query(PDP) + query = query.filter_by(id=pdp_id) + ref = query.first() + if ref: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + value_wo_name.pop("keystone_project_id", None) + ref.name = value["name"] + ref.keystone_project_id = value["keystone_project_id"] + d = dict(ref.value) + d.update(value_wo_name) + setattr(ref, "value", d) + return {ref.id: ref.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PdpExisting + raise error + + def delete_pdp(self, pdp_id): + with self.get_session_for_write() as session: + ref = session.query(PDP).get(pdp_id) + session.delete(ref) + + def add_pdp(self, pdp_id=None, value=None): + try: + with self.get_session_for_write() as session: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + value_wo_name.pop("keystone_project_id", None) + new = PDP.from_dict({ + "id": pdp_id if pdp_id else uuid4().hex, + "name": value["name"], + "keystone_project_id": value["keystone_project_id"], + "value": value_wo_name + }) + session.add(new) + return {new.id: new.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PdpExisting + raise error + + def get_pdp(self, pdp_id=None): + with self.get_session_for_read() as session: + query = session.query(PDP) + if pdp_id: + query = query.filter_by(id=pdp_id) + ref_list = query.all() + return {_ref.id: _ref.to_dict() for _ref in ref_list} + + +class PolicyConnector(BaseConnector, PolicyDriver): + + def update_policy(self, policy_id, value): + try: + with self.get_session_for_write() as session: + query = session.query(Policy) + query = query.filter_by(id=policy_id) + ref = query.first() + + if ref: + value_wo_other_info = copy.deepcopy(value) + value_wo_other_info.pop("name", None) + value_wo_other_info.pop("model_id", None) + ref.name = value["name"] + ref.model_id = value["model_id"] + d = dict(ref.value) + d.update(value_wo_other_info) + setattr(ref, "value", d) + return {ref.id: ref.to_dict()} + + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PolicyExisting + raise error + + def delete_policy(self, policy_id): + with self.get_session_for_write() as session: + ref = session.query(Policy).get(policy_id) + session.delete(ref) + + def add_policy(self, policy_id=None, value=None): + try: + with self.get_session_for_write() as session: + value_wo_other_info = copy.deepcopy(value) + value_wo_other_info.pop("name", None) + value_wo_other_info.pop("model_id", None) + new = Policy.from_dict({ + "id": policy_id if policy_id else uuid4().hex, + "name": value["name"], + "model_id": value.get("model_id", ""), + "value": value_wo_other_info + }) + session.add(new) + return {new.id: new.to_dict()} + + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.PolicyExisting + raise error + + def get_policies(self, policy_id=None, policy_name=None): + with self.get_session_for_read() as session: + query = session.query(Policy) + if policy_id: + query = query.filter_by(id=policy_id) + elif policy_name: + query = query.filter_by(name=policy_name) + + ref_list = query.all() + return {_ref.id: _ref.to_dict() for _ref in ref_list} + + def __get_perimeters(self, ClassType, policy_id, perimeter_id=None): + # if not policy_id: + # raise exceptions.PolicyUnknown + + with self.get_session_for_read() as session: + query = session.query(ClassType) + + if perimeter_id: + query = query.filter_by(id=perimeter_id) + + ref_list = copy.deepcopy(query.all()) + + if policy_id: + results = [] + for _ref in ref_list: + _ref_value = _ref.to_return() + if policy_id in _ref_value["policy_list"]: + results.append(_ref) + return {_ref.id: _ref.to_return() for _ref in results} + return {_ref.id: _ref.to_return() for _ref in ref_list} + + def __get_perimeter_by_name(self, ClassType, perimeter_name): + # if not policy_id: + # raise exceptions.PolicyUnknown + with self.get_session_for_read() as session: + query = session.query(ClassType) + if not perimeter_name or not perimeter_name.strip(): + raise exceptions.PerimeterContentError('invalid name') + query = query.filter_by(name=perimeter_name) + ref_list = copy.deepcopy(query.all()) + return {_ref.id: _ref.to_return() for _ref in ref_list} + + def __update_perimeter(self, class_type, class_type_exception, perimeter_id, value): + if not perimeter_id: + return exceptions.PerimeterContentError + with self.get_session_for_write() as session: + query = session.query(class_type) + query = query.filter_by(id=perimeter_id) + _perimeter = query.first() + if not _perimeter: + raise class_type_exception + temp_perimeter = copy.deepcopy(_perimeter.to_dict()) + if 'name' in value: + temp_perimeter['value']['name'] = value['name'] + if 'description' in value: + temp_perimeter['value']['description'] = value['description'] + if 'extra' in value: + temp_perimeter['value']['extra'] = value['extra'] + name = temp_perimeter['value']['name'] + temp_perimeter['value'].pop("name", None) + new_perimeter = class_type.from_dict({ + "id": temp_perimeter["id"], + "name": name, + "value": temp_perimeter["value"] + }) + _perimeter.value = new_perimeter.value + _perimeter.name = new_perimeter.name + return {_perimeter.id: _perimeter.to_return()} + + def __set_perimeter(self, ClassType, ClassTypeException, policy_id, perimeter_id=None, + value=None): + if not value or "name" not in value or not value["name"].strip(): + raise exceptions.PerimeterContentError('invalid name') + with self.get_session_for_write() as session: + _perimeter = None + if perimeter_id: + query = session.query(ClassType) + query = query.filter_by(id=perimeter_id) + _perimeter = query.first() + if not perimeter_id and not _perimeter: + query = session.query(ClassType) + query = query.filter_by(name=value['name']) + _perimeter = query.first() + if _perimeter: + raise ClassTypeException + if not _perimeter: + if "policy_list" not in value or type(value["policy_list"]) is not list: + value["policy_list"] = [] + if policy_id and policy_id not in value["policy_list"]: + value["policy_list"] = [policy_id, ] + + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + new = ClassType.from_dict({ + "id": perimeter_id if perimeter_id else uuid4().hex, + "name": value["name"], + "value": value_wo_name + }) + session.add(new) + return {new.id: new.to_return()} + else: + _value = copy.deepcopy(_perimeter.to_dict()) + if "policy_list" not in _value["value"] or type( + _value["value"]["policy_list"]) is not list: + _value["value"]["policy_list"] = [] + if policy_id and policy_id not in _value["value"]["policy_list"]: + _value["value"]["policy_list"].append(policy_id) + else: + if policy_id: + raise exceptions.PolicyExisting + raise exceptions.PerimeterContentError + + _value["value"].update(value) + + name = _value["value"]["name"] + _value["value"].pop("name") + new_perimeter = ClassType.from_dict({ + "id": _value["id"], + "name": name, + "value": _value["value"] + }) + _perimeter.value = new_perimeter.value + _perimeter.name = new_perimeter.name + return {_perimeter.id: _perimeter.to_return()} + + def __delete_perimeter(self, ClassType, ClassUnknownException, policy_id, perimeter_id): + with self.get_session_for_write() as session: + query = session.query(ClassType) + query = query.filter_by(id=perimeter_id) + _perimeter = query.first() + if not _perimeter: + raise ClassUnknownException + old_perimeter = copy.deepcopy(_perimeter.to_dict()) + try: + old_perimeter["value"]["policy_list"].remove(policy_id) + new_perimeter = ClassType.from_dict(old_perimeter) + if not new_perimeter.value["policy_list"]: + session.delete(_perimeter) + else: + setattr(_perimeter, "value", getattr(new_perimeter, "value")) + except ValueError: + if not _perimeter.value["policy_list"]: + session.delete(_perimeter) + + def get_subjects(self, policy_id, perimeter_id=None): + return self.__get_perimeters(Subject, policy_id, perimeter_id) + + def get_subject_by_name(self, perimeter_name): + return self.__get_perimeter_by_name(Subject, perimeter_name) + + def set_subject(self, policy_id, perimeter_id=None, value=None): + try: + return self.__set_perimeter(Subject, exceptions.SubjectExisting, policy_id, + perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectExisting + raise error + + def update_subject(self, perimeter_id, value): + try: + return self.__update_perimeter(Subject, exceptions.SubjectExisting, perimeter_id, value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectExisting + raise error + + def delete_subject(self, policy_id, perimeter_id): + self.__delete_perimeter(Subject, exceptions.SubjectUnknown, policy_id, perimeter_id) + + def get_objects(self, policy_id, perimeter_id=None): + return self.__get_perimeters(Object, policy_id, perimeter_id) + + def get_object_by_name(self, perimeter_name): + return self.__get_perimeter_by_name(Object, perimeter_name) + + def set_object(self, policy_id, perimeter_id=None, value=None): + try: + return self.__set_perimeter(Object, exceptions.ObjectExisting, policy_id, + perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + logger.exception("IntegrityError {}".format(error)) + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectExisting + raise error + + def update_object(self, perimeter_id, value): + try: + return self.__update_perimeter(Object, exceptions.ObjectExisting, perimeter_id, value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectExisting + raise error + + def delete_object(self, policy_id, perimeter_id): + self.__delete_perimeter(Object, exceptions.ObjectUnknown, policy_id, perimeter_id) + + def get_actions(self, policy_id, perimeter_id=None): + return self.__get_perimeters(Action, policy_id, perimeter_id) + + def get_action_by_name(self, perimeter_name): + return self.__get_perimeter_by_name(Action, perimeter_name) + + def set_action(self, policy_id, perimeter_id=None, value=None): + try: + return self.__set_perimeter(Action, exceptions.ActionExisting, policy_id, + perimeter_id=perimeter_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionExisting + raise error + + def update_action(self, perimeter_id, value): + try: + return self.__update_perimeter(Action, exceptions.ActionExisting, perimeter_id, value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionExisting + raise error + + def delete_action(self, policy_id, perimeter_id): + self.__delete_perimeter(Action, exceptions.ActionUnknown, policy_id, perimeter_id) + + def __is_data_exist(self, ClassType, category_id=None): + + with self.get_session_for_read() as session: + query = session.query(ClassType) + query = query.filter_by(category_id=category_id) + ref_list = query.all() + if ref_list: + return True + return False + + def __get_data(self, ClassType, policy_id, data_id=None, category_id=None): + with self.get_session_for_read() as session: + query = session.query(ClassType) + if policy_id and data_id and category_id: + query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) + elif policy_id and category_id: + query = query.filter_by(policy_id=policy_id, category_id=category_id) + elif category_id: + query = query.filter_by(category_id=category_id) + elif policy_id: + query = query.filter_by(policy_id=policy_id) + else: + raise exceptions.PolicyUnknown + + ref_list = query.all() + return { + "policy_id": policy_id, + "category_id": category_id, + "data": {_ref.id: _ref.to_dict() for _ref in ref_list} + } + + def __set_data(self, ClassType, ClassTypeData, policy_id, data_id=None, category_id=None, + value=None): + with self.get_session_for_write() as session: + query = session.query(ClassTypeData) + query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id) + ref = query.first() + if not ref: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + new_ref = ClassTypeData.from_dict( + { + "id": data_id if data_id else uuid4().hex, + 'name': value["name"], + 'value': value_wo_name, + 'category_id': category_id, + 'policy_id': policy_id, + } + ) + session.add(new_ref) + ref = new_ref + else: + for attr in ClassType.attributes: + if attr != 'id': + setattr(ref, attr, getattr(ref, attr)) + # session.flush() + return { + "policy_id": policy_id, + "category_id": category_id, + "data": {ref.id: ref.to_dict()} + } + + def __delete_data(self, ClassType, policy_id, category_id, data_id): + + if not data_id: + raise exceptions.DataUnknown + with self.get_session_for_write() as session: + query = session.query(ClassType) + if category_id: + query = query.filter_by(policy_id=policy_id, category_id=category_id, id=data_id) + else: + query = query.filter_by(policy_id=policy_id, id=data_id) + ref = query.first() + if ref: + session.delete(ref) + + def is_subject_data_exist(self, category_id=None): + return self.__is_data_exist(SubjectData, category_id=category_id) + + def get_subject_data(self, policy_id, data_id=None, category_id=None): + return self.__get_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) + + def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None): + try: + return self.__set_data(Subject, SubjectData, policy_id, data_id=data_id, + category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectScopeExisting + raise error + + def delete_subject_data(self, policy_id, category_id, data_id): + return self.__delete_data(SubjectData, policy_id, category_id, data_id) + + def is_object_data_exist(self, category_id=None): + return self.__is_data_exist(ObjectData, category_id=category_id) + + def get_object_data(self, policy_id, data_id=None, category_id=None): + return self.__get_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) + + def set_object_data(self, policy_id, data_id=None, category_id=None, value=None): + try: + return self.__set_data(Object, ObjectData, policy_id, data_id=data_id, + category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectScopeExisting + raise error + + def delete_object_data(self, policy_id, category_id, data_id): + return self.__delete_data(ObjectData, policy_id, category_id, data_id) + + def is_action_data_exist(self, category_id=None): + return self.__is_data_exist(ActionData, category_id=category_id) + + def get_action_data(self, policy_id, data_id=None, category_id=None): + return self.__get_data(ActionData, policy_id, data_id=data_id, category_id=category_id) + + def set_action_data(self, policy_id, data_id=None, category_id=None, value=None): + try: + return self.__set_data(Action, ActionData, policy_id, data_id=data_id, + category_id=category_id, value=value) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionScopeExisting + raise error + + def delete_action_data(self, policy_id, category_id, data_id): + return self.__delete_data(ActionData, policy_id, category_id, data_id) + + def get_subject_assignments(self, policy_id, subject_id=None, category_id=None): + with self.get_session_for_write() as session: + query = session.query(SubjectAssignment) + if subject_id and category_id: + # TODO change the subject_id to perimeter_id to allow code refactoring + query = query.filter_by(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) + elif subject_id: + query = query.filter_by(policy_id=policy_id, subject_id=subject_id) + else: + query = query.filter_by(policy_id=policy_id) + ref_list = query.all() + return {_ref.id: _ref.to_dict() for _ref in ref_list} + + def add_subject_assignment(self, policy_id, subject_id, category_id, data_id): + with self.get_session_for_write() as session: + query = session.query(SubjectAssignment) + query = query.filter_by(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) + ref = query.first() + if ref: + old_ref = copy.deepcopy(ref.to_dict()) + assignments = old_ref["assignments"] + if data_id not in assignments: + assignments.append(data_id) + setattr(ref, "assignments", assignments) + else: + raise exceptions.SubjectAssignmentExisting + else: + ref = SubjectAssignment.from_dict( + { + "id": uuid4().hex, + "policy_id": policy_id, + "subject_id": subject_id, + "category_id": category_id, + "assignments": [data_id, ], + } + ) + session.add(ref) + return {ref.id: ref.to_dict()} + + def is_subject_category_has_assignment(self, category_id): + return self.__is_category_has_assignment(SubjectAssignment, category_id) + + def is_object_category_has_assignment(self, category_id): + return self.__is_category_has_assignment(ObjectAssignment, category_id) + + def is_action_category_has_assignment(self, category_id): + return self.__is_category_has_assignment(ActionAssignment, category_id) + + def __is_category_has_assignment(self, ClassType, category_id): + with self.get_session_for_write() as session: + query = session.query(ClassType) + query = query.filter_by(category_id=category_id) + count = query.count() + return count > 0 + + def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id): + with self.get_session_for_write() as session: + query = session.query(SubjectAssignment) + query = query.filter_by(policy_id=policy_id, subject_id=subject_id, + category_id=category_id) + ref = query.first() + if ref: + old_ref = copy.deepcopy(ref.to_dict()) + assignments = old_ref["assignments"] + # TODO (asteroide): if data_id is None, delete all + if data_id in assignments: + assignments.remove(data_id) + # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database + setattr(ref, "assignments", assignments) + if not assignments: + session.delete(ref) + + def get_object_assignments(self, policy_id, object_id=None, category_id=None): + with self.get_session_for_write() as session: + query = session.query(ObjectAssignment) + if object_id and category_id: + # TODO change the object_id to perimeter_id to allow code refactoring + query = query.filter_by(policy_id=policy_id, object_id=object_id, + category_id=category_id) + elif object_id: + query = query.filter_by(policy_id=policy_id, object_id=object_id) + else: + query = query.filter_by(policy_id=policy_id) + ref_list = query.all() + return {_ref.id: _ref.to_dict() for _ref in ref_list} + + def add_object_assignment(self, policy_id, object_id, category_id, data_id): + with self.get_session_for_write() as session: + query = session.query(ObjectAssignment) + query = query.filter_by(policy_id=policy_id, object_id=object_id, + category_id=category_id) + ref = query.first() + if ref: + old_ref = copy.deepcopy(ref.to_dict()) + assignments = old_ref["assignments"] + if data_id not in assignments: + assignments.append(data_id) + setattr(ref, "assignments", assignments) + else: + raise exceptions.ObjectAssignmentExisting + else: + ref = ObjectAssignment.from_dict( + { + "id": uuid4().hex, + "policy_id": policy_id, + "object_id": object_id, + "category_id": category_id, + "assignments": [data_id, ], + } + ) + session.add(ref) + return {ref.id: ref.to_dict()} + + def delete_object_assignment(self, policy_id, object_id, category_id, data_id): + with self.get_session_for_write() as session: + query = session.query(ObjectAssignment) + query = query.filter_by(policy_id=policy_id, object_id=object_id, + category_id=category_id) + ref = query.first() + if ref: + old_ref = copy.deepcopy(ref.to_dict()) + assignments = old_ref["assignments"] + # TODO (asteroide): if data_id is None, delete all + if data_id in assignments: + assignments.remove(data_id) + # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database + setattr(ref, "assignments", assignments) + if not assignments: + session.delete(ref) + + def get_action_assignments(self, policy_id, action_id=None, category_id=None): + with self.get_session_for_write() as session: + if not policy_id: + return exceptions.PolicyUnknown + query = session.query(ActionAssignment) + if action_id and category_id: + # TODO change the action_id to perimeter_id to allow code refactoring + query = query.filter_by(policy_id=policy_id, action_id=action_id, + category_id=category_id) + elif action_id: + query = query.filter_by(policy_id=policy_id, action_id=action_id) + elif category_id: + query = query.filter_by(policy_id=policy_id, category_id=category_id) + else: + query = query.filter_by(policy_id=policy_id) + ref_list = query.all() + return {_ref.id: _ref.to_dict() for _ref in ref_list} + + def add_action_assignment(self, policy_id, action_id, category_id, data_id): + with self.get_session_for_write() as session: + query = session.query(ActionAssignment) + query = query.filter_by(policy_id=policy_id, action_id=action_id, + category_id=category_id) + ref = query.first() + if ref: + old_ref = copy.deepcopy(ref.to_dict()) + assignments = old_ref["assignments"] + if data_id not in assignments: + assignments.append(data_id) + setattr(ref, "assignments", assignments) + else: + raise exceptions.ActionAssignmentExisting + else: + ref = ActionAssignment.from_dict( + { + "id": uuid4().hex, + "policy_id": policy_id, + "action_id": action_id, + "category_id": category_id, + "assignments": [data_id, ], + } + ) + session.add(ref) + return {ref.id: ref.to_dict()} + + def delete_action_assignment(self, policy_id, action_id, category_id, data_id): + with self.get_session_for_write() as session: + query = session.query(ActionAssignment) + query = query.filter_by(policy_id=policy_id, action_id=action_id, + category_id=category_id) + ref = query.first() + if ref: + old_ref = copy.deepcopy(ref.to_dict()) + assignments = old_ref["assignments"] + # TODO (asteroide): if data_id is None, delete all + if data_id in assignments: + assignments.remove(data_id) + # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database + setattr(ref, "assignments", assignments) + if not assignments: + session.delete(ref) + + def get_rules(self, policy_id, rule_id=None, meta_rule_id=None): + with self.get_session_for_read() as session: + query = session.query(Rule) + if rule_id: + query = query.filter_by(policy_id=policy_id, rule_id=rule_id) + ref = query.first() + return {ref.id: ref.to_dict()} + elif meta_rule_id and policy_id: + query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id) + ref_list = query.all() + return { + "meta_rule_id": meta_rule_id, + "policy_id": policy_id, + "rules": list(map(lambda x: x.to_dict(), ref_list)) + } + else: + query = query.filter_by(policy_id=policy_id) + ref_list = query.all() + return { + "policy_id": policy_id, + "rules": list(map(lambda x: x.to_dict(), ref_list)) + } + + def is_meta_rule_has_rules(self, meta_rule_id): + with self.get_session_for_read() as session: + query = session.query(Rule) + + query = query.filter_by(meta_rule_id=meta_rule_id) + count = query.count() + return count > 0 + + def add_rule(self, policy_id, meta_rule_id, value): + try: + rules = self.get_rules(policy_id, meta_rule_id=meta_rule_id) + for _rule in map(lambda x: x["rule"], rules["rules"]): + if list(value.get('rule')) == list(_rule): + raise exceptions.RuleExisting + with self.get_session_for_write() as session: + ref = Rule.from_dict( + { + "id": uuid4().hex, + "policy_id": policy_id, + "meta_rule_id": meta_rule_id, + "rule": value + } + ) + session.add(ref) + return {ref.id: ref.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.RuleExisting + raise error + + def delete_rule(self, policy_id, rule_id): + with self.get_session_for_write() as session: + query = session.query(Rule) + query = query.filter_by(policy_id=policy_id, id=rule_id) + ref = query.first() + if ref: + session.delete(ref) + + +class ModelConnector(BaseConnector, ModelDriver): + + def update_model(self, model_id, value): + try: + with self.get_session_for_write() as session: + query = session.query(Model) + if model_id: + query = query.filter_by(id=model_id) + ref = query.first() + if ref: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + setattr(ref, "name", value["name"]) + d = dict(ref.value) + d.update(value_wo_name) + setattr(ref, "value", d) + return {ref.id: ref.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ModelExisting + raise error + + def delete_model(self, model_id): + with self.get_session_for_write() as session: + ref = session.query(Model).get(model_id) + session.delete(ref) + + def add_model(self, model_id=None, value=None): + try: + with self.get_session_for_write() as session: + value_wo_name = copy.deepcopy(value) + value_wo_name.pop("name", None) + new = Model.from_dict({ + "id": model_id if model_id else uuid4().hex, + "name": value["name"], + "value": value_wo_name + }) + session.add(new) + return {new.id: new.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ModelExisting + + def get_models(self, model_id=None): + with self.get_session_for_read() as session: + query = session.query(Model) + if model_id: + ref_list = query.filter(Model.id == model_id) + else: + ref_list = query.all() + + r = {_ref.id: _ref.to_dict() for _ref in ref_list} + return r + + def set_meta_rule(self, meta_rule_id, value): + try: + with self.get_session_for_write() as session: + value_wo_other_data = copy.deepcopy(value) + value_wo_other_data.pop("name", None) + value_wo_other_data.pop("subject_categories", None) + value_wo_other_data.pop("object_categories", None) + value_wo_other_data.pop("action_categories", None) + if meta_rule_id is None: + try: + ref = MetaRule.from_dict( + { + "id": uuid4().hex, + "name": value["name"], + "subject_categories": value["subject_categories"], + "object_categories": value["object_categories"], + "action_categories": value["action_categories"], + "value": value_wo_other_data + } + ) + session.add(ref) + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.MetaRuleExisting + raise error + else: + query = session.query(MetaRule) + query = query.filter_by(id=meta_rule_id) + ref = query.first() + setattr(ref, "name", value["name"]) + setattr(ref, "subject_categories", value["subject_categories"]) + setattr(ref, "object_categories", value["object_categories"]) + setattr(ref, "action_categories", value["action_categories"]) + setattr(ref, "value", value_wo_other_data) + return {ref.id: ref.to_dict()} + except sqlalchemy.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.MetaRuleExisting + raise error + + def get_meta_rules(self, meta_rule_id=None): + with self.get_session_for_read() as session: + query = session.query(MetaRule) + if meta_rule_id: + query = query.filter_by(id=meta_rule_id) + ref_list = query.all() + return {_ref.id: _ref.to_dict() for _ref in ref_list} + + def delete_meta_rule(self, meta_rule_id=None): + with self.get_session_for_write() as session: + query = session.query(MetaRule) + query = query.filter_by(id=meta_rule_id) + ref = query.first() + if ref: + session.delete(ref) + + def __get_perimeter_categories(self, ClassType, category_id=None): + with self.get_session_for_read() as session: + query = session.query(ClassType) + if category_id: + query = query.filter_by(id=category_id) + ref_list = query.all() + return {_ref.id: _ref.to_dict() for _ref in ref_list} + + def __add_perimeter_category(self, ClassType, name, description, uuid=None): + if not name or not name.strip(): + raise exceptions.CategoryNameInvalid + with self.get_session_for_write() as session: + ref = ClassType.from_dict( + { + "id": uuid if uuid else uuid4().hex, + "name": name, + "description": description + } + ) + session.add(ref) + return {ref.id: ref.to_dict()} + + def __delete_perimeter_category(self, ClassType, category_id): + with self.get_session_for_write() as session: + query = session.query(ClassType) + query = query.filter_by(id=category_id) + ref = query.first() + if ref: + session.delete(ref) + + def get_subject_categories(self, category_id=None): + return self.__get_perimeter_categories(SubjectCategory, category_id=category_id) + + def add_subject_category(self, name, description, uuid=None): + try: + return self.__add_perimeter_category(SubjectCategory, name, description, uuid=uuid) + except sql.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.SubjectCategoryExisting + raise error + + def delete_subject_category(self, category_id): + self.__delete_perimeter_category(SubjectCategory, category_id) + + def get_object_categories(self, category_id=None): + return self.__get_perimeter_categories(ObjectCategory, category_id=category_id) + + def add_object_category(self, name, description, uuid=None): + try: + return self.__add_perimeter_category(ObjectCategory, name, description, uuid=uuid) + except sql.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ObjectCategoryExisting + raise error + + def delete_object_category(self, category_id): + self.__delete_perimeter_category(ObjectCategory, category_id) + + def get_action_categories(self, category_id=None): + + return self.__get_perimeter_categories(ActionCategory, category_id=category_id) + + def add_action_category(self, name, description, uuid=None): + try: + return self.__add_perimeter_category(ActionCategory, name, description, uuid=uuid) + except sql.exc.IntegrityError as error: + if 'UNIQUE constraint' in str(error): + raise exceptions.ActionCategoryExisting + raise error + + def delete_action_category(self, category_id): + self.__delete_perimeter_category(ActionCategory, category_id) + + # Getter and Setter for subject_category + + # def get_subject_categories_dict(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(SubjectCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref_list = query.all() + # return {_ref.id: _ref.subject_category for _ref in ref_list} + # + # def set_subject_category_dict(self, intra_extension_id, subject_category_id, subject_category_dict): + # with self.get_session_for_write() as session: + # query = session.query(SubjectCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id) + # ref = query.first() + # new_ref = SubjectCategory.from_dict( + # { + # "id": subject_category_id, + # 'subject_category': subject_category_dict, + # 'intra_extension_id': intra_extension_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in SubjectCategory.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # # session.flush() + # return {subject_category_id: SubjectCategory.to_dict(ref)['subject_category']} + # + # def del_subject_category(self, intra_extension_id, subject_category_id): + # with self.get_session_for_write() as session: + # query = session.query(SubjectCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id) + # ref = query.first() + # self.del_subject_assignment(intra_extension_id, None, None, None) + # session.delete(ref) + # + # # Getter and Setter for object_category + # + # def get_object_categories_dict(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(ObjectCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref_list = query.all() + # return {_ref.id: _ref.object_category for _ref in ref_list} + # + # def set_object_category_dict(self, intra_extension_id, object_category_id, object_category_dict): + # with self.get_session_for_write() as session: + # query = session.query(ObjectCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id) + # ref = query.first() + # new_ref = ObjectCategory.from_dict( + # { + # "id": object_category_id, + # 'object_category': object_category_dict, + # 'intra_extension_id': intra_extension_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in ObjectCategory.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {object_category_id: ObjectCategory.to_dict(ref)['object_category']} + # + # def del_object_category(self, intra_extension_id, object_category_id): + # with self.get_session_for_write() as session: + # query = session.query(ObjectCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id) + # ref = query.first() + # self.del_object_assignment(intra_extension_id, None, None, None) + # session.delete(ref) + # + # # Getter and Setter for action_category + # + # def get_action_categories_dict(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(ActionCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref_list = query.all() + # return {_ref.id: _ref.action_category for _ref in ref_list} + # + # def set_action_category_dict(self, intra_extension_id, action_category_id, action_category_dict): + # with self.get_session_for_write() as session: + # query = session.query(ActionCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id) + # ref = query.first() + # new_ref = ActionCategory.from_dict( + # { + # "id": action_category_id, + # 'action_category': action_category_dict, + # 'intra_extension_id': intra_extension_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in ActionCategory.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {action_category_id: ActionCategory.to_dict(ref)['action_category']} + # + # def del_action_category(self, intra_extension_id, action_category_id): + # with self.get_session_for_write() as session: + # query = session.query(ActionCategory) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id) + # ref = query.first() + # self.del_action_assignment(intra_extension_id, None, None, None) + # session.delete(ref) + + # Perimeter + + # def get_subjects_dict(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(Subject) + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref_list = query.all() + # return {_ref.id: _ref.subject for _ref in ref_list} + # + # def set_subject_dict(self, intra_extension_id, subject_id, subject_dict): + # with self.get_session_for_write() as session: + # query = session.query(Subject) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id) + # ref = query.first() + # # if 'id' in subject_dict: + # # subject_dict['id'] = subject_id + # new_ref = Subject.from_dict( + # { + # "id": subject_id, + # 'subject': subject_dict, + # 'intra_extension_id': intra_extension_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in Subject.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {subject_id: Subject.to_dict(ref)['subject']} + # + # def del_subject(self, intra_extension_id, subject_id): + # with self.get_session_for_write() as session: + # query = session.query(Subject) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id) + # ref = query.first() + # session.delete(ref) + # + # def get_objects_dict(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(Object) + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref_list = query.all() + # return {_ref.id: _ref.object for _ref in ref_list} + # + # def set_object_dict(self, intra_extension_id, object_id, object_dict): + # with self.get_session_for_write() as session: + # query = session.query(Object) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id) + # ref = query.first() + # new_ref = Object.from_dict( + # { + # "id": object_id, + # 'object': object_dict, + # 'intra_extension_id': intra_extension_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in Object.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {object_id: Object.to_dict(ref)['object']} + # + # def del_object(self, intra_extension_id, object_id): + # with self.get_session_for_write() as session: + # query = session.query(Object) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id) + # ref = query.first() + # session.delete(ref) + # + # def get_actions_dict(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(Action) + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref_list = query.all() + # return {_ref.id: _ref.action for _ref in ref_list} + # + # def set_action_dict(self, intra_extension_id, action_id, action_dict): + # with self.get_session_for_write() as session: + # query = session.query(Action) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id) + # ref = query.first() + # new_ref = Action.from_dict( + # { + # "id": action_id, + # 'action': action_dict, + # 'intra_extension_id': intra_extension_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in Action.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {action_id: Action.to_dict(ref)['action']} + # + # def del_action(self, intra_extension_id, action_id): + # with self.get_session_for_write() as session: + # query = session.query(Action) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id) + # ref = query.first() + # session.delete(ref) + + # Getter and Setter for subject_scope + + # def get_subject_scopes_dict(self, intra_extension_id, subject_category_id): + # with self.get_session_for_read() as session: + # query = session.query(SubjectScope) + # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id) + # ref_list = query.all() + # return {_ref.id: _ref.subject_scope for _ref in ref_list} + # + # def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict): + # with self.get_session_for_write() as session: + # query = session.query(SubjectScope) + # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id) + # ref = query.first() + # new_ref = SubjectScope.from_dict( + # { + # "id": subject_scope_id, + # 'subject_scope': subject_scope_dict, + # 'intra_extension_id': intra_extension_id, + # 'subject_category_id': subject_category_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in Subject.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {subject_scope_id: SubjectScope.to_dict(ref)['subject_scope']} + # + # def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id): + # with self.get_session_for_write() as session: + # query = session.query(SubjectScope) + # if not subject_category_id or not subject_scope_id: + # query = query.filter_by(intra_extension_id=intra_extension_id) + # for ref in query.all(): + # session.delete(ref) + # else: + # query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id) + # ref = query.first() + # session.delete(ref) + # + # # Getter and Setter for object_category_scope + # + # def get_object_scopes_dict(self, intra_extension_id, object_category_id): + # with self.get_session_for_read() as session: + # query = session.query(ObjectScope) + # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id) + # ref_list = query.all() + # return {_ref.id: _ref.object_scope for _ref in ref_list} + # + # def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_id, object_scope_dict): + # with self.get_session_for_write() as session: + # query = session.query(ObjectScope) + # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id) + # ref = query.first() + # new_ref = ObjectScope.from_dict( + # { + # "id": object_scope_id, + # 'object_scope': object_scope_dict, + # 'intra_extension_id': intra_extension_id, + # 'object_category_id': object_category_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in Object.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {object_scope_id: ObjectScope.to_dict(ref)['object_scope']} + # + # def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id): + # with self.get_session_for_write() as session: + # query = session.query(ObjectScope) + # if not object_category_id or not object_scope_id: + # query = query.filter_by(intra_extension_id=intra_extension_id) + # for ref in query.all(): + # session.delete(ref) + # else: + # query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id) + # ref = query.first() + # session.delete(ref) + # + # # Getter and Setter for action_scope + # + # def get_action_scopes_dict(self, intra_extension_id, action_category_id): + # with self.get_session_for_read() as session: + # query = session.query(ActionScope) + # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id) + # ref_list = query.all() + # return {_ref.id: _ref.action_scope for _ref in ref_list} + # + # def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id, action_scope_dict): + # with self.get_session_for_write() as session: + # query = session.query(ActionScope) + # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id) + # ref = query.first() + # new_ref = ActionScope.from_dict( + # { + # "id": action_scope_id, + # 'action_scope': action_scope_dict, + # 'intra_extension_id': intra_extension_id, + # 'action_category_id': action_category_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in Action.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {action_scope_id: ActionScope.to_dict(ref)['action_scope']} + # + # def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id): + # with self.get_session_for_write() as session: + # query = session.query(ActionScope) + # if not action_category_id or not action_scope_id: + # query = query.filter_by(intra_extension_id=intra_extension_id) + # for ref in query.all(): + # session.delete(ref) + # else: + # query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id) + # ref = query.first() + # session.delete(ref) + # + # # Getter and Setter for subject_category_assignment + # + # def get_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id): + # with self.get_session_for_read() as session: + # query = session.query(SubjectAssignment) + # if not subject_id or not subject_category_id or not subject_category_id: + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref = query.all() + # return ref + # else: + # query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id) + # ref = query.first() + # if not ref: + # return list() + # LOG.info("get_subject_assignment_list {}".format(ref.subject_assignment)) + # return list(ref.subject_assignment) + # + # def set_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_assignment_list=[]): + # with self.get_session_for_write() as session: + # query = session.query(SubjectAssignment) + # query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id) + # ref = query.first() + # new_ref = SubjectAssignment.from_dict( + # { + # "id": uuid4().hex, + # 'subject_assignment': subject_assignment_list, + # 'intra_extension_id': intra_extension_id, + # 'subject_id': subject_id, + # 'subject_category_id': subject_category_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in SubjectAssignment.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return subject_assignment_list + # + # def add_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id): + # new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id) + # if subject_scope_id not in new_subject_assignment_list: + # new_subject_assignment_list.append(subject_scope_id) + # return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list) + # + # def del_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id): + # if not subject_id or not subject_category_id or not subject_category_id: + # with self.get_session_for_write() as session: + # for ref in self.get_subject_assignment_list(intra_extension_id, None, None): + # session.delete(ref) + # session.flush() + # return + # new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id) + # new_subject_assignment_list.remove(subject_scope_id) + # return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list) + # + # # Getter and Setter for object_category_assignment + # + # def get_object_assignment_list(self, intra_extension_id, object_id, object_category_id): + # with self.get_session_for_read() as session: + # query = session.query(ObjectAssignment) + # if not object_id or not object_category_id or not object_category_id: + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref = query.all() + # return ref + # else: + # query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id) + # ref = query.first() + # if not ref: + # return list() + # return list(ref.object_assignment) + # + # def set_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_assignment_list=[]): + # with self.get_session_for_write() as session: + # query = session.query(ObjectAssignment) + # query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id) + # ref = query.first() + # new_ref = ObjectAssignment.from_dict( + # { + # "id": uuid4().hex, + # 'object_assignment': object_assignment_list, + # 'intra_extension_id': intra_extension_id, + # 'object_id': object_id, + # 'object_category_id': object_category_id + # } + # ) + # if not ref: + # session.add(new_ref) + # else: + # for attr in ObjectAssignment.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return self.get_object_assignment_list(intra_extension_id, object_id, object_category_id) + # + # def add_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_scope_id): + # new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id) + # if object_scope_id not in new_object_assignment_list: + # new_object_assignment_list.append(object_scope_id) + # return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list) + # + # def del_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id): + # if not object_id or not object_category_id or not object_category_id: + # with self.get_session_for_write() as session: + # for ref in self.get_object_assignment_list(intra_extension_id, None, None): + # session.delete(ref) + # session.flush() + # return + # new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id) + # new_object_assignment_list.remove(object_scope_id) + # return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list) + # + # # Getter and Setter for action_category_assignment + # + # def get_action_assignment_list(self, intra_extension_id, action_id, action_category_id): + # with self.get_session_for_read() as session: + # query = session.query(ActionAssignment) + # if not action_id or not action_category_id or not action_category_id: + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref = query.all() + # return ref + # else: + # query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id) + # ref = query.first() + # if not ref: + # return list() + # return list(ref.action_assignment) + # + # def set_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_assignment_list=[]): + # with self.get_session_for_write() as session: + # query = session.query(ActionAssignment) + # query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id) + # ref = query.first() + # new_ref = ActionAssignment.from_dict( + # { + # "id": uuid4().hex, + # 'action_assignment': action_assignment_list, + # 'intra_extension_id': intra_extension_id, + # 'action_id': action_id, + # 'action_category_id': action_category_id + # } + # ) + # if not ref: + # session.add(new_ref) + # else: + # for attr in ActionAssignment.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return self.get_action_assignment_list(intra_extension_id, action_id, action_category_id) + # + # def add_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_scope_id): + # new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id) + # if action_scope_id not in new_action_assignment_list: + # new_action_assignment_list.append(action_scope_id) + # return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list) + # + # def del_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id): + # if not action_id or not action_category_id or not action_category_id: + # with self.get_session_for_write() as session: + # for ref in self.get_action_assignment_list(intra_extension_id, None, None): + # session.delete(ref) + # session.flush() + # return + # new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id) + # new_action_assignment_list.remove(action_scope_id) + # return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list) + # + # # Getter and Setter for sub_meta_rule + # + # def get_aggregation_algorithm_id(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(IntraExtension) + # query = query.filter_by(id=intra_extension_id) + # ref = query.first() + # try: + # return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]} + # except KeyError: + # return "" + # + # def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id): + # with self.get_session_for_write() as session: + # query = session.query(IntraExtension) + # query = query.filter_by(id=intra_extension_id) + # ref = query.first() + # intra_extension_dict = dict(ref.intra_extension) + # intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id + # setattr(ref, "intra_extension", intra_extension_dict) + # # session.flush() + # return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]} + # + # def del_aggregation_algorithm(self, intra_extension_id): + # with self.get_session_for_write() as session: + # query = session.query(IntraExtension) + # query = query.filter_by(id=intra_extension_id) + # ref = query.first() + # intra_extension_dict = dict(ref.intra_extension) + # intra_extension_dict["aggregation_algorithm"] = "" + # setattr(ref, "intra_extension", intra_extension_dict) + # return self.get_aggregation_algorithm_id(intra_extension_id) + # + # # Getter and Setter for sub_meta_rule + # + # def get_sub_meta_rules_dict(self, intra_extension_id): + # with self.get_session_for_read() as session: + # query = session.query(SubMetaRule) + # query = query.filter_by(intra_extension_id=intra_extension_id) + # ref_list = query.all() + # return {_ref.id: _ref.sub_meta_rule for _ref in ref_list} + # + # def set_sub_meta_rule_dict(self, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict): + # with self.get_session_for_write() as session: + # query = session.query(SubMetaRule) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id) + # ref = query.first() + # new_ref = SubMetaRule.from_dict( + # { + # "id": sub_meta_rule_id, + # 'sub_meta_rule': sub_meta_rule_dict, + # 'intra_extension_id': intra_extension_id + # } + # ) + # if not ref: + # session.add(new_ref) + # else: + # _sub_meta_rule_dict = dict(ref.sub_meta_rule) + # _sub_meta_rule_dict.update(sub_meta_rule_dict) + # setattr(new_ref, "sub_meta_rule", _sub_meta_rule_dict) + # for attr in SubMetaRule.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return self.get_sub_meta_rules_dict(intra_extension_id) + # + # def del_sub_meta_rule(self, intra_extension_id, sub_meta_rule_id): + # with self.get_session_for_write() as session: + # query = session.query(SubMetaRule) + # query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id) + # ref = query.first() + # session.delete(ref) + # + # # Getter and Setter for rules + # + # def get_rules_dict(self, intra_extension_id, sub_meta_rule_id): + # with self.get_session_for_read() as session: + # query = session.query(Rule) + # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id) + # ref_list = query.all() + # return {_ref.id: _ref.rule for _ref in ref_list} + # + # def set_rule_dict(self, intra_extension_id, sub_meta_rule_id, rule_id, rule_list): + # with self.get_session_for_write() as session: + # query = session.query(Rule) + # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id) + # ref = query.first() + # new_ref = Rule.from_dict( + # { + # "id": rule_id, + # 'rule': rule_list, + # 'intra_extension_id': intra_extension_id, + # 'sub_meta_rule_id': sub_meta_rule_id + # } + # ) + # if not ref: + # session.add(new_ref) + # ref = new_ref + # else: + # for attr in Rule.attributes: + # if attr != 'id': + # setattr(ref, attr, getattr(new_ref, attr)) + # # session.flush() + # return {rule_id: ref.rule} + # + # def del_rule(self, intra_extension_id, sub_meta_rule_id, rule_id): + # with self.get_session_for_write() as session: + # query = session.query(Rule) + # query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id) + # ref = query.first() + # session.delete(ref) + + +class SQLConnector(PDPConnector, PolicyConnector, ModelConnector): + pass diff --git a/old/python_moondb/python_moondb/core.py b/old/python_moondb/python_moondb/core.py new file mode 100644 index 00000000..3fee146b --- /dev/null +++ b/old/python_moondb/python_moondb/core.py @@ -0,0 +1,228 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import logging +from stevedore.driver import DriverManager +from python_moonutilities import configuration +from python_moondb.api import model, policy, pdp, keystone + +logger = logging.getLogger("moon.db") + + +class Driver(DriverManager): + + def __init__(self, driver_name, engine_name): + logger.info("initialization of Driver {}".format(driver_name)) + super(Driver, self).__init__( + namespace='moon_db.driver', + name=driver_name, + invoke_on_load=True, + invoke_args=(engine_name,), + ) + + +class ModelDriver(Driver): + + def __init__(self, driver_name, engine_name): + super(ModelDriver, self).__init__(driver_name, engine_name) + + def update_model(self, model_id, value): + raise NotImplementedError() # pragma: no cover + + def delete_model(self, model_id): + raise NotImplementedError() # pragma: no cover + + def add_model(self, model_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def get_models(self, model_id=None): + raise NotImplementedError() # pragma: no cover + + def set_meta_rule(self, meta_rule_id, value): + raise NotImplementedError() # pragma: no cover + + def get_meta_rules(self, meta_rule_id=None): + raise NotImplementedError() # pragma: no cover + + def delete_meta_rule(self, meta_rule_id=None): + raise NotImplementedError() # pragma: no cover + + def get_subject_categories(self, category_id=None): + raise NotImplementedError() # pragma: no cover + + def add_subject_category(self, name, description): + raise NotImplementedError() # pragma: no cover + + def delete_subject_category(self, category_id): + raise NotImplementedError() # pragma: no cover + + def get_object_categories(self, category_id): + raise NotImplementedError() # pragma: no cover + + def add_object_category(self, category_id, value): + raise NotImplementedError() # pragma: no cover + + def delete_object_category(self, category_id): + raise NotImplementedError() # pragma: no cover + + def get_action_categories(self, category_id): + raise NotImplementedError() # pragma: no cover + + def add_action_category(self, category_id, value): + raise NotImplementedError() # pragma: no cover + + def delete_action_category(self, category_id): + raise NotImplementedError() # pragma: no cover + + +class PolicyDriver(Driver): + + def __init__(self, driver_name, engine_name): + super(PolicyDriver, self).__init__(driver_name, engine_name) + + def update_policy(self, policy_id, value): + raise NotImplementedError() # pragma: no cover + + def delete_policy(self, policy_id): + raise NotImplementedError() # pragma: no cover + + def add_policy(self, policy_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def get_policies(self, policy_id=None): + raise NotImplementedError() # pragma: no cover + + def get_subjects(self, policy_id, perimeter_id=None): + raise NotImplementedError() # pragma: no cover + + def set_subject(self, policy_id, perimeter_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def delete_subject(self, policy_id, perimeter_id): + raise NotImplementedError() # pragma: no cover + + def get_objects(self, policy_id, perimeter_id=None): + raise NotImplementedError() # pragma: no cover + + def set_object(self, policy_id, perimeter_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def delete_object(self, policy_id, perimeter_id): + raise NotImplementedError() # pragma: no cover + + def get_actions(self, policy_id, perimeter_id=None): + raise NotImplementedError() # pragma: no cover + + def set_action(self, policy_id, perimeter_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def delete_action(self, policy_id, perimeter_id): + raise NotImplementedError() # pragma: no cover + + def get_subject_data(self, policy_id, data_id=None, category_id=None): + raise NotImplementedError() # pragma: no cover + + def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def delete_subject_data(self, policy_id, data_id): + raise NotImplementedError() # pragma: no cover + + def get_object_data(self, policy_id, data_id=None, category_id=None): + raise NotImplementedError() # pragma: no cover + + def set_object_data(self, policy_id, data_id=None, category_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def delete_object_data(self, policy_id, data_id): + raise NotImplementedError() # pragma: no cover + + def get_action_data(self, policy_id, data_id=None, category_id=None): + raise NotImplementedError() # pragma: no cover + + def set_action_data(self, policy_id, data_id=None, category_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def delete_action_data(self, policy_id, data_id): + raise NotImplementedError() # pragma: no cover + + def get_subject_assignments(self, policy_id, subject_id=None, category_id=None): + raise NotImplementedError() # pragma: no cover + + def add_subject_assignment(self, policy_id, subject_id, category_id, data_id): + raise NotImplementedError() # pragma: no cover + + def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id): + raise NotImplementedError() # pragma: no cover + + def get_object_assignments(self, policy_id, assignment_id=None): + raise NotImplementedError() # pragma: no cover + + def add_object_assignment(self, policy_id, subject_id, category_id, data_id): + raise NotImplementedError() # pragma: no cover + + def delete_object_assignment(self, policy_id, object_id, category_id, data_id): + raise NotImplementedError() # pragma: no cover + + def get_action_assignments(self, policy_id, assignment_id=None): + raise NotImplementedError() # pragma: no cover + + def add_action_assignment(self, policy_id, action_id, category_id, data_id): + raise NotImplementedError() # pragma: no cover + + def delete_action_assignment(self, policy_id, action_id, category_id, data_id): + raise NotImplementedError() # pragma: no cover + + def get_rules(self, policy_id, rule_id=None, meta_rule_id=None): + raise NotImplementedError() # pragma: no cover + + def add_rule(self, policy_id, meta_rule_id, value): + raise NotImplementedError() # pragma: no cover + + def delete_rule(self, policy_id, rule_id): + raise NotImplementedError() # pragma: no cover + + +class PDPDriver(Driver): + + def __init__(self, driver_name, engine_name): + super(PDPDriver, self).__init__(driver_name, engine_name) + + def update_pdp(self, pdp_id, value): + raise NotImplementedError() # pragma: no cover + + def delete_pdp(self, pdp_id): + raise NotImplementedError() # pragma: no cover + + def add_pdp(self, pdp_id=None, value=None): + raise NotImplementedError() # pragma: no cover + + def get_pdp(self, pdp_id=None): + raise NotImplementedError() # pragma: no cover + + +class KeystoneDriver(Driver): + + def __init__(self, driver_name, engine_name): + super(KeystoneDriver, self).__init__(driver_name, engine_name) + + +conf = configuration.get_configuration("database")['database'] + +KeystoneManager = keystone.KeystoneManager( + KeystoneDriver(conf['driver'], conf['url']) +) + +ModelManager = model.ModelManager( + ModelDriver(conf['driver'], conf['url']) +) + +PolicyManager = policy.PolicyManager( + PolicyDriver(conf['driver'], conf['url']) +) + +PDPManager = pdp.PDPManager( + PDPDriver(conf['driver'], conf['url']) +) diff --git a/old/python_moondb/python_moondb/db_manager.py b/old/python_moondb/python_moondb/db_manager.py new file mode 100644 index 00000000..c251afbb --- /dev/null +++ b/old/python_moondb/python_moondb/db_manager.py @@ -0,0 +1,82 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +""" + +import os +import glob +import importlib +import argparse +import logging +from sqlalchemy import create_engine +from python_moonutilities import configuration +from python_moondb.migrate_repo import versions + + +def init_args(): + parser = argparse.ArgumentParser() + parser.add_argument('command', help='command (upgrade or downgrade)', + nargs=1) + parser.add_argument("--verbose", "-v", action='store_true', + help="verbose mode") + parser.add_argument("--debug", "-d", action='store_true', + help="debug mode") + args = parser.parse_args() + + FORMAT = '%(asctime)-15s %(levelname)s %(message)s' + if args.debug: + logging.basicConfig( + format=FORMAT, + level=logging.DEBUG) + elif args.verbose: + logging.basicConfig( + format=FORMAT, + level=logging.INFO) + else: + logging.basicConfig( + format=FORMAT, + level=logging.WARNING) + + requests_log = logging.getLogger("requests.packages.urllib3") + requests_log.setLevel(logging.WARNING) + requests_log.propagate = True + + logger = logging.getLogger("moon.db.manager") + return args, logger + + +def init_engine(): + db_conf = configuration.get_configuration("database")["database"] + return create_engine(db_conf['url']) + + +def main(command, logger, engine): + files = glob.glob(versions.__path__[0] + "/[0-9][0-9][0-9]*.py") + for filename in files: + filename = os.path.basename(filename).replace(".py", "") + o = importlib.import_module( + "python_moondb.migrate_repo.versions.{}".format(filename)) + logger.info("Command is {}".format(command)) + if command in ("upgrade", "u", "up"): + logger.info( + "upgrading python_moondb.migrate_repo.versions.{}".format(filename)) + o.upgrade(engine) + elif command in ("downgrade", "d", "down"): + logger.info( + "downgrading python_moondb.migrate_repo.versions.{}".format( + filename)) + o.downgrade(engine) + else: + logger.critical("Cannot understand the command!") + + +def run(): + args, logger = init_args() + engine = init_engine() + main(args.command[0], logger, engine) + + +if __name__ == "__main__": + run() diff --git a/old/python_moondb/python_moondb/migrate_repo/__init__.py b/old/python_moondb/python_moondb/migrate_repo/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/old/python_moondb/python_moondb/migrate_repo/__init__.py diff --git a/old/python_moondb/python_moondb/migrate_repo/versions/001_moon.py b/old/python_moondb/python_moondb/migrate_repo/versions/001_moon.py new file mode 100644 index 00000000..13670b91 --- /dev/null +++ b/old/python_moondb/python_moondb/migrate_repo/versions/001_moon.py @@ -0,0 +1,267 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import json +import sqlalchemy as sql +from sqlalchemy import types as sql_types + + +class JsonBlob(sql_types.TypeDecorator): + impl = sql.Text + + def process_bind_param(self, value, dialect): + return json.dumps(value) + + def process_result_value(self, value, dialect): + return json.loads(value) + + +def upgrade(migrate_engine): + meta = sql.MetaData() + meta.bind = migrate_engine + + table = sql.Table( + 'pdp', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('keystone_project_id', sql.String(64), nullable=True, default=""), + sql.Column('value', JsonBlob(), nullable=True), + sql.UniqueConstraint('name', 'keystone_project_id', name='unique_constraint_models'), + mysql_engine='InnoDB', + mysql_charset='utf8') + table.create(migrate_engine, checkfirst=True) + + table = sql.Table( + 'policies', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('model_id', sql.String(64), nullable=True, default=""), + sql.Column('value', JsonBlob(), nullable=True), + sql.UniqueConstraint('name', 'model_id', name='unique_constraint_models'), + mysql_engine='InnoDB', + mysql_charset='utf8') + table.create(migrate_engine, checkfirst=True) + + table = sql.Table( + 'models', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_models'), + mysql_engine='InnoDB', + mysql_charset='utf8') + table.create(migrate_engine, checkfirst=True) + + subject_categories_table = sql.Table( + 'subject_categories', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('description', sql.String(256), nullable=True), + + sql.UniqueConstraint('name', name='unique_constraint_subject_categories'), + mysql_engine='InnoDB', + mysql_charset='utf8') + subject_categories_table.create(migrate_engine, checkfirst=True) + + object_categories_table = sql.Table( + 'object_categories', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('description', sql.String(256), nullable=True), + + sql.UniqueConstraint('name', name='unique_constraint_object_categories'), + mysql_engine='InnoDB', + mysql_charset='utf8') + object_categories_table.create(migrate_engine, checkfirst=True) + + action_categories_table = sql.Table( + 'action_categories', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('description', sql.String(256), nullable=True), + + sql.UniqueConstraint('name', name='unique_constraint_action_categories'), + mysql_engine='InnoDB', + mysql_charset='utf8') + action_categories_table.create(migrate_engine, checkfirst=True) + + subjects_table = sql.Table( + 'subjects', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_subjects'), + mysql_engine='InnoDB', + mysql_charset='utf8') + subjects_table.create(migrate_engine, checkfirst=True) + + objects_table = sql.Table( + 'objects', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_objects'), + mysql_engine='InnoDB', + mysql_charset='utf8') + objects_table.create(migrate_engine, checkfirst=True) + + actions_table = sql.Table( + 'actions', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_actions'), + mysql_engine='InnoDB', + mysql_charset='utf8') + actions_table.create(migrate_engine, checkfirst=True) + + subject_data_table = sql.Table( + 'subject_data', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), + sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.UniqueConstraint('name', 'category_id', 'policy_id', + name='unique_constraint_subject_data'), + mysql_engine='InnoDB', + mysql_charset='utf8') + subject_data_table.create(migrate_engine, checkfirst=True) + + object_data_table = sql.Table( + 'object_data', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), + sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.UniqueConstraint('name', 'category_id', 'policy_id', + name='unique_constraint_object_data'), + mysql_engine='InnoDB', + mysql_charset='utf8') + object_data_table.create(migrate_engine, checkfirst=True) + + action_data_table = sql.Table( + 'action_data', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), + sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.UniqueConstraint('name', 'category_id', 'policy_id', + name='unique_constraint_action_data'), + mysql_engine='InnoDB', + mysql_charset='utf8') + action_data_table.create(migrate_engine, checkfirst=True) + + subject_assignments_table = sql.Table( + 'subject_assignments', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('assignments', sql.String(256), nullable=True), + sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False), + sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False), + sql.UniqueConstraint('policy_id', 'subject_id', 'category_id', + name='unique_constraint_subject_assignment'), + mysql_engine='InnoDB', + mysql_charset='utf8') + subject_assignments_table.create(migrate_engine, checkfirst=True) + + object_assignments_table = sql.Table( + 'object_assignments', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('assignments', sql.String(256), nullable=True), + sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False), + sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False), + sql.UniqueConstraint('policy_id', 'object_id', 'category_id', + name='unique_constraint_object_assignment'), + mysql_engine='InnoDB', + mysql_charset='utf8') + object_assignments_table.create(migrate_engine, checkfirst=True) + + action_assignments_table = sql.Table( + 'action_assignments', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('assignments', sql.String(256), nullable=True), + sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False), + sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False), + sql.UniqueConstraint('policy_id', 'action_id', 'category_id', + name='unique_constraint_action_assignment'), + mysql_engine='InnoDB', + mysql_charset='utf8') + action_assignments_table.create(migrate_engine, checkfirst=True) + + meta_rules_table = sql.Table( + 'meta_rules', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('name', sql.String(256), nullable=False), + sql.Column('subject_categories', JsonBlob(), nullable=False), + sql.Column('object_categories', JsonBlob(), nullable=False), + sql.Column('action_categories', JsonBlob(), nullable=False), + sql.Column('value', JsonBlob(), nullable=True), + sql.UniqueConstraint('name', name='unique_constraint_meta_rule_name'), + # sql.UniqueConstraint('subject_categories', 'object_categories', 'action_categories', name='unique_constraint_meta_rule_def'), + mysql_engine='InnoDB', + mysql_charset='utf8') + meta_rules_table.create(migrate_engine, checkfirst=True) + + rules_table = sql.Table( + 'rules', + meta, + sql.Column('id', sql.String(64), primary_key=True), + sql.Column('rule', JsonBlob(), nullable=True), + sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False), + sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False), + mysql_engine='InnoDB', + mysql_charset='utf8') + rules_table.create(migrate_engine, checkfirst=True) + + +def downgrade(migrate_engine): + meta = sql.MetaData() + meta.bind = migrate_engine + + for _table in ( + 'rules', + 'meta_rules', + 'action_assignments', + 'object_assignments', + 'subject_assignments', + 'action_data', + 'object_data', + 'subject_data', + 'actions', + 'objects', + 'subjects', + 'action_categories', + 'object_categories', + 'subject_categories', + 'models', + 'policies', + 'pdp' + ): + try: + table = sql.Table(_table, meta, autoload=True) + table.drop(migrate_engine, checkfirst=True) + except Exception as e: + print(e) diff --git a/old/python_moondb/python_moondb/migrate_repo/versions/__init__.py b/old/python_moondb/python_moondb/migrate_repo/versions/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/old/python_moondb/python_moondb/migrate_repo/versions/__init__.py diff --git a/old/python_moondb/requirements.txt b/old/python_moondb/requirements.txt new file mode 100644 index 00000000..a205666f --- /dev/null +++ b/old/python_moondb/requirements.txt @@ -0,0 +1,4 @@ +stevedore +sqlalchemy +pymysql +requests diff --git a/old/python_moondb/setup.py b/old/python_moondb/setup.py new file mode 100644 index 00000000..e34369d4 --- /dev/null +++ b/old/python_moondb/setup.py @@ -0,0 +1,54 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from setuptools import setup, find_packages +import python_moondb + + +with open('requirements.txt') as f: + required = f.read().splitlines() + +setup( + + name='python-moondb', + + version=python_moondb.__version__, + + packages=find_packages(), + + author="Thomas Duval", + + author_email="thomas.duval@orange.com", + + description="This library is a helper to interact with the Moon database.", + + long_description=open('README.md').read(), + + install_requires=required, + + include_package_data=True, + + url='https://git.opnfv.org/cgit/moon/', + + classifiers=[ + "Programming Language :: Python", + "Development Status :: 1 - Planning", + "License :: OSI Approved", + "Natural Language :: English", + "Operating System :: OS Independent", + "Programming Language :: Python :: 3", + ], + + entry_points={ + "moon_db.driver": + [ + "sql = python_moondb.backends.sql:SQLConnector", + ], + 'console_scripts': [ + 'moon_db_manager = python_moondb.db_manager:run', + ], + } + +) diff --git a/old/python_moondb/tests/unit_python/conftest.py b/old/python_moondb/tests/unit_python/conftest.py new file mode 100644 index 00000000..a1057907 --- /dev/null +++ b/old/python_moondb/tests/unit_python/conftest.py @@ -0,0 +1,145 @@ +import base64 +import json +import logging +import os +import pytest +import requests_mock +import mock_components +import mock_keystone + +CONF = { + "openstack": { + "keystone": { + "url": "http://keystone:5000/v3", + "user": "admin", + "check_token": False, + "password": "p4ssw0rd", + "domain": "default", + "certificate": False, + "project": "admin" + } + }, + "components": { + "wrapper": { + "bind": "0.0.0.0", + "port": 8080, + "container": "wukongsun/moon_wrapper:v4.3", + "timeout": 5, + "hostname": "wrapper" + }, + "manager": { + "bind": "0.0.0.0", + "port": 8082, + "container": "wukongsun/moon_manager:v4.3", + "hostname": "manager" + }, + "port_start": 31001, + "orchestrator": { + "bind": "0.0.0.0", + "port": 8083, + "container": "wukongsun/moon_orchestrator:v4.3", + "hostname": "interface" + }, + "interface": { + "bind": "0.0.0.0", + "port": 8080, + "container": "wukongsun/moon_interface:v4.3", + "hostname": "interface" + } + }, + "plugins": { + "session": { + "port": 8082, + "container": "asteroide/session:latest" + }, + "authz": { + "port": 8081, + "container": "wukongsun/moon_authz:v4.3" + } + }, + "logging": { + "handlers": { + "file": { + "filename": "/tmp/moon.log", + "class": "logging.handlers.RotatingFileHandler", + "level": "DEBUG", + "formatter": "custom", + "backupCount": 3, + "maxBytes": 1048576 + }, + "console": { + "class": "logging.StreamHandler", + "formatter": "brief", + "level": "INFO", + "stream": "ext://sys.stdout" + } + }, + "formatters": { + "brief": { + "format": "%(levelname)s %(name)s %(message)-30s" + }, + "custom": { + "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" + } + }, + "root": { + "handlers": [ + "console" + ], + "level": "ERROR" + }, + "version": 1, + "loggers": { + "moon": { + "handlers": [ + "console", + "file" + ], + "propagate": False, + "level": "DEBUG" + } + } + }, + "slave": { + "name": None, + "master": { + "url": None, + "login": None, + "password": None + } + }, + "docker": { + "url": "tcp://172.88.88.1:2376", + "network": "moon" + }, + "database": { + "url": "sqlite:///database.db", + # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", + "driver": "sql" + }, + "messenger": { + "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" + } +} + + +@pytest.fixture +def db(): + return CONF['database'] + + +@pytest.fixture(autouse=True) +def set_consul_and_db(monkeypatch): + """ Modify the response from Requests module + """ + with requests_mock.Mocker(real_http=True) as m: + mock_components.register_components(m) + mock_keystone.register_keystone(m) + + from python_moondb.db_manager import init_engine, main + engine = init_engine() + main("upgrade", logging.getLogger("db_manager"), engine) + yield m + os.unlink(CONF['database']['url'].replace("sqlite:///", "")) + + diff --git a/old/python_moondb/tests/unit_python/helpers/__init__.py b/old/python_moondb/tests/unit_python/helpers/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/__init__.py diff --git a/old/python_moondb/tests/unit_python/helpers/assignment_helper.py b/old/python_moondb/tests/unit_python/helpers/assignment_helper.py new file mode 100644 index 00000000..22a56e38 --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/assignment_helper.py @@ -0,0 +1,49 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +def get_action_assignments(policy_id, action_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_action_assignments("", policy_id, action_id, category_id) + + +def add_action_assignment(policy_id, action_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_action_assignment("", policy_id, action_id, category_id, data_id) + + +def delete_action_assignment(policy_id, action_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action_assignment("", policy_id, action_id, category_id, data_id) + + +def get_object_assignments(policy_id, object_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_object_assignments("", policy_id, object_id, category_id) + + +def add_object_assignment(policy_id, object_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_object_assignment("", policy_id, object_id, category_id, data_id) + + +def delete_object_assignment(policy_id, object_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object_assignment("", policy_id, object_id, category_id, data_id) + + +def get_subject_assignments(policy_id, subject_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subject_assignments("", policy_id, subject_id, category_id) + + +def add_subject_assignment(policy_id, subject_id, category_id, data_id): + from python_moondb.core import PolicyManager + return PolicyManager.add_subject_assignment("", policy_id, subject_id, category_id, data_id) + + +def delete_subject_assignment(policy_id, subject_id, category_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject_assignment("", policy_id, subject_id, category_id, data_id) + diff --git a/old/python_moondb/tests/unit_python/helpers/category_helper.py b/old/python_moondb/tests/unit_python/helpers/category_helper.py new file mode 100644 index 00000000..55e95d91 --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/category_helper.py @@ -0,0 +1,54 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +def add_subject_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_subject_category(user_id=None, category_id=cat_id, value=value) + return category + + +def get_subject_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_subject_categories(user_id=None, category_id=cat_id) + return category + + +def add_object_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_object_category(user_id=None, category_id=cat_id, value=value) + return category + + +def get_object_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_object_categories(user_id=None, category_id=cat_id) + return category + + +def add_action_category(cat_id=None, value=None): + from python_moondb.core import ModelManager + category = ModelManager.add_action_category(user_id=None, category_id=cat_id, value=value) + return category + + +def get_action_category(cat_id=None): + from python_moondb.core import ModelManager + category = ModelManager.get_action_categories(user_id=None, category_id=cat_id) + return category + + +def delete_subject_category(category_id=None): + from python_moondb.core import ModelManager + return ModelManager.delete_subject_category("", category_id=category_id) + + +def delete_object_category(category_id=None): + from python_moondb.core import ModelManager + return ModelManager.delete_object_category("", category_id=category_id) + + +def delete_action_category(category_id=None): + from python_moondb.core import ModelManager + return ModelManager.delete_action_category("", category_id=category_id) diff --git a/old/python_moondb/tests/unit_python/helpers/data_helper.py b/old/python_moondb/tests/unit_python/helpers/data_helper.py new file mode 100644 index 00000000..8a8238f5 --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/data_helper.py @@ -0,0 +1,98 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +def get_action_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_action_data("", policy_id, data_id, category_id) + + +def add_action_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_action_data("", policy_id, data_id, category_id, value) + + +def delete_action_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action_data("",policy_id=policy_id, data_id=data_id) + + +def get_object_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_object_data("", policy_id, data_id, category_id) + + +def add_object_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_object_data("", policy_id, data_id, category_id, value) + + +def delete_object_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object_data("", policy_id=policy_id, data_id=data_id) + + +def get_subject_data(policy_id, data_id=None, category_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subject_data("", policy_id, data_id, category_id) + + +def add_subject_data(policy_id, data_id=None, category_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.set_subject_data("", policy_id, data_id, category_id, value) + + +def delete_subject_data(policy_id, data_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject_data("", policy_id=policy_id, data_id=data_id) + + +def get_actions(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_actions("", policy_id, perimeter_id) + + +def add_action(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_action("", policy_id, perimeter_id, value) + + +def delete_action(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_action("", policy_id, perimeter_id) + + +def get_objects(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_objects("", policy_id, perimeter_id) + + +def add_object(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_object("", policy_id, perimeter_id, value) + + +def delete_object(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_object("", policy_id, perimeter_id) + + +def get_subjects(policy_id, perimeter_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_subjects("", policy_id, perimeter_id) + + +def add_subject(policy_id, perimeter_id=None, value=None): + from python_moondb.core import PolicyManager + return PolicyManager.add_subject("", policy_id, perimeter_id, value) + + +def delete_subject(policy_id, perimeter_id): + from python_moondb.core import PolicyManager + PolicyManager.delete_subject("", policy_id, perimeter_id) + + +def get_available_metadata(policy_id): + from python_moondb.core import PolicyManager + return PolicyManager.get_available_metadata("", policy_id) diff --git a/old/python_moondb/tests/unit_python/helpers/meta_rule_helper.py b/old/python_moondb/tests/unit_python/helpers/meta_rule_helper.py new file mode 100644 index 00000000..87af250a --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/meta_rule_helper.py @@ -0,0 +1,48 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from helpers import mock_data + + +def update_meta_rule(meta_rule_id, value=None): + from python_moondb.core import ModelManager + if not value: + action_category_id = mock_data.create_action_category("action_category_id1") + subject_category_id = mock_data.create_subject_category("subject_category_id1") + object_category_id = mock_data.create_object_category("object_category_id1") + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + return ModelManager.update_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) + + +def add_meta_rule(meta_rule_id=None, value=None): + from python_moondb.core import ModelManager + if not value: + action_category_id = mock_data.create_action_category("action_category_id1") + subject_category_id = mock_data.create_subject_category("subject_category_id1") + object_category_id = mock_data.create_object_category("object_category_id1") + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + return ModelManager.add_meta_rule(user_id=None, meta_rule_id=meta_rule_id, value=value) + + +def get_meta_rules(meta_rule_id=None): + from python_moondb.core import ModelManager + return ModelManager.get_meta_rules(user_id=None, meta_rule_id=meta_rule_id) + + +def delete_meta_rules(meta_rule_id=None): + from python_moondb.core import ModelManager + ModelManager.delete_meta_rule(user_id=None, meta_rule_id=meta_rule_id) diff --git a/old/python_moondb/tests/unit_python/helpers/mock_data.py b/old/python_moondb/tests/unit_python/helpers/mock_data.py new file mode 100644 index 00000000..0d65ea02 --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/mock_data.py @@ -0,0 +1,156 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from .category_helper import * +from .policy_helper import * +from .data_helper import * +from .model_helper import * +from .meta_rule_helper import * +from uuid import uuid4 + + +def create_subject_category(name): + subject_category = add_subject_category( + value={"name": name, "description": "description 1"}) + return list(subject_category.keys())[0] + + +def create_object_category(name): + object_category = add_object_category( + value={"name": name, "description": "description 1"}) + return list(object_category.keys())[0] + + +def create_action_category(name): + action_category = add_action_category( + value={"name": name, "description": "description 1"}) + return list(action_category.keys())[0] + + +def create_model(meta_rule_id, model_name="test_model"): + value = { + "name": model_name, + "description": "test", + "meta_rules": [meta_rule_id] + + } + return value + + +def create_policy(model_id, policy_name="policy_1"): + value = { + "name": policy_name, + "model_id": model_id, + "genre": "authz", + "description": "test", + } + return value + + +def create_pdp(policies_ids): + value = { + "name": "test_pdp", + "security_pipeline": policies_ids, + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + return value + + +def create_new_policy(subject_category_name="subjectCategory", object_category_name="objectCategory", + action_category_name="actionCategory", + model_name="test_model", policy_name="policy_name", + meta_rule_name="meta_rule_"): + if policy_name == "policy_name": + policy_name = "policy_name_" + uuid4().hex + + subject_category_id, object_category_id, action_category_id, meta_rule_id = create_new_meta_rule( + subject_category_name=subject_category_name + uuid4().hex, + object_category_name=object_category_name + uuid4().hex, + action_category_name=action_category_name + uuid4().hex, + meta_rule_name=meta_rule_name + uuid4().hex + ) + model = add_model(value=create_model(meta_rule_id, model_name)) + model_id = list(model.keys())[0] + value = create_policy(model_id, policy_name) + policy = add_policies(value=value) + assert policy + policy_id = list(policy.keys())[0] + return subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id + + +def create_new_meta_rule(subject_category_name="subject_category" + uuid4().hex, + object_category_name="object_category" + uuid4().hex, + action_category_name="action_category" + uuid4().hex, + meta_rule_name="meta_rule" + uuid4().hex): + from python_moondb.core import ModelManager + + subject_category_id = create_subject_category(subject_category_name) + object_category_id = create_object_category(object_category_name) + action_category_id = create_action_category(action_category_name) + value = {"name": meta_rule_name, + "algorithm": "name of the meta rule algorithm", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + # meta_rule = add_meta_rule(value=value) + meta_rule = ModelManager.add_meta_rule(user_id=None, meta_rule_id=None, value=value) + return subject_category_id, object_category_id, action_category_id, list(meta_rule.keys())[0] + + +def create_subject(policy_id): + value = { + "name": "testuser", + "description": "test", + } + subject = add_subject(policy_id=policy_id, value=value) + return list(subject.keys())[0] + + +def create_object(policy_id): + value = { + "name": "testobject", + "description": "test", + } + object = add_object(policy_id=policy_id, value=value) + return list(object.keys())[0] + + +def create_action(policy_id): + value = { + "name": "testaction", + "description": "test", + } + action = add_action(policy_id=policy_id, value=value) + return list(action.keys())[0] + + +def create_subject_data(policy_id, category_id): + value = { + "name": uuid4().hex, + "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, + } + subject_data = add_subject_data(policy_id=policy_id, category_id=category_id, value=value).get('data') + assert subject_data + return list(subject_data.keys())[0] + + +def create_object_data(policy_id, category_id): + value = { + "name": uuid4().hex, + "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, + } + object_data = add_object_data(policy_id=policy_id, category_id=category_id, value=value).get('data') + return list(object_data.keys())[0] + + +def create_action_data(policy_id, category_id): + value = { + "name": uuid4().hex, + "description": {uuid4().hex: "", uuid4().hex: "", uuid4().hex: ""}, + } + action_data = add_action_data(policy_id=policy_id, category_id=category_id, value=value).get('data') + return list(action_data.keys())[0] diff --git a/old/python_moondb/tests/unit_python/helpers/model_helper.py b/old/python_moondb/tests/unit_python/helpers/model_helper.py new file mode 100644 index 00000000..98a6271d --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/model_helper.py @@ -0,0 +1,47 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from helpers import mock_data +from uuid import uuid4 + +def get_models(model_id=None): + from python_moondb.core import ModelManager + return ModelManager.get_models(user_id=None, model_id=model_id) + + +def add_model(model_id=None, value=None): + from python_moondb.core import ModelManager + if not value: + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule() + name = "MLS" if model_id is None else "MLS " + model_id + value = { + "name": name, + "description": "test", + "meta_rules": [meta_rule_id] + } + return ModelManager.add_model(user_id=None, model_id=model_id, value=value) + + +def delete_models(uuid=None, name=None): + from python_moondb.core import ModelManager + if not uuid: + for model_id, model_value in get_models(): + if name == model_value['name']: + uuid = model_id + break + ModelManager.delete_model(user_id=None, model_id=uuid) + + +def delete_all_models(): + from python_moondb.core import ModelManager + models_values = get_models() + print(models_values) + for model_id, model_value in models_values.items(): + ModelManager.delete_model(user_id=None, model_id=model_id) + + +def update_model(model_id=None, value=None): + from python_moondb.core import ModelManager + return ModelManager.update_model(user_id=None, model_id=model_id, value=value) diff --git a/old/python_moondb/tests/unit_python/helpers/pdp_helper.py b/old/python_moondb/tests/unit_python/helpers/pdp_helper.py new file mode 100644 index 00000000..3d169b06 --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/pdp_helper.py @@ -0,0 +1,23 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +def update_pdp(pdp_id, value): + from python_moondb.core import PDPManager + return PDPManager.update_pdp("", pdp_id, value) + + +def delete_pdp(pdp_id): + from python_moondb.core import PDPManager + PDPManager.delete_pdp("", pdp_id) + + +def add_pdp(pdp_id=None, value=None): + from python_moondb.core import PDPManager + return PDPManager.add_pdp("", pdp_id, value) + + +def get_pdp(pdp_id=None): + from python_moondb.core import PDPManager + return PDPManager.get_pdp("", pdp_id) diff --git a/old/python_moondb/tests/unit_python/helpers/policy_helper.py b/old/python_moondb/tests/unit_python/helpers/policy_helper.py new file mode 100644 index 00000000..93d81c62 --- /dev/null +++ b/old/python_moondb/tests/unit_python/helpers/policy_helper.py @@ -0,0 +1,72 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +from helpers import mock_data as mock_data +from helpers import meta_rule_helper + +def get_policies(): + from python_moondb.core import PolicyManager + return PolicyManager.get_policies("admin") + + +def add_policies(policy_id=None, value=None): + from python_moondb.core import PolicyManager + if not value: + value = { + "name": "test_policy", + "model_id": "", + "genre": "authz", + "description": "test", + } + return PolicyManager.add_policy("admin", policy_id=policy_id, value=value) + + +def delete_policies(uuid=None, name=None): + from python_moondb.core import PolicyManager + if not uuid: + for policy_id, policy_value in get_policies(): + if name == policy_value['name']: + uuid = policy_id + break + PolicyManager.delete_policy("admin", uuid) + + +def update_policy(policy_id, value): + from python_moondb.core import PolicyManager + return PolicyManager.update_policy("admin", policy_id, value) + + +def get_policy_from_meta_rules(meta_rule_id): + from python_moondb.core import PolicyManager + return PolicyManager.get_policy_from_meta_rules("admin", meta_rule_id) + + +def get_rules(policy_id=None, meta_rule_id=None, rule_id=None): + from python_moondb.core import PolicyManager + return PolicyManager.get_rules("", policy_id, meta_rule_id, rule_id) + + +def add_rule(policy_id, meta_rule_id, value=None): + from python_moondb.core import PolicyManager + if not value: + meta_rule = meta_rule_helper.get_meta_rules(meta_rule_id) + sub_cat_id = meta_rule[meta_rule_id]['subject_categories'][0] + ob_cat_id = meta_rule[meta_rule_id]['object_categories'][0] + act_cat_id = meta_rule[meta_rule_id]['action_categories'][0] + + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=sub_cat_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, category_id=ob_cat_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, category_id=act_cat_id) + + value = { + "rule": (subject_data_id, object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + return PolicyManager.add_rule("", policy_id, meta_rule_id, value) + + +def delete_rule(policy_id=None, rule_id=None): + from python_moondb.core import PolicyManager + PolicyManager.delete_rule("", policy_id, rule_id) diff --git a/old/python_moondb/tests/unit_python/mock_components.py b/old/python_moondb/tests/unit_python/mock_components.py new file mode 100644 index 00000000..a0319e1a --- /dev/null +++ b/old/python_moondb/tests/unit_python/mock_components.py @@ -0,0 +1,27 @@ +import utilities + +COMPONENTS = ( + "logging", + "openstack/keystone", + "database", + "slave", + "components/manager", + "components/orchestrator", + "components/interface", +) + + +def register_components(m): + for component in COMPONENTS: + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/{}'.format(component), + json=[{'Key': component, 'Value': utilities.get_b64_conf(component)}] + ) + + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/components?recurse=true', + json=[ + {"Key": key, "Value": utilities.get_b64_conf(key)} for key in COMPONENTS + ], + # json={'Key': "components", 'Value': get_b64_conf("components")} + )
\ No newline at end of file diff --git a/old/python_moondb/tests/unit_python/mock_keystone.py b/old/python_moondb/tests/unit_python/mock_keystone.py new file mode 100644 index 00000000..3f262538 --- /dev/null +++ b/old/python_moondb/tests/unit_python/mock_keystone.py @@ -0,0 +1,33 @@ +def register_keystone(m): + m.register_uri( + 'POST', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'DELETE', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users/', + json={"users": [{ + "id": "1111111111111" + }]} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/projects/', + json={ + "description": "test_project", + "domain_id": ['domain_id_1'], + "enabled": True, + "is_domain": False, + "name": 'project_1' + } + ) diff --git a/old/python_moondb/tests/unit_python/models/__init__.py b/old/python_moondb/tests/unit_python/models/__init__.py new file mode 100755 index 00000000..e69de29b --- /dev/null +++ b/old/python_moondb/tests/unit_python/models/__init__.py diff --git a/old/python_moondb/tests/unit_python/models/test_categories.py b/old/python_moondb/tests/unit_python/models/test_categories.py new file mode 100644 index 00000000..39dc4c71 --- /dev/null +++ b/old/python_moondb/tests/unit_python/models/test_categories.py @@ -0,0 +1,111 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import pytest +import logging +from python_moonutilities.exceptions import * +from helpers import category_helper + +logger = logging.getLogger("moon.db.tests.models.test_categories") + + +def test_add_subject_category_twice(): + category = category_helper.add_subject_category( + value={"name": "category name", "description": "description 1"}) + category_id = list(category.keys())[0] + assert category is not None + with pytest.raises(SubjectCategoryExisting): + category_helper.add_subject_category(category_id, + value={"name": "category name", + "description": "description 2"}) + + +def test_add_subject_category_name_space(): + with pytest.raises(CategoryNameInvalid) as exp: + category = category_helper.add_subject_category(value={"name": " ", "description": + "description 1"}) + assert exp.value.code == 400 + assert exp.value.description == 'The given category name is invalid.' + + +def test_get_subject_categories(): + added_category = category_helper.add_subject_category( + value={"name": "category name", "description": "description 1"}) + category_id = list(added_category.keys())[0] + subject_category = category_helper.get_subject_category(category_id) + assert subject_category == added_category + + +def test_get_subject_categories_with_invalid_id(): + category_id = "invalid_id" + subject_category = category_helper.get_subject_category(category_id) + assert len(subject_category) == 0 + + +def test_add_object_category_twice(): + category = category_helper.add_object_category( + value={"name": "category name", "description": "description 1"}) + category_id = list(category.keys())[0] + assert category is not None + with pytest.raises(ObjectCategoryExisting): + category_helper.add_object_category(category_id, + value={"name": "category name", + "description": "description 2"}) + + +def test_add_object_category_name_space(): + with pytest.raises(CategoryNameInvalid) as exp: + category = category_helper.add_object_category(value={"name": " ", "description": + "description 1"}) + assert exp.value.code == 400 + assert exp.value.description == 'The given category name is invalid.' + + +def test_get_object_categories(): + added_category = category_helper.add_object_category( + value={"name": "category name", "description": "description 1"}) + category_id = list(added_category.keys())[0] + object_category = category_helper.get_object_category(category_id) + assert object_category == added_category + + +def test_get_object_categories_with_invalid_id(): + category_id = "invalid_id" + object_category = category_helper.get_object_category(category_id) + assert len(object_category) == 0 + + +def test_add_action_category_twice(): + category = category_helper.add_action_category( + value={"name": "category name", "description": "description 1"}) + category_id = list(category.keys())[0] + assert category is not None + with pytest.raises(ActionCategoryExisting) as exp_info: + category_helper.add_action_category(category_id, + value={"name": "category name", + "description": "description 2"}) + assert str(exp_info.value)=='409: Action Category Existing' + + +def test_add_action_category_name_space(): + with pytest.raises(CategoryNameInvalid) as exp: + category = category_helper.add_action_category(value={"name": " ", "description": + "description 1"}) + assert exp.value.code == 400 + assert exp.value.description == 'The given category name is invalid.' + + +def test_get_action_categories(): + added_category = category_helper.add_action_category( + value={"name": "category name", "description": "description 1"}) + category_id = list(added_category.keys())[0] + action_category = category_helper.get_action_category(category_id) + assert action_category == added_category + + +def test_get_action_categories_with_invalid_id(): + category_id = "invalid_id" + action_category = category_helper.get_action_category(category_id) + assert len(action_category) == 0 diff --git a/old/python_moondb/tests/unit_python/models/test_meta_rules.py b/old/python_moondb/tests/unit_python/models/test_meta_rules.py new file mode 100644 index 00000000..3b2b5b0e --- /dev/null +++ b/old/python_moondb/tests/unit_python/models/test_meta_rules.py @@ -0,0 +1,403 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import pytest +from helpers import meta_rule_helper +from helpers import policy_helper +import helpers.mock_data as mock_data +import helpers.model_helper as model_helper +from python_moonutilities.exceptions import * +from uuid import uuid4 + + +def test_update_not_exist_meta_rule_error(db): + # set not existing meta rule and expect to raise and error + with pytest.raises(MetaRuleUnknown) as exception_info: + meta_rule_helper.update_meta_rule(meta_rule_id=None) + assert str(exception_info.value) == '400: Meta Rule Unknown' + + +def test_update_meta_rule_connected_with_policy_and_rule(): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + + value = { + "rule": (subject_data_id, object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert rules + assert len(rules) == 1 + + action_category_id = mock_data.create_action_category("action_category_id2") + subject_category_id = mock_data.create_subject_category("subject_category_id2") + object_category_id = mock_data.create_object_category("object_category_id2") + + updated_value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + with pytest.raises(MetaRuleUpdateError) as exception_info: + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id, updated_value) + assert str(exception_info.value) == '400: Meta_Rule Update Error' + + +def test_update_meta_rule_connected_with_policy(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + action_category_id = mock_data.create_action_category("action_category_id2") + subject_category_id = mock_data.create_subject_category("subject_category_id2") + object_category_id = mock_data.create_object_category("object_category_id2") + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value) + assert isinstance(meta_rules, dict) + assert meta_rules + assert len(meta_rules) is 1 + meta_rule_id = list(meta_rules.keys())[0] + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in meta_rules[meta_rule_id] + assert meta_rules[meta_rule_id][key] == value[key] + + +def test_add_new_meta_rule_success(db): + action_category_id = mock_data.create_action_category("action_category_id1") + subject_category_id = mock_data.create_subject_category("subject_category_id1") + object_category_id = mock_data.create_object_category("object_category_id1") + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value) + assert isinstance(meta_rules, dict) + assert meta_rules + assert len(meta_rules) is 1 + meta_rule_id = list(meta_rules.keys())[0] + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in meta_rules[meta_rule_id] + assert meta_rules[meta_rule_id][key] == value[key] + + +def test_meta_rule_with_blank_name(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + value = { + "name": "", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + with pytest.raises(MetaRuleContentError) as exception_info: + meta_rule_helper.add_meta_rule(value=value) + assert str(exception_info.value) == '400: Meta Rule Error' + + +def test_update_meta_rule_success(db): + # arrange + meta_rules = meta_rule_helper.add_meta_rule() + meta_rule_id = list(meta_rules.keys())[0] + action_category_id = mock_data.create_action_category("action_category_id2") + subject_category_id = mock_data.create_subject_category("subject_category_id2") + object_category_id = mock_data.create_object_category("object_category_id2") + updated_value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + # action + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id, updated_value) + # assert + updated_meta_rule_id = list(updated_meta_rule.keys())[0] + assert updated_meta_rule_id == meta_rule_id + assert updated_meta_rule[updated_meta_rule_id]["subject_categories"] == updated_value[ + "subject_categories"] + + +def test_update_meta_rule_with_existed_categories_combination(db): + action_category_id1 = mock_data.create_action_category(uuid4().hex) + subject_category_id1 = mock_data.create_subject_category(uuid4().hex) + object_category_id1 = mock_data.create_object_category(uuid4().hex) + meta_rule_name1=uuid4().hex + value1 = { + "name": meta_rule_name1, + "description": "test", + "subject_categories": [subject_category_id1], + "object_categories": [object_category_id1], + "action_categories": [action_category_id1] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value1) + + action_category_id2 = mock_data.create_action_category(uuid4().hex) + subject_category_id2 = mock_data.create_subject_category(uuid4().hex) + object_category_id2 = mock_data.create_object_category(uuid4().hex) + meta_rule_name2 = uuid4().hex + value2 = { + "name": meta_rule_name2, + "description": "test", + "subject_categories": [subject_category_id2], + "object_categories": [object_category_id2], + "action_categories": [action_category_id2] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value2) + meta_rule_id2 = list(meta_rules.keys())[0] + value1['name']=value2['name'] + with pytest.raises(MetaRuleExisting) as exception_info: + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id2, value1) + assert str(exception_info.value) == '409: Meta Rule Existing' + assert exception_info.value.description=="Same categories combination existed" + + +def test_update_meta_rule_with_different_categories_combination_but_same_data(db): + action_category_id1 = mock_data.create_action_category(uuid4().hex) + subject_category_id1 = mock_data.create_subject_category(uuid4().hex) + object_category_id1 = mock_data.create_object_category(uuid4().hex) + meta_rule_name1=uuid4().hex + value1 = { + "name": meta_rule_name1, + "description": "test", + "subject_categories": [subject_category_id1], + "object_categories": [object_category_id1], + "action_categories": [action_category_id1] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value1) + + action_category_id2 = mock_data.create_action_category(uuid4().hex) + subject_category_id2 = mock_data.create_subject_category(uuid4().hex) + object_category_id2 = mock_data.create_object_category(uuid4().hex) + meta_rule_name2 = uuid4().hex + value2 = { + "name": meta_rule_name2, + "description": "test", + "subject_categories": [subject_category_id2], + "object_categories": [object_category_id2], + "action_categories": [action_category_id2] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value2) + meta_rule_id2 = list(meta_rules.keys())[0] + value1['name']=value2['name'] + value1['object_categories']+=[object_category_id1] + updated_meta_rule = meta_rule_helper.update_meta_rule(meta_rule_id2, value1) + assert meta_rule_id2 in updated_meta_rule + + +def test_add_existing_meta_rule_error(db): + action_category_id = mock_data.create_action_category("action_category_id3") + subject_category_id = mock_data.create_subject_category("subject_category_id3") + object_category_id = mock_data.create_object_category("object_category_id3") + value = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rules = meta_rule_helper.add_meta_rule(value=value) + meta_rule_id = list(meta_rules.keys())[0] + with pytest.raises(MetaRuleExisting) as exception_info: + meta_rule_helper.add_meta_rule(meta_rule_id=meta_rule_id) + assert str(exception_info.value) == '409: Meta Rule Existing' + + +def test_add_meta_rule_with_existing_name_error(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + name = uuid4().hex + value = { + "name": name, + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rule_helper.add_meta_rule(value=value) + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + value = { + "name": name, + "description": 'test', + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + with pytest.raises(MetaRuleExisting) as exception_info: + meta_rule_helper.add_meta_rule(value=value) + assert str(exception_info.value) == '409: Meta Rule Existing' + assert exception_info.value.description == 'The meta rule already exists.' + + +def test_add_meta_rule_with_existing_categories_combination(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id = mock_data.create_object_category(uuid4().hex) + name = uuid4().hex + value = { + "name": name, + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rule_helper.add_meta_rule(value=value) + value['name'] = uuid4().hex + with pytest.raises(MetaRuleExisting) as exception_info: + meta_rule_helper.add_meta_rule(value=value) + assert str(exception_info.value) == '409: Meta Rule Existing' + assert exception_info.value.description == "Same categories combination existed" + + +def test_add_meta_rule_with_different_categories_combination_but_same_data(db): + action_category_id = mock_data.create_action_category(uuid4().hex) + subject_category_id = mock_data.create_subject_category(uuid4().hex) + object_category_id1 = mock_data.create_object_category(uuid4().hex) + object_category_id2 = mock_data.create_object_category(uuid4().hex) + + name1 = uuid4().hex + value = { + "name": name1, + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id1], + "action_categories": [action_category_id] + } + meta_rule_helper.add_meta_rule(value=value) + name2 = uuid4().hex + value['name'] = name2 + value['object_categories'] += [object_category_id2] + meta_rules = meta_rule_helper.add_meta_rule(value=value) + bool_found_meta_rule = 0 + for meta_rule_id in meta_rules: + if meta_rules[meta_rule_id]['name'] == name2: + bool_found_meta_rule = 1 + break + assert bool_found_meta_rule + + +def test_get_meta_rule_success(db): + # arrange + action_category_id = mock_data.create_action_category("action_type") + subject_category_id = mock_data.create_subject_category("user_security_level") + object_category_id = mock_data.create_object_category("vm_security_level") + values = {} + value1 = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rules1 = meta_rule_helper.add_meta_rule(value=value1) + meta_rule_id1 = list(meta_rules1.keys())[0] + values[meta_rule_id1] = value1 + action_category_id = mock_data.create_action_category("action_type2") + subject_category_id = mock_data.create_subject_category("user_security_level2") + object_category_id = mock_data.create_object_category("vm_security_level2") + value2 = { + "name": "rbac_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rules2 = meta_rule_helper.add_meta_rule(value=value2) + meta_rule_id2 = list(meta_rules2.keys())[0] + values[meta_rule_id2] = value2 + + # action + meta_rules = meta_rule_helper.get_meta_rules() + # assert + assert isinstance(meta_rules, dict) + assert meta_rules + assert len(meta_rules) is 2 + for meta_rule_id in meta_rules: + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in meta_rules[meta_rule_id] + assert meta_rules[meta_rule_id][key] == values[meta_rule_id][key] + + +def test_get_specific_meta_rule_success(db): + # arrange + added_meta_rules = meta_rule_helper.add_meta_rule() + added_meta_rule_id = list(added_meta_rules.keys())[0] + # action + meta_rules = meta_rule_helper.get_meta_rules(meta_rule_id=added_meta_rule_id) + meta_rule_id = list(meta_rules.keys())[0] + # assert + assert meta_rule_id == added_meta_rule_id + for key in ( + "name", "description", "subject_categories", "object_categories", "action_categories"): + assert key in meta_rules[meta_rule_id] + assert meta_rules[meta_rule_id][key] == added_meta_rules[added_meta_rule_id][key] + + +def test_delete_meta_rules_success(db): + action_category_id = mock_data.create_action_category("action_type") + subject_category_id = mock_data.create_subject_category("user_security_level") + object_category_id = mock_data.create_object_category("vm_security_level") + # arrange + value1 = { + "name": "MLS_meta_rule", + "description": "test", + "subject_categories": [subject_category_id], + "object_categories": [object_category_id], + "action_categories": [action_category_id] + } + meta_rules1 = meta_rule_helper.add_meta_rule(value=value1) + meta_rule_id1 = list(meta_rules1.keys())[0] + + # action + meta_rule_helper.delete_meta_rules(meta_rule_id1) + # assert + meta_rules = meta_rule_helper.get_meta_rules() + assert meta_rule_id1 not in meta_rules + + +def test_delete_meta_rules_with_model(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + with pytest.raises(DeleteMetaRuleWithModel) as exception_info: + meta_rule_helper.delete_meta_rules(meta_rule_id) + assert str(exception_info.value) == '400: Meta rule With Model Error' + + +def test_delete_invalid_meta_rules_error(db): + with pytest.raises(MetaRuleUnknown) as exception_info: + meta_rule_helper.delete_meta_rules("INVALID_META_RULE_ID") + assert str(exception_info.value) == '400: Meta Rule Unknown' diff --git a/old/python_moondb/tests/unit_python/models/test_models.py b/old/python_moondb/tests/unit_python/models/test_models.py new file mode 100644 index 00000000..1b171069 --- /dev/null +++ b/old/python_moondb/tests/unit_python/models/test_models.py @@ -0,0 +1,622 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import pytest +from python_moonutilities.exceptions import * +import logging +import helpers.mock_data as mock_data +import helpers.model_helper as model_helper +import helpers.category_helper as category_helper +import helpers.policy_helper as policy_helper +import helpers.assignment_helper as assignment_helper +from uuid import uuid4 + +logger = logging.getLogger("moon.db.tests.test_model") + + +def test_get_models_empty(db): + # act + models = model_helper.get_models() + # assert + assert isinstance(models, dict) + assert not models + + +def test_get_model(db): + # prepare + model_helper.add_model(model_id="mls_model_id") + # act + models = model_helper.get_models() + # assert + assert isinstance(models, dict) + assert models # assert model is not empty + assert len(models) is 1 + model_helper.delete_all_models() + + +def test_get_specific_model(db): + # prepare + model_helper.add_model(model_id="mls_model_id") + # act + models = model_helper.get_models(model_id="mls_model_id") + # assert + assert isinstance(models, dict) + assert models # assert model is not empty + assert len(models) is 1 + model_helper.delete_all_models() + + +def test_add_model(db): + # act + model = model_helper.add_model() + # assert + assert isinstance(model, dict) + assert model # assert model is not empty + assert len(model) is 1 + model_helper.delete_all_models() + + +def test_add_same_model_twice(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "model1", + "description": "test", + "meta_rules": [meta_rule_id] + } + # prepare + model_helper.add_model(model_id="model_1", value=value) # add model twice + # act + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( + subject_category_name="subject_category2", + object_category_name="object_category2", + action_category_name="action_category2", + meta_rule_name="meta_rule_2") + value = { + "name": "model2", + "description": "test", + "meta_rules": [meta_rule_id] + } + with pytest.raises(ModelExisting) as exception_info: + model_helper.add_model(model_id="model_1", value=value) + model_helper.delete_all_models() + assert str(exception_info.value) == '409: Model Error' + + +def test_add_model_generate_new_uuid(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id1 = mock_data.create_new_meta_rule( + subject_category_name="subject_category3", + object_category_name="object_category3", + action_category_name="action_category3", + meta_rule_name="meta_rule_3") + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": [meta_rule_id1] + } + model1 = model_helper.add_model(value=model_value1) + subject_category_id, object_category_id, action_category_id, meta_rule_id2 = mock_data.create_new_meta_rule( + subject_category_name="subject_category4", + object_category_name="object_category4", + action_category_name="action_category4", + meta_rule_name="meta_rule_4") + model_value2 = { + "name": "rbac", + "description": "test", + "meta_rules": [meta_rule_id2] + } + model2 = model_helper.add_model(value=model_value2) + + assert list(model1)[0] != list(model2)[0] + model_helper.delete_all_models() + + +def test_add_models(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( + subject_category_name="subject_category5", + object_category_name="object_category5", + action_category_name="action_category5") + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": [meta_rule_id] + } + models = model_helper.add_model(value=model_value1) + assert isinstance(models, dict) + assert models + assert len(models.keys()) == 1 + model_id = list(models.keys())[0] + for key in ("name", "meta_rules", "description"): + assert key in models[model_id] + assert models[model_id][key] == model_value1[key] + model_helper.delete_all_models() + + +def test_add_models_with_same_name_twice(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( + subject_category_name="subject_category5", + object_category_name="object_category5", + action_category_name="action_category5") + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": [meta_rule_id] + } + models = model_helper.add_model(value=model_value1) + assert isinstance(models, dict) + assert models + with pytest.raises(Exception) as exception_info: + model_helper.add_model(value=model_value1) + model_helper.delete_all_models() + assert str(exception_info.value) == '409: Model Error' + +def test_add_model_with_existed_meta_rules_list(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id = mock_data.create_new_meta_rule( + subject_category_name=uuid4().hex, + object_category_name=uuid4().hex, + action_category_name=uuid4().hex) + model_value1 = { + "name": uuid4().hex, + "description": "test", + "meta_rules": [meta_rule_id] + } + models = model_helper.add_model(value=model_value1) + assert isinstance(models, dict) + assert models + model_value1 = { + "name": uuid4().hex, + "description": "test", + "meta_rules": [meta_rule_id] + } + with pytest.raises(Exception) as exception_info: + model_helper.add_model(value=model_value1) + model_helper.delete_all_models() + assert str(exception_info.value) == '409: Model Error' + assert str(exception_info.value.description)=='Meta Rules List Existed in another Model' + + +def test_delete_models(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id1 = mock_data.create_new_meta_rule( + subject_category_name="subject_category6", + object_category_name="object_category6", + action_category_name="action_category6", + meta_rule_name="meta_rule_6") + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": [meta_rule_id1] + } + model1 = model_helper.add_model(value=model_value1) + subject_category_id, object_category_id, action_category_id, meta_rule_id2 = mock_data.create_new_meta_rule( + subject_category_name="subject_category7", + object_category_name="object_category7", + action_category_name="action_category7", + meta_rule_name="meta_rule_7") + model_value2 = { + "name": "rbac", + "description": "test", + "meta_rules": [meta_rule_id2] + } + model_helper.add_model(value=model_value2) + + id = list(model1)[0] + model_helper.delete_models(id) + # assert + models = model_helper.get_models() + assert id not in models + model_helper.delete_all_models() + + +def test_update_model(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id1 = mock_data.create_new_meta_rule( + subject_category_name="subject_category8", + object_category_name="object_category8", + action_category_name="action_category8", + meta_rule_name="meta_rule_8") + # prepare + model_value = { + "name": "MLS", + "description": "test", + "meta_rules": [meta_rule_id1] + } + model = model_helper.add_model(value=model_value) + model_id = list(model)[0] + subject_category_id, object_category_id, action_category_id, meta_rule_id2 = mock_data.create_new_meta_rule( + subject_category_name="subject_category9", + object_category_name="object_category9", + action_category_name="action_category9", + meta_rule_name="meta_rule_9") + new_model_value = { + "name": "MLS2", + "description": "test", + "meta_rules": [meta_rule_id2] + } + # act + model_helper.update_model(model_id=model_id, value=new_model_value) + # assert + model = model_helper.get_models(model_id) + + for key in ("name", "meta_rules", "description"): + assert key in model[model_id] + assert model[model_id][key] == new_model_value[key] + model_helper.delete_all_models() + + +def test_delete_model_assigned_to_policy(db): + model_value1 = { + "name": "MLS", + "description": "test", + "meta_rules": [] + } + models = model_helper.add_model(value=model_value1) + assert isinstance(models, dict) + assert models + assert len(models.keys()) == 1 + model_id = list(models.keys())[0] + value = { + "name": "test_policy", + "model_id": model_id, + "genre": "authz", + "description": "test", + } + policy_helper.add_policies(value=value) + with pytest.raises(DeleteModelWithPolicy) as exception_info: + model_helper.delete_models(uuid=model_id) + assert str(exception_info.value) == '400: Model With Policy Error' + + +def test_add_subject_category(db): + category_id = "category_id1" + value = { + "name": "subject_category", + "description": "description subject_category" + } + subject_category = category_helper.add_subject_category(category_id, value) + assert subject_category + assert len(subject_category) == 1 + + +def test_add_subject_categories_with_existed_name(db): + name = uuid4().hex + value = { + "name": name, + "description": "description subject_category" + } + subject_category = category_helper.add_subject_category(value=value) + assert subject_category + assert len(subject_category) == 1 + + value = { + "name": name, + "description": "description subject_category" + } + with pytest.raises(SubjectCategoryExisting) as exception_info: + category_helper.add_subject_category(value=value) + assert str(exception_info.value) == '409: Subject Category Existing' + + +def test_add_subject_category_with_empty_name(db): + category_id = "category_id1" + value = { + "name": "", + "description": "description subject_category" + } + with pytest.raises(CategoryNameInvalid) as exception_info: + category_helper.add_subject_category(category_id, value) + assert str(exception_info.value) == '400: Category Name Invalid' + + +def test_add_subject_category_with_same_category_id(db): + category_id = "category_id1" + value = { + "name": "subject_category", + "description": "description subject_category" + } + category_helper.add_subject_category(category_id, value) + with pytest.raises(SubjectCategoryExisting) as exception_info: + category_helper.add_subject_category(category_id, value) + assert str(exception_info.value) == '409: Subject Category Existing' + + +def test_get_subject_category(db): + category_id = "category_id1" + value = { + "name": "subject_category", + "description": "description subject_category" + } + category_helper.add_subject_category(category_id, value) + subject_category = category_helper.get_subject_category(category_id) + assert subject_category + assert len(subject_category) == 1 + + +def test_delete_subject_category(db): + category_id = "category_id1" + value = { + "name": "subject_category", + "description": "description subject_category" + } + category_helper.add_subject_category(category_id, value) + subject_category = category_helper.delete_subject_category(category_id) + assert not subject_category + + +def test_delete_subject_category_with_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + mock_data.create_subject_data(policy_id, subject_category_id) + + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + +def test_delete_subject_category_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id, subject_category_id) + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + +def test_delete_subject_category_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + +def test_delete_subject_category_with_unkown_category_id(db): + category_id = "invalid_category_id" + + with pytest.raises(SubjectCategoryUnknown) as exception_info: + category_helper.delete_subject_category(category_id) + assert str(exception_info.value) == '400: Subject Category Unknown' + + +def test_add_object_category(db): + category_id = "category_id1" + value = { + "name": "object_category", + "description": "description object_category" + } + object_category = category_helper.add_object_category(category_id, value) + assert object_category + assert len(object_category) == 1 + + +def test_add_object_categories_with_existed_name(db): + name = uuid4().hex + value = { + "name": name, + "description": "description object_category" + } + object_category = category_helper.add_object_category(value=value) + assert object_category + assert len(object_category) == 1 + with pytest.raises(ObjectCategoryExisting) as exception_info: + category_helper.add_object_category(value=value) + assert str(exception_info.value) == '409: Object Category Existing' + + +def test_add_object_category_with_same_category_id(db): + category_id = "category_id1" + value = { + "name": "object_category", + "description": "description object_category" + } + category_helper.add_object_category(category_id, value) + with pytest.raises(ObjectCategoryExisting) as exception_info: + category_helper.add_object_category(category_id, value) + assert str(exception_info.value) == '409: Object Category Existing' + + +def test_add_object_category_with_empty_name(db): + category_id = "category_id1" + value = { + "name": "", + "description": "description object_category" + } + with pytest.raises(CategoryNameInvalid) as exception_info: + category_helper.add_object_category(category_id, value) + assert str(exception_info.value) == '400: Category Name Invalid' + + +def test_get_object_category(db): + category_id = "category_id1" + value = { + "name": "object_category", + "description": "description object_category" + } + category_helper.add_object_category(category_id, value) + object_category = category_helper.get_object_category(category_id) + assert object_category + assert len(object_category) == 1 + + +def test_delete_object_category(db): + category_id = "category_id1" + value = { + "name": "object_category", + "description": "description object_category" + } + category_helper.add_object_category(category_id, value) + object_category = category_helper.delete_object_category(category_id) + assert not object_category + + +def test_delete_object_category_with_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + mock_data.create_subject_data(policy_id, subject_category_id) + + mock_data.create_object_data(policy_id, object_category_id) + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + +def test_delete_object_category_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id, object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + +def test_delete_object_category_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + +def test_delete_object_category_with_unkown_category_id(db): + category_id = "invalid_category_id" + + with pytest.raises(ObjectCategoryUnknown) as exception_info: + category_helper.delete_object_category(category_id) + assert str(exception_info.value) == '400: Object Category Unknown' + + +def test_add_action_category(db): + category_id = "category_id1" + value = { + "name": "action_category", + "description": "description action_category" + } + action_category = category_helper.add_action_category(category_id, value) + assert action_category + assert len(action_category) == 1 + + +def test_add_action_categories_with_existed_name(db): + name = uuid4().hex + value = { + "name": name, + "description": "description action_category" + } + action_category = category_helper.add_action_category(value=value) + assert action_category + assert len(action_category) == 1 + with pytest.raises(ActionCategoryExisting) as exception_info: + category_helper.add_action_category(value=value) + assert str(exception_info.value) == '409: Action Category Existing' + + +def test_add_action_category_with_same_category_id(db): + category_id = "category_id1" + value = { + "name": "action_category", + "description": "description action_category" + } + category_helper.add_action_category(category_id, value) + with pytest.raises(ActionCategoryExisting) as exception_info: + category_helper.add_action_category(category_id, value) + assert str(exception_info.value) == '409: Action Category Existing' + + +def test_add_action_category_with_empty_name(db): + category_id = "category_id1" + value = { + "name": "", + "description": "description action_category" + } + with pytest.raises(CategoryNameInvalid) as exception_info: + category_helper.add_action_category(category_id, value) + assert str(exception_info.value) == '400: Category Name Invalid' + + +def test_get_action_category(db): + category_id = "category_id1" + value = { + "name": "action_category", + "description": "description action_category" + } + category_helper.add_action_category(category_id, value) + action_category = category_helper.get_action_category(category_id) + assert action_category + assert len(action_category) == 1 + + +def test_delete_action_category(db): + category_id = "category_id1" + value = { + "name": "action_category", + "description": "description action_category" + } + category_helper.add_action_category(category_id, value) + action_category = category_helper.delete_action_category(category_id) + assert not action_category + + +def test_delete_action_category_with_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + mock_data.create_subject_data(policy_id, subject_category_id) + + mock_data.create_action_data(policy_id, action_category_id) + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' + + +def test_delete_action_category_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id, action_category_id) + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' + + +def test_delete_action_category_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' + + +def test_delete_action_category_with_unkown_category_id(db): + category_id = "invalid_category_id" + + with pytest.raises(ActionCategoryUnknown) as exception_info: + category_helper.delete_action_category(category_id) + assert str(exception_info.value) == '400: Action Category Unknown' + + +def test_delete_data_categories_connected_to_meta_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + with pytest.raises(DeleteSubjectCategoryWithMetaRule) as exception_info: + category_helper.delete_subject_category(subject_category_id) + assert str(exception_info.value) == '400: Subject Category With Meta Rule Error' + + with pytest.raises(DeleteObjectCategoryWithMetaRule) as exception_info: + category_helper.delete_object_category(object_category_id) + assert str(exception_info.value) == '400: Object Category With Meta Rule Error' + + with pytest.raises(DeleteActionCategoryWithMetaRule) as exception_info: + category_helper.delete_action_category(action_category_id) + assert str(exception_info.value) == '400: Action Category With Meta Rule Error' diff --git a/old/python_moondb/tests/unit_python/policies/__init__.py b/old/python_moondb/tests/unit_python/policies/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/old/python_moondb/tests/unit_python/policies/__init__.py diff --git a/old/python_moondb/tests/unit_python/policies/mock_data.py b/old/python_moondb/tests/unit_python/policies/mock_data.py new file mode 100644 index 00000000..47fc9f9e --- /dev/null +++ b/old/python_moondb/tests/unit_python/policies/mock_data.py @@ -0,0 +1,74 @@ +import helpers.model_helper as model_helper +import helpers.meta_rule_helper as meta_rule_helper +import helpers.policy_helper as policy_helper +import helpers.category_helper as category_helper + + +def create_meta_rule(meta_rule_name="meta_rule1", category_prefix=""): + meta_rule_value = { + "name": meta_rule_name, + "algorithm": "name of the meta rule algorithm", + "subject_categories": [category_prefix + "subject_category_id1", + category_prefix + "subject_category_id2"], + "object_categories": [category_prefix + "object_category_id1"], + "action_categories": [category_prefix + "action_category_id1"] + } + return meta_rule_value + + +def create_model(meta_rule_id, model_name="test_model"): + value = { + "name": model_name, + "description": "test", + "meta_rules": [meta_rule_id] + + } + return value + + +def create_policy(model_id, policy_name="policy_1"): + value = { + "name": policy_name, + "model_id": model_id, + "genre": "authz", + "description": "test", + } + return value + + +def create_pdp(pdp_ids): + value = { + "name": "test_pdp", + "security_pipeline": pdp_ids, + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + return value + + +def get_policy_id(model_name="test_model", policy_name="policy_1", meta_rule_name="meta_rule1", category_prefix=""): + category_helper.add_subject_category( + category_prefix + "subject_category_id1", + value={"name": category_prefix + "subject_category_id1", + "description": "description 1"}) + category_helper.add_subject_category( + category_prefix + "subject_category_id2", + value={"name": category_prefix + "subject_category_id2", + "description": "description 1"}) + category_helper.add_object_category( + category_prefix + "object_category_id1", + value={"name": category_prefix + "object_category_id1", + "description": "description 1"}) + category_helper.add_action_category( + category_prefix + "action_category_id1", + value={"name": category_prefix + "action_category_id1", + "description": "description 1"}) + meta_rule = meta_rule_helper.add_meta_rule(value=create_meta_rule(meta_rule_name, category_prefix)) + meta_rule_id = list(meta_rule.keys())[0] + model = model_helper.add_model(value=create_model(meta_rule_id, model_name)) + model_id = list(model.keys())[0] + value = create_policy(model_id, policy_name) + policy = policy_helper.add_policies(value=value) + assert policy + policy_id = list(policy.keys())[0] + return policy_id diff --git a/old/python_moondb/tests/unit_python/policies/test_assignments.py b/old/python_moondb/tests/unit_python/policies/test_assignments.py new file mode 100755 index 00000000..24a3a7b0 --- /dev/null +++ b/old/python_moondb/tests/unit_python/policies/test_assignments.py @@ -0,0 +1,235 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import helpers.mock_data as mock_data +import helpers.assignment_helper as assignment_helper +from python_moonutilities.exceptions import * +import pytest + + +def test_get_action_assignments(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + act_assignments = assignment_helper.get_action_assignments(policy_id, action_id, + action_category_id) + action_id_1 = list(act_assignments.keys())[0] + assert act_assignments[action_id_1]["policy_id"] == policy_id + assert act_assignments[action_id_1]["action_id"] == action_id + assert act_assignments[action_id_1]["category_id"] == action_category_id + assert len(act_assignments[action_id_1].get("assignments")) == 1 + assert data_id in act_assignments[action_id_1].get("assignments") + + +def test_add_action_assignments(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + action_assignments = assignment_helper.add_action_assignment(policy_id, action_id, + action_category_id, data_id) + assert action_assignments + action_id_1 = list(action_assignments.keys())[0] + assert action_assignments[action_id_1]["policy_id"] == policy_id + assert action_assignments[action_id_1]["action_id"] == action_id + assert action_assignments[action_id_1]["category_id"] == action_category_id + assert len(action_assignments[action_id_1].get("assignments")) == 1 + assert data_id in action_assignments[action_id_1].get("assignments") + + with pytest.raises(ActionAssignmentExisting) as exception_info: + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + assert str(exception_info.value) == '409: Action Assignment Existing' + assert str(exception_info.value.description) == 'The given action assignment value is existing.' + + +def test_delete_action_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + assignment_helper.delete_action_assignment(policy_id, "", "", "") + assignments = assignment_helper.get_action_assignments(policy_id, ) + assert len(assignments) == 1 + + +def test_delete_action_assignment_with_invalid_policy_id(db): + policy_id = "invalid_id" + assignment_helper.delete_action_assignment(policy_id, "", "", "") + assignments = assignment_helper.get_action_assignments(policy_id, ) + assert len(assignments) == 0 + + +def test_get_object_assignments(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + obj_assignments = assignment_helper.get_object_assignments(policy_id, object_id, + object_category_id) + object_id_1 = list(obj_assignments.keys())[0] + assert obj_assignments[object_id_1]["policy_id"] == policy_id + assert obj_assignments[object_id_1]["object_id"] == object_id + assert obj_assignments[object_id_1]["category_id"] == object_category_id + assert len(obj_assignments[object_id_1].get("assignments")) == 1 + assert data_id in obj_assignments[object_id_1].get("assignments") + + +def test_get_object_assignments_by_policy_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + obj_assignments = assignment_helper.get_object_assignments(policy_id) + assert len(obj_assignments) == 1 + + +def test_add_object_assignments(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + object_assignments = assignment_helper.add_object_assignment(policy_id, object_id, + object_category_id, data_id) + assert object_assignments + object_id_1 = list(object_assignments.keys())[0] + assert object_assignments[object_id_1]["policy_id"] == policy_id + assert object_assignments[object_id_1]["object_id"] == object_id + assert object_assignments[object_id_1]["category_id"] == object_category_id + assert len(object_assignments[object_id_1].get("assignments")) == 1 + assert data_id in object_assignments[object_id_1].get("assignments") + + with pytest.raises(ObjectAssignmentExisting) as exception_info: + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + assert str(exception_info.value) == '409: Object Assignment Existing' + assert str(exception_info.value.description) == 'The given object assignment value is existing.' + + +def test_delete_object_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + + assignment_helper.delete_object_assignment(policy_id, object_id, object_category_id, + data_id=data_id) + assignments = assignment_helper.get_object_assignments(policy_id) + assert len(assignments) == 0 + + +def test_delete_object_assignment_with_invalid_policy_id(db): + policy_id = "invalid_id" + assignment_helper.delete_object_assignment(policy_id, "", "", "") + assignments = assignment_helper.get_object_assignments(policy_id, ) + assert len(assignments) == 0 + + +def test_get_subject_assignments(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + subj_assignments = assignment_helper.get_subject_assignments(policy_id, subject_id, + subject_category_id) + subject_id_1 = list(subj_assignments.keys())[0] + assert subj_assignments[subject_id_1]["policy_id"] == policy_id + assert subj_assignments[subject_id_1]["subject_id"] == subject_id + assert subj_assignments[subject_id_1]["category_id"] == subject_category_id + assert len(subj_assignments[subject_id_1].get("assignments")) == 1 + assert data_id in subj_assignments[subject_id_1].get("assignments") + + +def test_get_subject_assignments_by_policy_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + subj_assignments = assignment_helper.get_subject_assignments(policy_id) + assert len(subj_assignments) == 1 + + +def test_add_subject_assignments(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + + subject_assignments = assignment_helper.add_subject_assignment(policy_id, subject_id, + subject_category_id, data_id) + assert subject_assignments + subject_id_1 = list(subject_assignments.keys())[0] + assert subject_assignments[subject_id_1]["policy_id"] == policy_id + assert subject_assignments[subject_id_1]["subject_id"] == subject_id + assert subject_assignments[subject_id_1]["category_id"] == subject_category_id + assert len(subject_assignments[subject_id_1].get("assignments")) == 1 + assert data_id in subject_assignments[subject_id_1].get("assignments") + + with pytest.raises(SubjectAssignmentExisting) as exception_info: + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, + data_id) + assert str(exception_info.value) == '409: Subject Assignment Existing' + assert str( + exception_info.value.description) == 'The given subject assignment value is existing.' + + +def test_delete_subject_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + assignment_helper.delete_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + assignments = assignment_helper.get_subject_assignments(policy_id) + assert len(assignments) == 0 + + +def test_delete_subject_assignment_with_invalid_policy_id(db): + policy_id = "invalid_id" + assignment_helper.delete_subject_assignment(policy_id, "", "", "") + assignments = assignment_helper.get_subject_assignments(policy_id, ) + assert len(assignments) == 0 diff --git a/old/python_moondb/tests/unit_python/policies/test_data.py b/old/python_moondb/tests/unit_python/policies/test_data.py new file mode 100755 index 00000000..8ce1ac00 --- /dev/null +++ b/old/python_moondb/tests/unit_python/policies/test_data.py @@ -0,0 +1,707 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import helpers.mock_data as mock_data +import policies.mock_data +import helpers.data_helper as data_helper +import helpers.assignment_helper as assignment_helper +import pytest +from uuid import uuid4 +import logging +from python_moonutilities.exceptions import * + +logger = logging.getLogger("python_moondb.tests.api.test_data") + + +def test_get_action_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) + data_id = list(action_data["data"])[0] + found_action_data = data_helper.get_action_data(policy_id=policy_id, data_id=data_id, + category_id=action_category_id) + assert found_action_data + assert len(found_action_data[0]["data"]) == 1 + + +def test_get_action_data_with_invalid_category_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + action_data = data_helper.get_action_data(policy_id=policy_id, category_id="invalid") + assert len(action_data) == 0 + + +def test_add_action_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) + assert action_data + assert len(action_data['data']) == 1 + + +def test_add_action_data_duplicate(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) + with pytest.raises(ActionScopeExisting) as exception_info: + action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) + assert str(exception_info.value) == '409: Action Scope Existing' + +def test_add_action_data_with_invalid_category_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + with pytest.raises(ActionCategoryUnknown) as exception_info: + data_helper.add_action_data(policy_id=policy_id, value=value).get('data') + assert str(exception_info.value) == '400: Action Category Unknown' + + +def test_delete_action_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + data_helper.get_available_metadata(policy_id) + value = { + "name": "action-type", + "description": {"vm-action": "", "storage-action": "", }, + } + action_data = data_helper.add_action_data(policy_id=policy_id, category_id=action_category_id, value=value) + data_id = list(action_data["data"])[0] + data_helper.delete_action_data(policy_id=policy_id, data_id=data_id) + new_action_data = data_helper.get_action_data(policy_id) + assert len(new_action_data[0]['data']) == 0 + + +def test_get_object_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value) + data_id = list(object_data["data"])[0] + found_object_data = data_helper.get_object_data(policy_id=policy_id, data_id=data_id, + category_id=object_category_id) + assert found_object_data + assert len(found_object_data[0]['data']) == 1 + + +def test_get_object_data_with_invalid_category_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + object_data = data_helper.get_object_data(policy_id=policy_id, category_id="invalid") + assert len(object_data) == 0 + + +def test_add_object_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( + 'data') + assert object_data + object_data_id = list(object_data.keys())[0] + assert object_data[object_data_id].get('policy_id') == policy_id + + +def test_add_object_data_with_invalid_category_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + with pytest.raises(ObjectCategoryUnknown) as exception_info: + data_helper.add_object_data(policy_id=policy_id, category_id="invalid", value=value).get('data') + assert str(exception_info.value) == '400: Object Category Unknown' + + +def test_add_object_data_duplicate(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( + 'data') + with pytest.raises(ObjectScopeExisting) as exception_info: + data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( + 'data') + assert str(exception_info.value) == '409: Object Scope Existing' + + +def test_delete_object_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "object-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + object_data = data_helper.add_object_data(policy_id=policy_id, category_id=object_category_id, value=value).get( + 'data') + object_data_id = list(object_data.keys())[0] + data_helper.delete_object_data(policy_id=object_data[object_data_id].get('policy_id'), data_id=object_data_id) + new_object_data = data_helper.get_object_data(policy_id) + assert len(new_object_data[0]['data']) == 0 + + +def test_get_subject_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( + 'data') + subject_data_id = list(subject_data.keys())[0] + subject_data = data_helper.get_subject_data(policy_id, subject_data_id, subject_category_id) + assert subject_data + assert len(subject_data[0]['data']) == 1 + + +def test_get_subject_data_with_invalid_category_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( + 'data') + subject_data_id = list(subject_data.keys())[0] + found_subject_data = data_helper.get_subject_data(policy_id, subject_data_id, "invalid") + assert len(found_subject_data) == 0 + + +def test_add_subject_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( + 'data') + assert subject_data + subject_data_id = list(subject_data.keys())[0] + assert subject_data[subject_data_id].get('policy_id') == policy_id + + +def test_add_subject_data_with_no_category_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + with pytest.raises(SubjectCategoryUnknown) as exception_info: + data_helper.add_subject_data(policy_id=policy_id, data_id=subject_category_id, value=value).get('data') + assert str(exception_info.value) == '400: Subject Category Unknown' + + +def test_add_subject_data_duplicate(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( + 'data') + + with pytest.raises(SubjectScopeExisting) as exception_info: + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, + value=value).get('data') + assert str(exception_info.value) == '409: Subject Scope Existing' + + +def test_delete_subject_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "subject-security-level", + "description": {"low": "", "medium": "", "high": ""}, + } + subject_data = data_helper.add_subject_data(policy_id=policy_id, category_id=subject_category_id, value=value).get( + 'data') + subject_data_id = list(subject_data.keys())[0] + data_helper.delete_subject_data(policy_id=subject_data[subject_data_id].get('policy_id'), data_id=subject_data_id) + new_subject_data = data_helper.get_subject_data(policy_id) + assert len(new_subject_data[0]['data']) == 0 + + +def test_get_actions(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "test_action", + "description": "test", + } + data_helper.add_action(policy_id=policy_id, value=value) + actions = data_helper.get_actions(policy_id, ) + assert actions + assert len(actions) == 1 + action_id = list(actions.keys())[0] + assert actions[action_id].get('policy_list')[0] == policy_id + + +def test_add_action(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "test_action", + "description": "test", + } + action = data_helper.add_action(policy_id=policy_id, value=value) + assert action + action_id = list(action.keys())[0] + assert len(action[action_id].get('policy_list')) == 1 + + +def test_add_action_twice(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "test_action", + "description": "test", + } + data_helper.add_action(policy_id=policy_id, value=value) + with pytest.raises(PolicyExisting) as exception_info: + data_helper.add_action(policy_id=policy_id, value=value) + assert str(exception_info.value) == '409: Policy Already Exists' + + +def test_add_action_blank_name(db): + policy_id = policies.mock_data.get_policy_id() + value = { + "name": "", + "description": "test", + } + with pytest.raises(PerimeterContentError) as exception_info: + data_helper.add_action(policy_id=policy_id, value=value) + assert str(exception_info.value) == '400: Perimeter content is invalid.' + + +def test_add_action_with_name_space(db): + policy_id = policies.mock_data.get_policy_id() + value = { + "name": " ", + "description": "test", + } + with pytest.raises(PerimeterContentError) as exception_info: + data_helper.add_action(policy_id=policy_id, value=value) + assert str(exception_info.value) == '400: Perimeter content is invalid.' + + +def test_add_action_multiple_times(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id1 = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_action", + "description": "test", + } + action = data_helper.add_action(policy_id=policy_id1, value=value) + logger.info("action : {}".format(action)) + action_id = list(action.keys())[0] + perimeter_id = action[action_id].get('id') + assert action + value = { + "name": "test_action", + "description": "test", + "policy_list": ['policy_id_3', 'policy_id_4'] + } + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id2 = mock_data.create_new_policy( + subject_category_name="subject_category2", + object_category_name="object_category2", + action_category_name="action_category2", + meta_rule_name="meta_rule_2", + model_name="model2") + action = data_helper.add_action(policy_id=policy_id2, perimeter_id=perimeter_id, value=value) + logger.info("action : {}".format(action)) + assert action + action_id = list(action.keys())[0] + assert len(action[action_id].get('policy_list')) == 2 + + +def test_delete_action(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "test_action", + "description": "test", + } + action = data_helper.add_action(policy_id=policy_id, value=value) + action_id = list(action.keys())[0] + data_helper.delete_action(policy_id, action_id) + actions = data_helper.get_actions(policy_id, ) + assert not actions + + +def test_delete_action_with_invalid_perimeter_id(db): + policy_id = "invalid" + perimeter_id = "invalid" + with pytest.raises(PolicyUnknown) as exception_info: + data_helper.delete_action(policy_id, perimeter_id) + assert str(exception_info.value) == '400: Policy Unknown' + + +def test_get_objects(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "test_object", + "description": "test", + } + data_helper.add_object(policy_id=policy_id, value=value) + objects = data_helper.get_objects(policy_id, ) + assert objects + assert len(objects) == 1 + object_id = list(objects.keys())[0] + assert objects[object_id].get('policy_list')[0] == policy_id + + +def test_add_object_with_same_policy_twice(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "test_object", + "description": "test", + } + added_object = data_helper.add_object(policy_id=policy_id, value=value) + assert added_object + object_id = list(added_object.keys())[0] + assert len(added_object[object_id].get('policy_list')) == 1 + + with pytest.raises(PolicyExisting) as exception_info: + data_helper.add_object(policy_id=policy_id, value=value) + assert str(exception_info.value) == '409: Policy Already Exists' + + +def test_add_objects_multiple_times(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_object", + "description": "test", + } + added_object = data_helper.add_object(policy_id=policy_id, value=value) + object_id = list(added_object.keys())[0] + perimeter_id = added_object[object_id].get('id') + assert added_object + value = { + "name": "test_object", + "description": "test", + } + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category2", + object_category_name="object_category2", + action_category_name="action_category2", + meta_rule_name="meta_rule_2", + model_name="model2") + added_object = data_helper.add_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value) + assert added_object + object_id = list(added_object.keys())[0] + assert len(added_object[object_id].get('policy_list')) == 2 + + +def test_delete_object(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "test_object", + "description": "test", + } + added_object = data_helper.add_object(policy_id=policy_id, value=value) + object_id = list(added_object.keys())[0] + data_helper.delete_object(policy_id, object_id) + objects = data_helper.get_objects(policy_id, ) + assert not objects + + +def test_delete_object_with_invalid_perimeter_id(db): + policy_id = "invalid" + perimeter_id = "invalid" + with pytest.raises(PolicyUnknown) as exception_info: + data_helper.delete_object(policy_id, perimeter_id) + assert str(exception_info.value) == '400: Policy Unknown' + + +def test_get_subjects(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "testuser", + "description": "test", + } + data_helper.add_subject(policy_id=policy_id, value=value) + subjects = data_helper.get_subjects(policy_id=policy_id) + assert subjects + assert len(subjects) == 1 + subject_id = list(subjects.keys())[0] + assert subjects[subject_id].get('policy_list')[0] == policy_id + + +def test_get_subjects_with_invalid_policy_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "testuser", + "description": "test", + } + data_helper.add_subject(policy_id=policy_id, value=value) + with pytest.raises(PolicyUnknown) as exception_info: + data_helper.get_subjects(policy_id="invalid") + assert str(exception_info.value) == '400: Policy Unknown' + + +def test_add_subject_with_same_policy_twice(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "testuser", + "description": "test", + } + subject = data_helper.add_subject(policy_id=policy_id, value=value) + assert subject + subject_id = list(subject.keys())[0] + assert len(subject[subject_id].get('policy_list')) == 1 + with pytest.raises(PolicyExisting) as exception_info: + data_helper.add_subject(policy_id=policy_id, value=value) + assert str(exception_info.value) == '409: Policy Already Exists' + + +def test_add_subjects_multiple_times(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "testuser", + "description": "test", + } + subject = data_helper.add_subject(policy_id=policy_id, value=value) + subject_id = list(subject.keys())[0] + perimeter_id = subject[subject_id].get('id') + assert subject + value = { + "name": "testuser", + "description": "test", + } + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category2", + object_category_name="object_category2", + action_category_name="action_category2", + meta_rule_name="meta_rule_2", + model_name="model2") + subject = data_helper.add_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value) + assert subject + subject_id = list(subject.keys())[0] + assert len(subject[subject_id].get('policy_list')) == 2 + + +def test_delete_subject(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + value = { + "name": "testuser", + "description": "test", + } + subject = data_helper.add_subject(policy_id=policy_id, value=value) + subject_id = list(subject.keys())[0] + data_helper.delete_subject(policy_id, subject_id) + subjects = data_helper.get_subjects(policy_id, ) + assert not subjects + + +def test_delete_subject_with_invalid_perimeter_id(db): + policy_id = "invalid" + perimeter_id = "invalid" + with pytest.raises(PolicyUnknown) as exception_info: + data_helper.delete_subject(policy_id, perimeter_id) + assert str(exception_info.value) == '400: Policy Unknown' + + +def test_delete_subject_with_assignment(db): + + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category"+uuid4().hex, + object_category_name="object_category"+uuid4().hex, + action_category_name="action_category"+uuid4().hex, + meta_rule_name="meta_rule_"+uuid4().hex) + + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + + with pytest.raises(DeletePerimeterWithAssignment) as exception_info: + data_helper.delete_subject(policy_id, subject_id) + assert '400: Perimeter With Assignment Error' == str(exception_info.value) + + +def test_delete_object_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category" + uuid4().hex, + object_category_name="object_category" + uuid4().hex, + action_category_name="action_category" + uuid4().hex, + meta_rule_name="meta_rule_" + uuid4().hex) + + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + + with pytest.raises(DeletePerimeterWithAssignment) as exception_info: + data_helper.delete_object(policy_id, object_id) + assert '400: Perimeter With Assignment Error' == str(exception_info.value) + +def test_delete_action_with_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category" + uuid4().hex, + object_category_name="object_category" + uuid4().hex, + action_category_name="action_category" + uuid4().hex, + meta_rule_name="meta_rule_" + uuid4().hex) + + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + + with pytest.raises(DeletePerimeterWithAssignment) as exception_info: + data_helper.delete_action(policy_id, action_id) + assert '400: Perimeter With Assignment Error' == str(exception_info.value) + + +def test_get_available_metadata(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1") + metadata = data_helper.get_available_metadata(policy_id=policy_id) + assert metadata + assert metadata['object'][0] == object_category_id + assert metadata['subject'][0] == subject_category_id + assert metadata['action'][0] == action_category_id + + +def test_get_available_metadata_with_invalid_policy_id(db): + with pytest.raises(PolicyUnknown) as exception_info: + data_helper.get_available_metadata(policy_id='invalid') + assert '400: Policy Unknown' == str(exception_info.value) diff --git a/old/python_moondb/tests/unit_python/policies/test_policies.py b/old/python_moondb/tests/unit_python/policies/test_policies.py new file mode 100755 index 00000000..b2394203 --- /dev/null +++ b/old/python_moondb/tests/unit_python/policies/test_policies.py @@ -0,0 +1,643 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import pytest +import helpers.mock_data as mock_data +import helpers.policy_helper as policy_helper +import helpers.model_helper as model_helper +import helpers.model_helper as model_helper +from python_moonutilities.exceptions import * +import helpers.pdp_helper as pdp_helper +import helpers.data_helper as data_helper +import helpers.assignment_helper as assignment_helper +from uuid import uuid4 + + +def test_get_policies(db): + policies = policy_helper.get_policies() + assert isinstance(policies, dict) + assert not policies + + +def test_add_policies(db): + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) + value = { + "name": "test_policy", + "model_id": model_id, + "genre": "authz", + "description": "test", + } + policies = policy_helper.add_policies(value=value) + assert isinstance(policies, dict) + assert policies + assert len(policies.keys()) == 1 + policy_id = list(policies.keys())[0] + for key in ("genre", "name", "model_id", "description"): + assert key in policies[policy_id] + assert policies[policy_id][key] == value[key] + + +def test_add_policies_twice_with_same_id(db): + policy_id = 'policy_id_1' + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) + value = { + "name": "test_policy", + "model_id": model_id, + "genre": "authz", + "description": "test", + } + policy_helper.add_policies(policy_id, value) + with pytest.raises(PolicyExisting) as exception_info: + policy_helper.add_policies(policy_id, value) + assert str(exception_info.value) == '409: Policy Already Exists' + + +def test_add_policies_twice_with_same_name(db): + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) + policy_name=uuid4().hex + value = { + "name": policy_name, + "model_id": model_id, + "genre": "authz", + "description": "test", + } + policy_helper.add_policies(value=value) + with pytest.raises(Exception) as exception_info: + policy_helper.add_policies(value=value) + assert str(exception_info.value) == '409: Policy Already Exists' + assert str(exception_info.value.description)== 'Policy name Existed' + + +def test_delete_policies(db): + model = model_helper.add_model(model_id=uuid4().hex) + model_id = next(iter(model)) + policy_name1 = uuid4().hex + value = { + "name": policy_name1, + "model_id": model_id, + "genre": "authz", + "description": "test", + } + policies = policy_helper.add_policies(value=value) + policy_id1 = list(policies.keys())[0] + policy_name2 = uuid4().hex + value = { + "name": policy_name2, + "model_id": model_id, + "genre": "authz", + "description": "test", + } + policies = policy_helper.add_policies(value=value) + policy_id2 = list(policies.keys())[0] + assert policy_id1 != policy_id2 + policy_helper.delete_policies(policy_id1) + policies = policy_helper.get_policies() + assert policy_id1 not in policies + + +def test_delete_policies_with_invalid_id(db): + policy_id = 'policy_id_1' + with pytest.raises(PolicyUnknown) as exception_info: + policy_helper.delete_policies(policy_id) + # assert str(exception_info.value) == '400: Policy Unknown' + + +def test_update_policy(db): + policies = policy_helper.add_policies() + policy_id = list(policies.keys())[0] + value = { + "name": "test_policy4", + "model_id": policies[policy_id]['model_id'], + "genre": "authz", + "description": "test-3", + } + updated_policy = policy_helper.update_policy(policy_id, value) + assert updated_policy + for key in ("genre", "name", "model_id", "description"): + assert key in updated_policy[policy_id] + assert updated_policy[policy_id][key] == value[key] + + +def test_update_policy_name_with_existed_one(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + policy_name = uuid4().hex + value = { + "name": policy_name, + "model_id": policies[policy_id1]['model_id'], + "genre": "authz", + "description": "test-3", + } + policy_helper.add_policies(value=value) + with pytest.raises(PolicyExisting) as exception_info: + policy_helper.update_policy(policy_id=policy_id1,value=value) + + assert str(exception_info.value) == '409: Policy Already Exists' + assert str(exception_info.value.description)== 'Policy name Existed' + + +def test_update_policy_with_invalid_id(db): + policy_id = 'invalid-id' + value = { + "name": "test_policy4", + "model_id": "", + "genre": "authz", + "description": "test-3", + } + with pytest.raises(PolicyUnknown) as exception_info: + policy_helper.update_policy(policy_id, value) + assert str(exception_info.value) == '400: Policy Unknown' + + +def test_get_policy_from_meta_rules(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + security_pipeline = [policy_id] + pdp_obj = mock_data.create_pdp(security_pipeline) + pdp_helper.add_pdp(value=pdp_obj) + matched_policy_id = policy_helper.get_policy_from_meta_rules(meta_rule_id) + assert matched_policy_id + assert policy_id == matched_policy_id + + +def test_get_policy_from_meta_rules_with_no_policy_ids(db): + meta_rule_id = 'meta_rule_id' + value = { + "name": "test_pdp", + "security_pipeline": [], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp_helper.add_pdp(value=value) + matched_policy_id = policy_helper.get_policy_from_meta_rules(meta_rule_id) + assert not matched_policy_id + + +def test_get_rules(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category12", + object_category_name="object_category12", + action_category_name="action_category12", + meta_rule_name="meta_rule_12", + model_name="model12") + + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id) + rules = policy_helper.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id) + assert isinstance(rules, dict) + assert rules + obj = rules.get('rules') + assert len(obj) == 2 + + +def test_get_rules_with_invalid_policy_id_failure(db): + rules = policy_helper.get_rules("invalid_policy_id", "meta_rule_id") + assert not rules.get('meta_rule-id') + assert len(rules.get('rules')) == 0 + + +def test_add_rule_existing(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + + value = { + "rule": (subject_data_id, object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert rules + assert len(rules) == 1 + assert isinstance(rules, dict) + rule_id = list(rules.keys())[0] + for key in ("rule", "instructions", "enabled"): + assert key in rules[rule_id] + assert rules[rule_id][key] == value[key] + + with pytest.raises(RuleExisting) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '409: Rule Existing' + + +def test_check_existing_rule_valid_request(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert rules + assert len(rules) == 1 + assert isinstance(rules, dict) + rule_id = list(rules.keys())[0] + for key in ("rule", "instructions", "enabled"): + assert key in rules[rule_id] + assert rules[rule_id][key] == value[key] + + with pytest.raises(RuleExisting) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '409: Rule Existing' + + +def test_check_existing_rule_valid_multiple__data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id1 = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + subject_data_id2 = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id1 = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + object_data_id2 = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id1 = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + action_data_id2 = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": ( + subject_data_id1, object_data_id2, action_data_id1), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + rules = policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert rules + assert len(rules) == 1 + assert isinstance(rules, dict) + rule_id = list(rules.keys())[0] + for key in ("rule", "instructions", "enabled"): + assert key in rules[rule_id] + assert rules[rule_id][key] == value[key] + + with pytest.raises(RuleExisting) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '409: Rule Existing' + + +def test_check_existing_rule_missing_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert exception_info.value.description== "Missing Data" + + +def test_check_existing_rule_meta_rule_missing_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, object_data_id, action_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(MetaRuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Meta Rule Error' + assert exception_info.value.description == "Missing Data" + + +def test_check_existing_rule_invalid_data_id_order(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (object_data_id, action_data_id, subject_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Subject_category" in exception_info.value.description + + +def test_check_existing_rule_invalid_data_id_order_scenrio_2(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, action_data_id, object_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Object_category" in exception_info.value.description + + +def test_check_existing_rule_wrong_subject_data_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (uuid4().hex, object_data_id, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Subject_category" in exception_info.value.description + + +def test_check_existing_rule_wrong_object_data_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, uuid4().hex, action_data_id), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Object_category" in exception_info.value.description + + +def test_check_existing_rule_wrong_action_data_id(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + subject_data_id = mock_data.create_subject_data(policy_id=policy_id, + category_id=subject_category_id) + object_data_id = mock_data.create_object_data(policy_id=policy_id, + category_id=object_category_id) + action_data_id = mock_data.create_action_data(policy_id=policy_id, + category_id=action_category_id) + value = { + "rule": (subject_data_id, object_data_id, uuid4().hex), + "instructions": ({"decision": "grant"}), + "enabled": "", + } + + with pytest.raises(RuleContentError) as exception_info: + policy_helper.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value) + assert str(exception_info.value) == '400: Rule Error' + assert "Missing Action_category" in exception_info.value.description + + +def test_delete_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + rules = policy_helper.add_rule(policy_id, meta_rule_id) + rule_id = list(rules.keys())[0] + policy_helper.delete_rule(policy_id, rule_id) + rules = policy_helper.get_rules(policy_id, meta_rule_id) + assert not rules.get('rules') + + +def test_delete_policies_with_pdp(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + pdp_id = "pdp_id1" + value = { + "name": "test_pdp", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp_helper.add_pdp(pdp_id=pdp_id, value=value) + with pytest.raises(DeletePolicyWithPdp) as exception_info: + policy_helper.delete_policies(policy_id1) + assert str(exception_info.value) == '400: Policy With PDP Error' + assert 'Cannot delete policy with pdp' == exception_info.value.description + + +def test_delete_policies_with_subject_perimeter(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + + value = { + "name": "testuser", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + data_helper.add_subject(policy_id=policy_id1, value=value) + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id1) + assert str(exception_info.value) == '400: Policy With Perimeter Error' + assert 'Cannot delete policy with perimeter'== exception_info.value.description + + +def test_delete_policies_with_object_perimeter(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + + value = { + "name": "test_obj", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + data_helper.add_object(policy_id=policy_id1, value=value) + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id1) + assert str(exception_info.value) == '400: Policy With Perimeter Error' + assert 'Cannot delete policy with perimeter'== exception_info.value.description + + +def test_delete_policies_with_action_perimeter(db): + policies = policy_helper.add_policies() + policy_id1 = list(policies.keys())[0] + + value = { + "name": "test_act", + "security_pipeline": [policy_id1], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + data_helper.add_action(policy_id=policy_id1, value=value) + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id1) + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_subject_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + subject_id = mock_data.create_subject(policy_id) + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + assignment_helper.add_subject_assignment(policy_id, subject_id, subject_category_id, data_id) + + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id) + + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_object_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + object_id = mock_data.create_object(policy_id) + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + assignment_helper.add_object_assignment(policy_id, object_id, object_category_id, data_id) + + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_action_assignment(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + action_id = mock_data.create_action(policy_id) + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + assignment_helper.add_action_assignment(policy_id, action_id, action_category_id, data_id) + + with pytest.raises(DeletePolicyWithPerimeter) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Perimeter Error' == str(exception_info.value) + + +def test_delete_policies_with_subject_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + data_id = mock_data.create_subject_data(policy_id=policy_id, category_id=subject_category_id) + + with pytest.raises(DeletePolicyWithData) as exception_info: + policy_helper.delete_policies(policy_id) + + assert '400: Policy With Data Error' == str(exception_info.value) + + +def test_delete_policies_with_object_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + data_id = mock_data.create_object_data(policy_id=policy_id, category_id=object_category_id) + + with pytest.raises(DeletePolicyWithData) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Data Error' == str(exception_info.value) + + +def test_delete_policies_with_action_data(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + data_id = mock_data.create_action_data(policy_id=policy_id, category_id=action_category_id) + + with pytest.raises(DeletePolicyWithData) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Data Error' == str(exception_info.value) + + +def test_delete_policies_with_rule(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy() + + rules = policy_helper.add_rule(policy_id, meta_rule_id) + + with pytest.raises(DeletePolicyWithRules) as exception_info: + policy_helper.delete_policies(policy_id) + assert '400: Policy With Rule Error' == str(exception_info.value) diff --git a/old/python_moondb/tests/unit_python/requirements.txt b/old/python_moondb/tests/unit_python/requirements.txt new file mode 100644 index 00000000..aea8e3d5 --- /dev/null +++ b/old/python_moondb/tests/unit_python/requirements.txt @@ -0,0 +1,4 @@ +sqlalchemy +pymysql +requests_mock +python_moonutilities==1.4.20
\ No newline at end of file diff --git a/old/python_moondb/tests/unit_python/test_keystone.py b/old/python_moondb/tests/unit_python/test_keystone.py new file mode 100644 index 00000000..134bec0d --- /dev/null +++ b/old/python_moondb/tests/unit_python/test_keystone.py @@ -0,0 +1,53 @@ +import pytest + + +def create_project(tenant_dict): + from python_moondb.core import KeystoneManager + return KeystoneManager.create_project(tenant_dict) + + +def list_projects(): + from python_moondb.core import KeystoneManager + return KeystoneManager.list_projects() + + +def create_user(subject_dict): + from python_moondb.core import KeystoneManager + return KeystoneManager.create_user(subject_dict) + + +def test_create_project(): + tenant_dict = { + "description": "test_project", + "domain_id": ['domain_id_1'], + "enabled": True, + "is_domain": False, + "name": 'project_1' + } + project = create_project(tenant_dict) + assert project + assert project.get('name') == tenant_dict.get('name') + + +def test_create_project_without_name(): + tenant_dict = { + "description": "test_project", + "domain_id": ['domain_id_1'], + "enabled": True, + "is_domain": False, + } + with pytest.raises(Exception) as exception_info: + create_project(tenant_dict) + assert '400: Keystone project error' == str(exception_info.value) + + +def test_create_user(): + subject_dict = { + "password": "password", + "domain_id": ['domain_id_1'], + "enabled": True, + "project": 'test_project', + "name": 'user_id_1' + } + user = create_user(subject_dict) + assert user diff --git a/old/python_moondb/tests/unit_python/test_pdp.py b/old/python_moondb/tests/unit_python/test_pdp.py new file mode 100755 index 00000000..4d245e4d --- /dev/null +++ b/old/python_moondb/tests/unit_python/test_pdp.py @@ -0,0 +1,149 @@ +import pytest +import helpers.mock_data as mock_data +import helpers.pdp_helper as pdp_helper + + +def test_update_pdp(db): + pdp_id = "pdp_id1" + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_pdp", + "security_pipeline": [policy_id], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp_helper.add_pdp(pdp_id, value) + pdp = pdp_helper.update_pdp(pdp_id, value) + assert pdp + + +def test_update_pdp_with_invalid_id(db): + pdp_id = "pdp_id1" + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_pdp", + "security_pipeline": [policy_id], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + with pytest.raises(Exception) as exception_info: + pdp_helper.update_pdp(pdp_id, value) + assert str(exception_info.value) == '400: Pdp Unknown' + + +def test_delete_pdp(db): + pdp_id = "pdp_id1" + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_pdp", + "security_pipeline": [policy_id], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp_helper.add_pdp(pdp_id, value) + pdp_helper.delete_pdp(pdp_id) + assert len(pdp_helper.get_pdp(pdp_id)) == 0 + + +def test_delete_pdp_with_invalid_id(db): + pdp_id = "pdp_id1" + with pytest.raises(Exception) as exception_info: + pdp_helper.delete_pdp(pdp_id) + assert str(exception_info.value) == '400: Pdp Unknown' + + +def test_add_pdp(db): + pdp_id = "pdp_id1" + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_pdp", + "security_pipeline": [policy_id], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp = pdp_helper.add_pdp(pdp_id, value) + assert pdp + + +def test_add_pdp_twice_with_same_id(db): + pdp_id = "pdp_id1" + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_pdp", + "security_pipeline": [policy_id], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp_helper.add_pdp(pdp_id, value) + with pytest.raises(Exception) as exception_info: + pdp_helper.add_pdp(pdp_id, value) + assert str(exception_info.value) == '409: Pdp Error' + + +def test_add_pdp_twice_with_same_name(db): + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_pdp", + "security_pipeline": [policy_id], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp_helper.add_pdp(value=value) + with pytest.raises(Exception) as exception_info: + pdp_helper.add_pdp(value=value) + assert str(exception_info.value) == '409: Pdp Error' + + +def test_get_pdp(db): + pdp_id = "pdp_id1" + subject_category_id, object_category_id, action_category_id, meta_rule_id, policy_id = mock_data.create_new_policy( + subject_category_name="subject_category1", + object_category_name="object_category1", + action_category_name="action_category1", + meta_rule_name="meta_rule_1", + model_name="model1") + value = { + "name": "test_pdp", + "security_pipeline": [policy_id], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + pdp_helper.add_pdp(pdp_id, value) + pdp = pdp_helper.get_pdp(pdp_id) + assert len(pdp) == 1 + + +def test_get_pdp_with_invalid_id(db): + pdp_id = "invalid" + pdp = pdp_helper.get_pdp(pdp_id) + assert len(pdp) == 0 diff --git a/old/python_moondb/tests/unit_python/utilities.py b/old/python_moondb/tests/unit_python/utilities.py new file mode 100644 index 00000000..1d79d890 --- /dev/null +++ b/old/python_moondb/tests/unit_python/utilities.py @@ -0,0 +1,136 @@ +import base64 +import json + + +CONF = { + "openstack": { + "keystone": { + "url": "http://keystone:5000/v3", + "user": "admin", + "check_token": False, + "password": "p4ssw0rd", + "domain": "default", + "certificate": False, + "project": "admin" + } + }, + "components": { + "wrapper": { + "bind": "0.0.0.0", + "port": 8080, + "container": "wukongsun/moon_wrapper:v4.3", + "timeout": 5, + "hostname": "wrapper" + }, + "manager": { + "bind": "0.0.0.0", + "port": 8082, + "container": "wukongsun/moon_manager:v4.3", + "hostname": "manager" + }, + "port_start": 31001, + "orchestrator": { + "bind": "0.0.0.0", + "port": 8083, + "container": "wukongsun/moon_orchestrator:v4.3", + "hostname": "interface" + }, + "interface": { + "bind": "0.0.0.0", + "port": 8080, + "container": "wukongsun/moon_interface:v4.3", + "hostname": "interface" + } + }, + "plugins": { + "session": { + "port": 8082, + "container": "asteroide/session:latest" + }, + "authz": { + "port": 8081, + "container": "wukongsun/moon_authz:v4.3" + } + }, + "logging": { + "handlers": { + "file": { + "filename": "/tmp/moon.log", + "class": "logging.handlers.RotatingFileHandler", + "level": "DEBUG", + "formatter": "custom", + "backupCount": 3, + "maxBytes": 1048576 + }, + "console": { + "class": "logging.StreamHandler", + "formatter": "brief", + "level": "INFO", + "stream": "ext://sys.stdout" + } + }, + "formatters": { + "brief": { + "format": "%(levelname)s %(name)s %(message)-30s" + }, + "custom": { + "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" + } + }, + "root": { + "handlers": [ + "console" + ], + "level": "ERROR" + }, + "version": 1, + "loggers": { + "moon": { + "handlers": [ + "console", + "file" + ], + "propagate": False, + "level": "DEBUG" + } + } + }, + "slave": { + "name": None, + "master": { + "url": None, + "login": None, + "password": None + } + }, + "docker": { + "url": "tcp://172.88.88.1:2376", + "network": "moon" + }, + "database": { + "url": "sqlite:///database.db", + # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", + "driver": "sql" + }, + "messenger": { + "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" + } +} + + +def get_b64_conf(component=None): + if component == "components": + return base64.b64encode( + json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8') + elif component in CONF: + return base64.b64encode( + json.dumps( + CONF[component]).encode('utf-8')+b"\n").decode('utf-8') + elif not component: + return base64.b64encode( + json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8') + elif "/" in component: + key1, _, key2 = component.partition("/") + return base64.b64encode( + json.dumps( + CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8') |