diff options
Diffstat (limited to 'python_moonutilities')
20 files changed, 1007 insertions, 795 deletions
diff --git a/python_moonutilities/Changelog b/python_moonutilities/Changelog index dd441427..91f09cbf 100644 --- a/python_moonutilities/Changelog +++ b/python_moonutilities/Changelog @@ -70,3 +70,7 @@ CHANGES 1.4.3 ----- - Fix a bug in MANIFEST.in + +1.4.4 +----- +- Code cleaning diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py index fb899fe2..6d1ac746 100644 --- a/python_moonutilities/python_moonutilities/__init__.py +++ b/python_moonutilities/python_moonutilities/__init__.py @@ -3,4 +3,6 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.4.3" +__version__ = "1.4.4" + + diff --git a/python_moonutilities/python_moonutilities/api.py b/python_moonutilities/python_moonutilities/api.py deleted file mode 100644 index 8e80c21d..00000000 --- a/python_moonutilities/python_moonutilities/api.py +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -class APIList(object): - - API_LIST = () - - def __init__(self, api_list): - self.API_LIST = api_list - - def list_api(self, ctx): - api = dict() - for obj in self.API_LIST: - api[obj.__name__] = dict() - api[obj.__name__]["description"] = obj.__doc__.strip() if obj.__doc__ else "" - api[obj.__name__]["version"] = obj.__version__ - api[obj.__name__]["commands"] = dict() - for cmd in filter(lambda x: not x.startswith("__"), dir(obj)): - doc = eval("obj.{}.__doc__".format(cmd)) - if not doc: - doc = "" - api[obj.__name__]["commands"][cmd] = doc.strip() - return api - - diff --git a/python_moonutilities/python_moonutilities/auth.py b/python_moonutilities/python_moonutilities/auth.py index 7656f4e7..5f921d0b 100644 --- a/python_moonutilities/python_moonutilities/auth.py +++ b/python_moonutilities/python_moonutilities/auth.py @@ -12,7 +12,7 @@ from oslo_log import log as logging from python_moonutilities import exceptions, configuration -LOG = logging.getLogger(__name__) +logger = logging.getLogger(__name__) KEYSTONE_CONFIG = configuration.get_configuration("openstack/keystone")["openstack/keystone"] TOKENS = {} @@ -52,13 +52,13 @@ def check_token(token, url=None): TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S") TOKENS[token]["user"] = req.json().get("token").get("user").get("id") return TOKENS[token]["user"] - LOG.error("{} - {}".format(req.status_code, req.text)) + logger.error("{} - {}".format(req.status_code, req.text)) raise exceptions.KeystoneError elif KEYSTONE_CONFIG['check_token'].lower() == "strict": req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify) if req.status_code in (200, 201): return token - LOG.error("{} - {}".format(req.status_code, req.text)) + logger.error("{} - {}".format(req.status_code, req.text)) raise exceptions.KeystoneError raise exceptions.KeystoneError diff --git a/python_moonutilities/python_moonutilities/cache.py b/python_moonutilities/python_moonutilities/cache.py index 93e3daca..49f1dd53 100644 --- a/python_moonutilities/python_moonutilities/cache.py +++ b/python_moonutilities/python_moonutilities/cache.py @@ -4,7 +4,7 @@ import requests from uuid import uuid4 from python_moonutilities import configuration, exceptions -LOG = logging.getLogger("moon.utilities.cache") +logger = logging.getLogger("moon.utilities.cache") class Cache(object): @@ -174,12 +174,12 @@ class Cache(object): def __update_rules(self): for policy_id in self.__POLICIES: - LOG.info("Get {}".format("{}/policies/{}/rules".format( + logger.info("Get {}".format("{}/policies/{}/rules".format( self.manager_url, policy_id))) req = requests.get("{}/policies/{}/rules".format( self.manager_url, policy_id)) self.__RULES[policy_id] = req.json()['rules'] - LOG.info("UPDATE RULES {}".format(self.__RULES)) + logger.info("UPDATE RULES {}".format(self.__RULES)) # assignment functions @@ -509,7 +509,7 @@ class Cache(object): continue self.__update_container_chaining(value["keystone_project_id"]) self.__CONTAINER_CHAINING_UPDATE = current_time - LOG.info(self.__CONTAINER_CHAINING_UPDATE) + logger.info(self.__CONTAINER_CHAINING_UPDATE) return self.__CONTAINER_CHAINING def __update_container_chaining(self, keystone_project_id): @@ -527,7 +527,7 @@ class Cache(object): _raw = requests.get("{}/pods/{}".format( self.orchestrator_url, container_value["name"]) ) - LOG.debug("_raw={}".format(_raw.text)) + logger.debug("_raw={}".format(_raw.text)) container_ids.append( { "container_id": container_value["name"], diff --git a/python_moonutilities/python_moonutilities/configuration.py b/python_moonutilities/python_moonutilities/configuration.py index f0ef74a6..51587582 100644 --- a/python_moonutilities/python_moonutilities/configuration.py +++ b/python_moonutilities/python_moonutilities/configuration.py @@ -7,11 +7,10 @@ import base64 import json import requests -import logging import logging.config from python_moonutilities import exceptions -LOG = logging.getLogger("moon.utilities") +logger = logging.getLogger("moon.utilities.configuration") CONSUL_HOST = "consul" CONSUL_PORT = "8500" @@ -33,7 +32,7 @@ def increment_port(): url = "http://{}:{}/v1/kv/components_port_start".format(CONSUL_HOST, CONSUL_PORT) req = requests.put(url, json=str(components_port_start)) if req.status_code != 200: - LOG.info("url={}".format(url)) + logger.info("url={}".format(url)) raise exceptions.ConsulError return components_port_start @@ -42,7 +41,7 @@ def get_configuration(key): url = "http://{}:{}/v1/kv/{}".format(CONSUL_HOST, CONSUL_PORT, key) req = requests.get(url) if req.status_code != 200: - LOG.error("url={}".format(url)) + logger.error("url={}".format(url)) raise exceptions.ConsulComponentNotFound("error={}: {}".format(req.status_code, req.text)) data = req.json() if len(data) == 1: @@ -70,18 +69,18 @@ def add_component(name, uuid, port=None, bind="127.0.0.1", keystone_id="", extra json=data ) if req.status_code != 200: - LOG.debug("url={}".format("http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid))) - LOG.debug("data={}".format(data)) + logger.debug("url={}".format("http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid))) + logger.debug("data={}".format(data)) raise exceptions.ConsulError - LOG.info("Add component {}".format(req.text)) - return get_configuration("components/"+uuid) + logger.info("Add component {}".format(req.text)) + return configuration.get_configuration("components/"+uuid) def get_plugins(): url = "http://{}:{}/v1/kv/plugins?recurse=true".format(CONSUL_HOST, CONSUL_PORT) req = requests.get(url) if req.status_code != 200: - LOG.info("url={}".format(url)) + logger.info("url={}".format(url)) raise exceptions.ConsulError data = req.json() if len(data) == 1: @@ -98,7 +97,7 @@ def get_components(): url = "http://{}:{}/v1/kv/components?recurse=true".format(CONSUL_HOST, CONSUL_PORT) req = requests.get(url) if req.status_code != 200: - LOG.info("url={}".format(url)) + logger.info("url={}".format(url)) raise exceptions.ConsulError data = req.json() if len(data) == 1: diff --git a/python_moonutilities/python_moonutilities/context.py b/python_moonutilities/python_moonutilities/context.py new file mode 100644 index 00000000..626b25dc --- /dev/null +++ b/python_moonutilities/python_moonutilities/context.py @@ -0,0 +1,319 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +import copy +import logging +from python_moonutilities import exceptions + +logger = logging.getLogger("moon.utilities." + __name__) + + +class Context: + + def __init__(self, init_context, cache): + self.cache = cache + self.__keystone_project_id = init_context.get("project_id") + self.__pdp_id = None + self.__pdp_value = None + for _pdp_key, _pdp_value in self.cache.pdp.items(): + if _pdp_value["keystone_project_id"] == self.__keystone_project_id: + self.__pdp_id = _pdp_key + self.__pdp_value = copy.deepcopy(_pdp_value) + break + if not self.__pdp_value: + raise exceptions.AuthzException( + "Cannot create context for authz " + "with Keystone project ID {}".format( + self.__keystone_project_id + )) + self.__subject = init_context.get("subject_name") + self.__object = init_context.get("object_name") + self.__action = init_context.get("action_name") + self.__current_request = None + self.__request_id = init_context.get("req_id") + self.__cookie = init_context.get("cookie") + self.__manager_url = init_context.get("manager_url") + self.__interface_name = init_context.get("interface_name") + self.__index = -1 + # self.__init_initial_request() + self.__headers = [] + policies = self.cache.policies + models = self.cache.models + for policy_id in self.__pdp_value["security_pipeline"]: + model_id = policies[policy_id]["model_id"] + for meta_rule in models[model_id]["meta_rules"]: + self.__headers.append(meta_rule) + self.__meta_rules = self.cache.meta_rules + self.__pdp_set = {} + # self.__init_pdp_set() + + def delete_cache(self): + self.cache = {} + + def set_cache(self, cache): + self.cache = cache + + def increment_index(self): + self.__index += 1 + self.__init_current_request() + self.__init_pdp_set() + + @property + def current_state(self): + return self.__pdp_set[self.__headers[self.__index]]['effect'] + + @current_state.setter + def current_state(self, state): + if state not in ("grant", "deny", "passed"): + state = "passed" + self.__pdp_set[self.__headers[self.__index]]['effect'] = state + + @current_state.deleter + def current_state(self): + self.__pdp_set[self.__headers[self.__index]]['effect'] = "unset" + + @property + def current_policy_id(self): + return self.__pdp_value["security_pipeline"][self.__index] + + @current_policy_id.setter + def current_policy_id(self, value): + pass + + @current_policy_id.deleter + def current_policy_id(self): + pass + + def __init_current_request(self): + self.__subject = self.cache.get_subject( + self.__pdp_value["security_pipeline"][self.__index], + self.__subject) + self.__object = self.cache.get_object( + self.__pdp_value["security_pipeline"][self.__index], + self.__object) + self.__action = self.cache.get_action( + self.__pdp_value["security_pipeline"][self.__index], + self.__action) + self.__current_request = dict(self.initial_request) + + def __init_pdp_set(self): + for header in self.__headers: + self.__pdp_set[header] = dict() + self.__pdp_set[header]["meta_rules"] = self.__meta_rules[header] + self.__pdp_set[header]["target"] = self.__add_target(header) + self.__pdp_set[header]["effect"] = "unset" + self.__pdp_set["effect"] = "deny" + + # def update_target(self, context): + # # result = dict() + # current_request = context['current_request'] + # _subject = current_request.get("subject") + # _object = current_request.get("object") + # _action = current_request.get("action") + # meta_rule_id = context['headers'][context['index']] + # policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id) + # meta_rules = self.cache.meta_rules() + # # for meta_rule_id in meta_rules: + # for sub_cat in meta_rules[meta_rule_id]['subject_categories']: + # if sub_cat not in context["pdp_set"][meta_rule_id]["target"]: + # context["pdp_set"][meta_rule_id]["target"][sub_cat] = [] + # for assign in self.cache.get_subject_assignments(policy_id, _subject, sub_cat).values(): + # for assign in assign["assignments"]: + # if assign not in context["pdp_set"][meta_rule_id]["target"][sub_cat]: + # context["pdp_set"][meta_rule_id]["target"][sub_cat].append(assign) + # for obj_cat in meta_rules[meta_rule_id]['object_categories']: + # if obj_cat not in context["pdp_set"][meta_rule_id]["target"]: + # context["pdp_set"][meta_rule_id]["target"][obj_cat] = [] + # for assign in self.cache.get_object_assignments(policy_id, _object, obj_cat).values(): + # for assign in assign["assignments"]: + # if assign not in context["pdp_set"][meta_rule_id]["target"][obj_cat]: + # context["pdp_set"][meta_rule_id]["target"][obj_cat].append(assign) + # for act_cat in meta_rules[meta_rule_id]['action_categories']: + # if act_cat not in context["pdp_set"][meta_rule_id]["target"]: + # context["pdp_set"][meta_rule_id]["target"][act_cat] = [] + # for assign in self.cache.get_action_assignments(policy_id, _action, act_cat).values(): + # for assign in assign["assignments"]: + # if assign not in context["pdp_set"][meta_rule_id]["target"][act_cat]: + # context["pdp_set"][meta_rule_id]["target"][act_cat].append(assign) + # # context["pdp_set"][meta_rule_id]["target"].update(result) + + def __add_target(self, meta_rule_id): + """build target from meta_rule + + Target is dict of categories as keys ; and the value of each category + will be a list of assignments + + """ + result = dict() + _subject = self.__current_request["subject"] + _object = self.__current_request["object"] + _action = self.__current_request["action"] + meta_rules = self.cache.meta_rules + policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id) + for sub_cat in meta_rules[meta_rule_id]['subject_categories']: + if sub_cat not in result: + result[sub_cat] = [] + result[sub_cat].extend( + self.cache.get_subject_assignments(policy_id, _subject, sub_cat)) + for obj_cat in meta_rules[meta_rule_id]['object_categories']: + if obj_cat not in result: + result[obj_cat] = [] + result[obj_cat].extend( + self.cache.get_object_assignments(policy_id, _object, obj_cat)) + for act_cat in meta_rules[meta_rule_id]['action_categories']: + if act_cat not in result: + result[act_cat] = [] + result[act_cat].extend( + self.cache.get_action_assignments(policy_id, _action, act_cat)) + return result + + def __repr__(self): + return """PDP ID: {id} +current_request: {current_request} +request_id: {request_id} +index: {index} +headers: {headers} +pdp_set: {pdp_set} + """.format( + id=self.__pdp_id, + current_request=self.__current_request, + request_id=self.__request_id, + headers=self.__headers, + pdp_set=self.__pdp_set, + index=self.__index + ) + + def to_dict(self): + return { + "initial_request": copy.deepcopy(self.initial_request), + "current_request": copy.deepcopy(self.__current_request), + "headers": copy.deepcopy(self.__headers), + "index": copy.deepcopy(self.__index), + "pdp_set": copy.deepcopy(self.__pdp_set), + "request_id": copy.deepcopy(self.__request_id), + "manager_url": copy.deepcopy(self.__manager_url), + "interface_name": copy.deepcopy(self.__interface_name), + } + + @property + def request_id(self): + return self.__request_id + + @request_id.setter + def request_id(self, value): + raise Exception("You cannot update the request_id") + + @request_id.deleter + def request_id(self): + raise Exception("You cannot update the request_id") + + @property + def manager_url(self): + return self.__manager_url + + @manager_url.setter + def manager_url(self, value): + raise Exception("You cannot update the manager_url") + + @manager_url.deleter + def manager_url(self): + raise Exception("You cannot update the manager_url") + + @property + def interface_name(self): + return self.__interface_name + + @interface_name.setter + def interface_name(self, value): + raise Exception("You cannot update the interface_name") + + @interface_name.deleter + def interface_name(self): + raise Exception("You cannot update the interface_name") + + @property + def cookie(self): + return self.__cookie + + @cookie.setter + def cookie(self, value): + raise Exception("You cannot update the cookie") + + @cookie.deleter + def cookie(self): + raise Exception("You cannot delete the cookie") + + @property + def initial_request(self): + return { + "subject": self.__subject, + "object": self.__object, + "action": self.__action, + } + + @initial_request.setter + def initial_request(self, value): + raise Exception("You are not allowed to update the initial_request") + + @initial_request.deleter + def initial_request(self): + raise Exception("You are not allowed to delete the initial_request") + + @property + def current_request(self): + if not self.__current_request: + self.__current_request = copy.deepcopy(self.initial_request) + return self.__current_request + + @current_request.setter + def current_request(self, value): + self.__current_request = copy.deepcopy(value) + # Note (asteroide): if the current request is modified, + # we must update the PDP Set. + self.__init_pdp_set() + + @current_request.deleter + def current_request(self): + self.__current_request = {} + self.__pdp_set = {} + + @property + def headers(self): + return self.__headers + + @headers.setter + def headers(self, headers): + self.__headers = headers + + @headers.deleter + def headers(self): + self.__headers = list() + + @property + def index(self): + return self.__index + + @index.setter + def index(self, index): + self.__index += 1 + + @index.deleter + def index(self): + self.__index = -1 + + @property + def pdp_set(self): + return self.__pdp_set + + @pdp_set.setter + def pdp_set(self, value): + raise Exception("You are not allowed to modify the pdp_set") + + @pdp_set.deleter + def pdp_set(self): + self.__pdp_set = {} + + diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py index 5bbab2be..f14d6abf 100644 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ b/python_moonutilities/python_moonutilities/exceptions.py @@ -6,7 +6,7 @@ from oslo_log import log as logging from werkzeug.exceptions import HTTPException -LOG = logging.getLogger("moon.utilities.exceptions") +logger = logging.getLogger("moon.utilities.exceptions") _ = str @@ -14,7 +14,7 @@ class MoonErrorMetaClass(type): def __init__(cls, name, bases, dct): super(MoonErrorMetaClass, cls).__init__(name, bases, dct) - cls.hierarchy += "/"+str(name) + cls.hierarchy += "/" + str(name) class MoonError(HTTPException): @@ -40,30 +40,30 @@ class MoonError(HTTPException): message = "{} ({}) {}".format(self.hierarchy, self.description, self.payload) if self.logger == "ERROR": try: - LOG.error(message) + logger.error(message) except AttributeError: - LOG.error(message) + logger.error(message) elif self.logger == "WARNING": try: - LOG.warning(message) + logger.warning(message) except AttributeError: - LOG.warning(message) + logger.warning(message) elif self.logger == "CRITICAL": try: - LOG.critical(message) + logger.critical(message) except AttributeError: - LOG.critical(message) + logger.critical(message) elif self.logger == "AUTHZ": try: - LOG.authz(self.hierarchy) - LOG.error(message) + logger.authz(self.hierarchy) + logger.error(message) except AttributeError: - LOG.error(message) + logger.error(message) else: try: - LOG.info(message) + logger.info(message) except AttributeError: - LOG.info(message) + logger.info(message) # def to_dict(self): # rv = dict(self.payload or ()) @@ -109,6 +109,7 @@ class TenantNoIntraAuthzExtension(TenantNoIntraExtension): title = 'Tenant No Intra_Admin_Extension' logger = "ERROR" + # Exceptions for IntraExtension @@ -520,3 +521,16 @@ class ContainerMissing(DockerError): title = 'Container missing' logger = "ERROR" + +class PdpUnknown(MoonError): + description = _("The pdp is unknown.") + code = 400 + title = 'Pdp Unknown' + logger = "Error" + + +class PdpExisting(MoonError): + description = _("The pdp already exists.") + code = 409 + title = 'Pdp Error' + logger = "Error" diff --git a/python_moonutilities/python_moonutilities/misc.py b/python_moonutilities/python_moonutilities/misc.py index b83523c3..1db4d7cd 100644 --- a/python_moonutilities/python_moonutilities/misc.py +++ b/python_moonutilities/python_moonutilities/misc.py @@ -7,33 +7,7 @@ import logging import random -LOG = logging.getLogger(__name__) - - -def get_uuid_from_name(name, elements, **kwargs): - for element in elements: - if type(elements[element]) is dict and elements[element].get('name') == name: - if kwargs: - for args in kwargs: - if elements[element].get(args) != kwargs[args]: - return - else: - return element - else: - return element - - -def get_name_from_uuid(uuid, elements, **kwargs): - for element in elements: - if element == uuid: - if kwargs: - for args in kwargs: - if elements[element].get(args) != kwargs[args]: - return - else: - return elements[element].get('name') - else: - return elements[element].get('name') +logger = logging.getLogger("moon.utilities.misc") def get_random_name(): diff --git a/python_moonutilities/python_moonutilities/security_functions.py b/python_moonutilities/python_moonutilities/security_functions.py index 6d9307fe..15cbc8be 100644 --- a/python_moonutilities/python_moonutilities/security_functions.py +++ b/python_moonutilities/python_moonutilities/security_functions.py @@ -4,7 +4,6 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -import copy import re import os import types @@ -15,7 +14,7 @@ from flask import request import logging from python_moonutilities import exceptions, configuration -LOG = logging.getLogger("moon.utilities." + __name__) +logger = logging.getLogger("moon.utilities." + __name__) keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"] TOKENS = {} @@ -145,9 +144,9 @@ def login(user=None, password=None, domain=None, project=None, url=None): if req.status_code in (200, 201, 204): headers['X-Auth-Token'] = req.headers['X-Subject-Token'] return headers - LOG.warning("Waiting for Keystone...") + logger.warning("Waiting for Keystone...") if time.time() - start_time == 100: - LOG.error(req.text) + logger.error(req.text) raise exceptions.KeystoneError time.sleep(5) @@ -159,316 +158,10 @@ def logout(headers, url=None): req = requests.delete("{}/auth/tokens".format(url), headers=headers, verify=keystone_config['certificate']) if req.status_code in (200, 201, 204): return - LOG.error(req.text) + logger.error(req.text) raise exceptions.KeystoneError -class Context: - - def __init__(self, init_context, cache): - self.cache = cache - self.__keystone_project_id = init_context.get("project_id") - self.__pdp_id = None - self.__pdp_value = None - for _pdp_key, _pdp_value in self.cache.pdp.items(): - if _pdp_value["keystone_project_id"] == self.__keystone_project_id: - self.__pdp_id = _pdp_key - self.__pdp_value = copy.deepcopy(_pdp_value) - break - if not self.__pdp_value: - raise exceptions.AuthzException( - "Cannot create context for authz " - "with Keystone project ID {}".format( - self.__keystone_project_id - )) - self.__subject = init_context.get("subject_name") - self.__object = init_context.get("object_name") - self.__action = init_context.get("action_name") - self.__current_request = None - self.__request_id = init_context.get("req_id") - self.__cookie = init_context.get("cookie") - self.__manager_url = init_context.get("manager_url") - self.__interface_name = init_context.get("interface_name") - self.__index = -1 - # self.__init_initial_request() - self.__headers = [] - policies = self.cache.policies - models = self.cache.models - for policy_id in self.__pdp_value["security_pipeline"]: - model_id = policies[policy_id]["model_id"] - for meta_rule in models[model_id]["meta_rules"]: - self.__headers.append(meta_rule) - self.__meta_rules = self.cache.meta_rules - self.__pdp_set = {} - # self.__init_pdp_set() - - def delete_cache(self): - self.cache = {} - - def set_cache(self, cache): - self.cache = cache - - def increment_index(self): - self.__index += 1 - self.__init_current_request() - self.__init_pdp_set() - - @property - def current_state(self): - return self.__pdp_set[self.__headers[self.__index]]['effect'] - - @current_state.setter - def current_state(self, state): - if state not in ("grant", "deny", "passed"): - state = "passed" - self.__pdp_set[self.__headers[self.__index]]['effect'] = state - - @current_state.deleter - def current_state(self): - self.__pdp_set[self.__headers[self.__index]]['effect'] = "unset" - - @property - def current_policy_id(self): - return self.__pdp_value["security_pipeline"][self.__index] - - @current_policy_id.setter - def current_policy_id(self, value): - pass - - @current_policy_id.deleter - def current_policy_id(self): - pass - - def __init_current_request(self): - self.__subject = self.cache.get_subject( - self.__pdp_value["security_pipeline"][self.__index], - self.__subject) - self.__object = self.cache.get_object( - self.__pdp_value["security_pipeline"][self.__index], - self.__object) - self.__action = self.cache.get_action( - self.__pdp_value["security_pipeline"][self.__index], - self.__action) - self.__current_request = dict(self.initial_request) - - def __init_pdp_set(self): - for header in self.__headers: - self.__pdp_set[header] = dict() - self.__pdp_set[header]["meta_rules"] = self.__meta_rules[header] - self.__pdp_set[header]["target"] = self.__add_target(header) - self.__pdp_set[header]["effect"] = "unset" - self.__pdp_set["effect"] = "deny" - - # def update_target(self, context): - # # result = dict() - # current_request = context['current_request'] - # _subject = current_request.get("subject") - # _object = current_request.get("object") - # _action = current_request.get("action") - # meta_rule_id = context['headers'][context['index']] - # policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id) - # meta_rules = self.cache.meta_rules() - # # for meta_rule_id in meta_rules: - # for sub_cat in meta_rules[meta_rule_id]['subject_categories']: - # if sub_cat not in context["pdp_set"][meta_rule_id]["target"]: - # context["pdp_set"][meta_rule_id]["target"][sub_cat] = [] - # for assign in self.cache.get_subject_assignments(policy_id, _subject, sub_cat).values(): - # for assign in assign["assignments"]: - # if assign not in context["pdp_set"][meta_rule_id]["target"][sub_cat]: - # context["pdp_set"][meta_rule_id]["target"][sub_cat].append(assign) - # for obj_cat in meta_rules[meta_rule_id]['object_categories']: - # if obj_cat not in context["pdp_set"][meta_rule_id]["target"]: - # context["pdp_set"][meta_rule_id]["target"][obj_cat] = [] - # for assign in self.cache.get_object_assignments(policy_id, _object, obj_cat).values(): - # for assign in assign["assignments"]: - # if assign not in context["pdp_set"][meta_rule_id]["target"][obj_cat]: - # context["pdp_set"][meta_rule_id]["target"][obj_cat].append(assign) - # for act_cat in meta_rules[meta_rule_id]['action_categories']: - # if act_cat not in context["pdp_set"][meta_rule_id]["target"]: - # context["pdp_set"][meta_rule_id]["target"][act_cat] = [] - # for assign in self.cache.get_action_assignments(policy_id, _action, act_cat).values(): - # for assign in assign["assignments"]: - # if assign not in context["pdp_set"][meta_rule_id]["target"][act_cat]: - # context["pdp_set"][meta_rule_id]["target"][act_cat].append(assign) - # # context["pdp_set"][meta_rule_id]["target"].update(result) - - def __add_target(self, meta_rule_id): - """build target from meta_rule - - Target is dict of categories as keys ; and the value of each category - will be a list of assignments - - """ - result = dict() - _subject = self.__current_request["subject"] - _object = self.__current_request["object"] - _action = self.__current_request["action"] - meta_rules = self.cache.meta_rules - policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id) - for sub_cat in meta_rules[meta_rule_id]['subject_categories']: - if sub_cat not in result: - result[sub_cat] = [] - result[sub_cat].extend( - self.cache.get_subject_assignments(policy_id, _subject, sub_cat)) - for obj_cat in meta_rules[meta_rule_id]['object_categories']: - if obj_cat not in result: - result[obj_cat] = [] - result[obj_cat].extend( - self.cache.get_object_assignments(policy_id, _object, obj_cat)) - for act_cat in meta_rules[meta_rule_id]['action_categories']: - if act_cat not in result: - result[act_cat] = [] - result[act_cat].extend( - self.cache.get_action_assignments(policy_id, _action, act_cat)) - return result - - def __repr__(self): - return """PDP ID: {id} -current_request: {current_request} -request_id: {request_id} -index: {index} -headers: {headers} -pdp_set: {pdp_set} - """.format( - id=self.__pdp_id, - current_request=self.__current_request, - request_id=self.__request_id, - headers=self.__headers, - pdp_set=self.__pdp_set, - index=self.__index - ) - - def to_dict(self): - return { - "initial_request": copy.deepcopy(self.initial_request), - "current_request": copy.deepcopy(self.__current_request), - "headers": copy.deepcopy(self.__headers), - "index": copy.deepcopy(self.__index), - "pdp_set": copy.deepcopy(self.__pdp_set), - "request_id": copy.deepcopy(self.__request_id), - "manager_url": copy.deepcopy(self.__manager_url), - "interface_name": copy.deepcopy(self.__interface_name), - } - - @property - def request_id(self): - return self.__request_id - - @request_id.setter - def request_id(self, value): - raise Exception("You cannot update the request_id") - - @request_id.deleter - def request_id(self): - raise Exception("You cannot update the request_id") - - @property - def manager_url(self): - return self.__manager_url - - @manager_url.setter - def manager_url(self, value): - raise Exception("You cannot update the manager_url") - - @manager_url.deleter - def manager_url(self): - raise Exception("You cannot update the manager_url") - - @property - def interface_name(self): - return self.__interface_name - - @interface_name.setter - def interface_name(self, value): - raise Exception("You cannot update the interface_name") - - @interface_name.deleter - def interface_name(self): - raise Exception("You cannot update the interface_name") - - @property - def cookie(self): - return self.__cookie - - @cookie.setter - def cookie(self, value): - raise Exception("You cannot update the cookie") - - @cookie.deleter - def cookie(self): - raise Exception("You cannot delete the cookie") - - @property - def initial_request(self): - return { - "subject": self.__subject, - "object": self.__object, - "action": self.__action, - } - - @initial_request.setter - def initial_request(self, value): - raise Exception("You are not allowed to update the initial_request") - - @initial_request.deleter - def initial_request(self): - raise Exception("You are not allowed to delete the initial_request") - - @property - def current_request(self): - if not self.__current_request: - self.__current_request = copy.deepcopy(self.initial_request) - return self.__current_request - - @current_request.setter - def current_request(self, value): - self.__current_request = copy.deepcopy(value) - # Note (asteroide): if the current request is modified, - # we must update the PDP Set. - self.__init_pdp_set() - - @current_request.deleter - def current_request(self): - self.__current_request = {} - self.__pdp_set = {} - - @property - def headers(self): - return self.__headers - - @headers.setter - def headers(self, headers): - self.__headers = headers - - @headers.deleter - def headers(self): - self.__headers = list() - - @property - def index(self): - return self.__index - - @index.setter - def index(self, index): - self.__index += 1 - - @index.deleter - def index(self): - self.__index = -1 - - @property - def pdp_set(self): - return self.__pdp_set - - @pdp_set.setter - def pdp_set(self, value): - raise Exception("You are not allowed to modify the pdp_set") - - @pdp_set.deleter - def pdp_set(self): - self.__pdp_set = {} - - def check_token(token, url=None): _verify = False if keystone_config['certificate']: @@ -507,13 +200,13 @@ def check_token(token, url=None): TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S") TOKENS[token]["user"] = req.json().get("token").get("user").get("id") return TOKENS[token]["user"] - LOG.error("{} - {}".format(req.status_code, req.text)) + logger.error("{} - {}".format(req.status_code, req.text)) raise exceptions.KeystoneError elif keystone_config['check_token'].lower() == "strict": req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify) if req.status_code in (200, 201): return token - LOG.error("{} - {}".format(req.status_code, req.text)) + logger.error("{} - {}".format(req.status_code, req.text)) raise exceptions.KeystoneError raise exceptions.KeystoneError diff --git a/python_moonutilities/tests/unit_python/conftest.py b/python_moonutilities/tests/unit_python/conftest.py index 7217586a..34e5c272 100644 --- a/python_moonutilities/tests/unit_python/conftest.py +++ b/python_moonutilities/tests/unit_python/conftest.py @@ -1,8 +1,6 @@ import pytest import requests_mock -import mock_components -import mock_keystone -import mock_cache +import mock_repo @pytest.fixture(autouse=True) @@ -10,8 +8,7 @@ def no_requests(monkeypatch): """ Modify the response from Requests module """ with requests_mock.Mocker(real_http=True) as m: - mock_components.register_components(m) - mock_keystone.register_keystone(m) - mock_cache.register_cache(m) + mock_repo.register_cache(m) + print("End registering URI") yield m
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_cache.py b/python_moonutilities/tests/unit_python/mock_cache.py deleted file mode 100644 index b2b287a9..00000000 --- a/python_moonutilities/tests/unit_python/mock_cache.py +++ /dev/null @@ -1,321 +0,0 @@ -from utilities import CONF - -pdp_mock = { - "pdp_id1": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - }, - "pdp_id12": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } -} - -meta_rules_mock = { - "meta_rule_id1": { - "name": "meta_rule1", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - "meta_rule_id2": { - "name": "name of the meta rules2", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } -} - -policies_mock = { - "policy_id_1": { - "name": "test_policy1", - "model_id": "model_id_1", - "genre": "authz", - "description": "test", - }, - "policy_id_2": { - "name": "test_policy2", - "model_id": "model_id_2", - "genre": "authz", - "description": "test", - } -} - -subject_mock = { - "policy_id_1": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - }, - "policy_id_2": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - } -} - -subject_assignment_mock = { - "subject_id": { - "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", - "assignments": [], - } -} - -object_mock = { - "policy_id_1": { - "object_id": { - "name": "object_name", - "description": "a description" - } - }, - "policy_id_2": { - "object_id": { - "name": "object_name", - "description": "a description" - } - } -} - -object_assignment_mock = { - "object_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the object", - "category_id": "ID of the category", - "assignments": [], - } -} - -action_mock = { - "policy_id_1": { - "action_id": { - "name": "action_name", - "description": "a description" - } - }, - "policy_id_2": { - "action_id": { - "name": "action_name", - "description": "a description" - } - } -} - -action_assignment_mock = { - "action_id": { - "policy_id": "ID of the policy", - "action_id": "ID of the action", - "category_id": "ID of the category", - "assignments": [], - } -} - -models_mock = { - "model_id_1": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id1"] - }, - "model_id_2": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id2"] - }, -} - -rules_mock = { - "rules": { - "meta_rule_id": "meta_rule_id1", - "rule_id1": { - "rule": ["subject_data_id1", - "object_data_id1", - "action_data_id1"], - "instructions": ( - {"decision": "grant"}, - # "grant" to immediately exit, - # "continue" to wait for the result of next policy - # "deny" to deny the request - ) - }, - "rule_id2": { - "rule": ["subject_data_id2", - "object_data_id2", - "action_data_id2"], - "instructions": ( - { - "update": { - "operation": "add", - # operations may be "add" or "delete" - "target": "rbac:role:admin" - # add the role admin to the current user - } - }, - {"chain": {"name": "rbac"}} - # chain with the policy named rbac - ) - } - } -} - - -def register_cache(m): - """ Modify the response from Requests module - """ - register_pdp(m) - register_meta_rules(m) - register_policies(m) - register_models(m) - register_policy_subject(m, "policy_id_1") - register_policy_subject(m, "policy_id_2") - register_policy_object(m, "policy_id_1") - register_policy_object(m, "policy_id_2") - register_policy_action(m, "policy_id_1") - register_policy_action(m, "policy_id_2") - register_policy_subject_assignment(m, "policy_id_1", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_1") - register_policy_subject_assignment(m, "policy_id_2", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_2") - register_policy_object_assignment(m, "policy_id_1", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_1") - register_policy_object_assignment(m, "policy_id_2", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_2") - register_policy_action_assignment(m, "policy_id_1", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_1") - register_policy_action_assignment(m, "policy_id_2", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_2") - register_rules(m, "policy_id1") - - -def register_pdp(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'pdp'), - json={'pdps': pdp_mock} - ) - - -def register_meta_rules(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'meta_rules'), - json={'meta_rules': meta_rules_mock} - ) - - -def register_policies(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies'), - json={'policies': policies_mock} - ) - - -def register_models(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'models'), - json={'models': models_mock} - ) - - -def register_policy_subject(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subjects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'subjects': subject_mock[policy_id]} - ) - - -def register_policy_object(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/objects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'objects': object_mock[policy_id]} - ) - - -def register_policy_action(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/actions'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'actions': action_mock[policy_id]} - ) - - -def register_policy_subject_assignment(m, policy_id, subj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - subj_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_subject_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_object_assignment(m, policy_id, obj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - obj_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_object_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_action_assignment(m, policy_id, action_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - action_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_policy_action_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_rules(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, 'rules'), - json={'rules': rules_mock} - )
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_components.py b/python_moonutilities/tests/unit_python/mock_components.py deleted file mode 100644 index a0319e1a..00000000 --- a/python_moonutilities/tests/unit_python/mock_components.py +++ /dev/null @@ -1,27 +0,0 @@ -import utilities - -COMPONENTS = ( - "logging", - "openstack/keystone", - "database", - "slave", - "components/manager", - "components/orchestrator", - "components/interface", -) - - -def register_components(m): - for component in COMPONENTS: - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/{}'.format(component), - json=[{'Key': component, 'Value': utilities.get_b64_conf(component)}] - ) - - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/components?recurse=true', - json=[ - {"Key": key, "Value": utilities.get_b64_conf(key)} for key in COMPONENTS - ], - # json={'Key': "components", 'Value': get_b64_conf("components")} - )
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_keystone.py b/python_moonutilities/tests/unit_python/mock_keystone.py deleted file mode 100644 index c0b26b88..00000000 --- a/python_moonutilities/tests/unit_python/mock_keystone.py +++ /dev/null @@ -1,23 +0,0 @@ -def register_keystone(m): - m.register_uri( - 'POST', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'DELETE', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users/', - json={"users": [{ - "id": "1111111111111" - }]} - )
\ No newline at end of file diff --git a/python_moonutilities/tests/unit_python/mock_repo/__init__.py b/python_moonutilities/tests/unit_python/mock_repo/__init__.py new file mode 100644 index 00000000..60dfbc3b --- /dev/null +++ b/python_moonutilities/tests/unit_python/mock_repo/__init__.py @@ -0,0 +1,38 @@ +import mock_repo.urls as register_urls +import mock_repo.data as data_mock + + +def register_cache(m): + """ Modify the response from Requests module + """ + register_urls.register_components(m) + register_urls.register_keystone(m) + + register_urls.register_pdp(m) + register_urls.register_meta_rules(m) + register_urls.register_policies(m) + register_urls.register_models(m) + + register_urls.register_policy_subject(m, data_mock.shared_ids["policy"]["policy_id_1"]) + register_urls.register_policy_subject_invalid_response(m, data_mock.shared_ids["policy"]["policy_id_invalid_response"]) + register_urls.register_policy_object(m, data_mock.shared_ids["policy"]["policy_id_1"]) + register_urls.register_policy_action(m, data_mock.shared_ids["policy"]["policy_id_1"]) + + register_urls.register_policy_subject_assignment(m, data_mock.shared_ids["policy"]["policy_id_1"], data_mock.shared_ids["perimeter"]["perimeter_id_1"]) + + register_urls.register_policy_subject_assignment_list(m, data_mock.shared_ids["policy"]["policy_id_2"]) + + register_urls.register_policy_object_assignment(m, data_mock.shared_ids["policy"]["policy_id_1"], data_mock.shared_ids["perimeter"]["perimeter_id_2"]) + + register_urls.register_policy_object_assignment_list(m, data_mock.shared_ids["policy"]["policy_id_2"]) + + register_urls.register_policy_action_assignment(m, data_mock.shared_ids["policy"]["policy_id_1"], data_mock.shared_ids["perimeter"]["perimeter_id_3"]) + + register_urls.register_policy_action_assignment_list(m, data_mock.shared_ids["policy"]["policy_id_2"]) + # register_urls.register_pods(m) + + # register_urls.register_policy_action_assignment(m, "policy_id_2", "perimeter_id_2") + # register_urls.register_policy_action_assignment(m, "policy_id_2", "perimeter_id_2") + # register_urls.register_policy_action_assignment(m, "policy_id_2", "perimeter_id_2") + + register_urls.register_rules(m, "policy_id1") diff --git a/python_moonutilities/tests/unit_python/utilities.py b/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py index 1d79d890..1d79d890 100644 --- a/python_moonutilities/tests/unit_python/utilities.py +++ b/python_moonutilities/tests/unit_python/mock_repo/components_utilities.py diff --git a/python_moonutilities/tests/unit_python/mock_repo/data.py b/python_moonutilities/tests/unit_python/mock_repo/data.py new file mode 100644 index 00000000..736d4704 --- /dev/null +++ b/python_moonutilities/tests/unit_python/mock_repo/data.py @@ -0,0 +1,215 @@ +components = ( + "logging", + "openstack/keystone", + "database", + "slave", + "components/manager", + "components/orchestrator", + "components/interface", + "components/port_start" +) + +shared_ids = { + "policy": { + "policy_id_1": "policy_id_1", + "policy_id_2": "policy_id_2", + "policy_id_3": "policy_id_3", + "policy_id_invalid_response": "policy_id_invalid_response" + }, + "category": { + "category_id_1": "category_id_1", + "invalid_category_id_1": " invalid_category_id_1" + }, + "perimeter": { + "perimeter_id_1": "subject_id_1", + "perimeter_id_2": "object_id_1", + "perimeter_id_3": "action_id_1" + }, + "meta_rule": { + "meta_rule_id_1": "meta_rule_id_1", + "meta_rule_id_2": "meta_rule_id_2" + }, + "rule": { + "rule_id_1": "rule_id_2", + "rule_id_2": "rule_id_2" + }, + "model": { + "model_id_1": "model_id_1" + } +} + +pdp_mock = { + "pdp_id1": { + "name": "...", + "security_pipeline": ["policy_id_1", "policy_id_2"], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } +} + +meta_rules_mock = { + shared_ids["meta_rule"]["meta_rule_id_1"]: { + "name": "meta_rule1", + "algorithm": "name of the meta rule algorithm", + "subject_categories": ["subject_category_id1", + "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + }, + shared_ids["meta_rule"]["meta_rule_id_2"]: { + "name": "name of the meta rules2", + "algorithm": "name of the meta rule algorithm", + "subject_categories": ["subject_category_id1", + "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } +} + +policies_mock = { + shared_ids["policy"]["policy_id_1"]: { + "name": "test_policy1", + "model_id": shared_ids["model"]["model_id_1"], + "genre": "authz", + "description": "test", + } +} + +subject_mock = { + shared_ids["policy"]["policy_id_1"]: { + "subject_id": { + "name": "subject_name", + "keystone_id": "keystone_project_id1", + "description": "a description" + } + }, + shared_ids["policy"]["policy_id_invalid_response"]: { + "subject_id": { + "name": "subject_name", + "keystone_id": "keystone_project_id1", + "description": "a description" + } + } + +} + +subject_assignment_mock = { + "subject_id_1": { + "policy_id": shared_ids["policy"]["policy_id_1"], + "subject_id": "subject_id_1", + "category_id": shared_ids["category"]["category_id_1"], + "assignments": ["data_id_1, data_id_2"], + } +} + +object_mock = { + shared_ids["policy"]["policy_id_1"]: { + "object_id": { + "name": "object_name", + "description": "a description" + } + } +} + +object_assignment_mock = { + "object_id_1": { + "policy_id": shared_ids["policy"]["policy_id_1"], + "object_id": "object_id_1", + "category_id": shared_ids["category"]["category_id_1"], + "assignments": ["data_id_1, data_id_2"], + } +} + +action_mock = { + shared_ids["policy"]["policy_id_1"]: { + "action_id": { + "name": "action_name", + "description": "a description" + } + } +} + +action_assignment_mock = { + "action_id_1": { + "policy_id": shared_ids["policy"]["policy_id_1"], + "action_id": "action_id_1", + "category_id": shared_ids["category"]["category_id_1"], + "assignments": ["data_id_1, data_id_2"], + } +} + +models_mock = { + shared_ids["model"]["model_id_1"]: { + "name": "test_model", + "description": "test", + "meta_rules": [shared_ids["meta_rule"]["meta_rule_id_1"]] + } +} + +rules_mock = { + "rules": { + "meta_rule_id": shared_ids["meta_rule"]["meta_rule_id_1"], + shared_ids["rule"]["rule_id_1"]: { + "rule": ["subject_data_id1", + "object_data_id1", + "action_data_id1"], + "instructions": ( + {"decision": "grant"}, + # "grant" to immediately exit, + # "continue" to wait for the result of next policy + # "deny" to deny the request + ) + }, + shared_ids["rule"]["rule_id_2"]: { + "rule": ["subject_data_id2", + "object_data_id2", + "action_data_id2"], + "instructions": ( + { + "update": { + "operation": "add", + # operations may be "add" or "delete" + "target": "rbac:role:admin" + # add the role admin to the current user + } + }, + {"chain": {"name": "rbac"}} + # chain with the policy named rbac + ) + } + } +} + +# pods_mock = { +# # "name": "pod_id1", +# # "hostname": "pod_host", +# # "port": { +# # "PrivatePort": "8998", +# # "Type": "tcp", +# # "IP": "0.0.0.0", +# # "PublicPort": "8080" +# # }, +# # "keystone_project_id": "keystone_project_id1", +# # "pdp_id": "", +# # "meta_rule_id": "meta_rule_id1", +# # "container_name": "container_name1", +# # "plugin_name": "plugin_name1", +# # "container_id": "container_id" +# "pod_id1": { +# "name": "pod_id1", +# "hostname": "pod_host", +# "port": { +# "PrivatePort": "8998", +# "Type": "tcp", +# "IP": "0.0.0.0", +# "PublicPort": "8080" +# }, +# "keystone_project_id": [1], +# "pdp_id": "", +# "meta_rule_id": "meta_rule_id1", +# "container_name": "container_name1", +# "plugin_name": "plugin_name1", +# "container_id": "container_id" +# }, +# +# } diff --git a/python_moonutilities/tests/unit_python/mock_repo/urls.py b/python_moonutilities/tests/unit_python/mock_repo/urls.py new file mode 100644 index 00000000..a5b1e63b --- /dev/null +++ b/python_moonutilities/tests/unit_python/mock_repo/urls.py @@ -0,0 +1,147 @@ +import mock_repo.components_utilities as comp_util +import mock_repo.data as data_mock + + +def register_components(m): + for component in data_mock.components: + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/{}'.format(component), + json=[{'Key': component, 'Value': comp_util.get_b64_conf(component)}] + ) + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/components_port_start', + json=[{'Key': 'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")}] + ) + m.register_uri( + 'PUT', 'http://consul:8500/v1/kv/components_port_start', + json=[] + ) + + m.register_uri( + 'GET', 'http://consul:8500/v1/kv/components?recurse=true', + json=[ + {"Key": key, "Value": comp_util.get_b64_conf(key)} for key in data_mock.components + ], + # json={'Key': "components", 'Value': get_b64_comp_util.CONF("components")} + ) + + +def register_keystone(m): + m.register_uri( + 'POST', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'DELETE', 'http://keystone:5000/v3/auth/tokens', + headers={'X-Subject-Token': "111111111"} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', + json={"users": {}} + ) + m.register_uri( + 'POST', 'http://keystone:5000/v3/users/', + json={"users": [{ + "id": "1111111111111" + }]} + ) + +def register_model_any(m, module_name, mocked_data, key=None): + if key is None: + key = module_name + m.register_uri( + 'GET', 'http://{}:{}/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], module_name), + + json={key: mocked_data} + ) + +def register_policy_any(m, policy_id, module_name, mocked_data, key=None): + if key is None: + key = module_name + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], 'policies', + policy_id, module_name), + json={key: mocked_data} + ) + +def register_pdp(m): + register_model_any(m, 'pdp', data_mock.pdp_mock,'pdps') + +def register_meta_rules(m): + register_model_any(m, 'meta_rules',data_mock.meta_rules_mock) + +def register_policies(m): + register_model_any(m, 'policies', data_mock.policies_mock) + + +def register_models(m): + register_model_any(m, 'models', data_mock.models_mock) + +def register_policy_subject(m, policy_id): + register_policy_any(m, policy_id, 'subjects', data_mock.subject_mock[policy_id]) + + +def register_policy_subject_invalid_response(m, policy_id): + register_policy_any(m, policy_id, 'subjects', data_mock.subject_mock[policy_id],'subjects_invalid_key') + +def register_policy_object(m, policy_id): + register_policy_any(m, policy_id, 'objects', data_mock.object_mock[policy_id]) + +def register_policy_action(m, policy_id): + register_policy_any(m, policy_id, 'actions', data_mock.action_mock[policy_id]) + +def register_policy_subject_assignment_list(m, policy_id): + register_policy_any(m, policy_id, 'subject_assignments', data_mock.subject_assignment_mock) + +def register_policy_object_assignment_list(m, policy_id): + register_policy_any(m, policy_id, 'object_assignments', data_mock.object_assignment_mock) + + +def register_policy_action_assignment_list(m, policy_id): + register_policy_any(m, policy_id, 'action_assignments', data_mock.action_assignment_mock) + +def register_policy_subject_assignment(m, policy_id, perimeter_id): + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], + 'policies', + policy_id, + perimeter_id), + json={'subject_assignments': data_mock.subject_assignment_mock} + ) + +def register_policy_object_assignment(m, policy_id, perimeter_id): + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], + 'policies', + policy_id, + perimeter_id), + json={'object_assignments': data_mock.object_assignment_mock} + ) + +def register_policy_action_assignment(m, policy_id, perimeter_id): + m.register_uri( + 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(comp_util.CONF['components']['manager']['hostname'], + comp_util.CONF['components']['manager']['port'], + 'policies', + policy_id, + perimeter_id), + json={'action_assignments': data_mock.action_assignment_mock} + ) + +def register_rules(m, policy_id): + register_policy_any(m, policy_id, 'rules', data_mock.rules_mock) + +# def register_pods(m): +# m.register_uri( +# 'GET', 'http://{}:{}/pods'.format(comp_util.CONF['components']['orchestrator']['hostname'], +# comp_util.CONF['components']['orchestrator']['port']), +# json={'pods': data_mock.pods_mock} +# ) diff --git a/python_moonutilities/tests/unit_python/test_cache.py b/python_moonutilities/tests/unit_python/test_cache.py index c479395b..db1e3ae7 100644 --- a/python_moonutilities/tests/unit_python/test_cache.py +++ b/python_moonutilities/tests/unit_python/test_cache.py @@ -1,4 +1,5 @@ import pytest +import mock_repo.data as data_mock def test_authz_request(): @@ -7,63 +8,219 @@ def test_authz_request(): assert isinstance(c.authz_requests, dict) +# tests for get (subject, object, action) in cache +# ================================================ def test_get_subject_success(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'subject_name' - subject_id = cache_obj.get_subject(policy_id, name) + subject_id = cache_obj.get_subject(data_mock.shared_ids["policy"]["policy_id_1"], name) assert subject_id is not None -def test_get_subject_failure(): +def test_get_subject_not_found(): from python_moonutilities import cache - cache_obj = cache.Cache() - policy_id = 'policy_id_1' + cache_obj2 = cache.Cache() name = 'invalid name' with pytest.raises(Exception) as exception_info: - cache_obj.get_subject(policy_id, name) + cache_obj2.get_subject(data_mock.shared_ids["policy"]["policy_id_1"], name) assert str(exception_info.value) == '400: Subject Unknown' +# [TODO] this test used to test the invalid response +# it should be un commented and run after refactoring the related part +def test_get_subject_invalid_response(): + from python_moonutilities import cache + cache_obj2 = cache.Cache() + # policy_id = 'policy_id_invalid_response' + name = 'invalid name' + + +# with pytest.raises(Exception) as exception_info: +# cache_obj2.get_subject(data_mock.shared_ids["policy"]["policy_id_invalid_response"], name) +# assert str(exception_info.value) == '400: Subject Unknown' + + def test_get_object_success(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'object_name' - object_id = cache_obj.get_object(policy_id, name) + object_id = cache_obj.get_object(data_mock.shared_ids["policy"]["policy_id_1"], name) assert object_id is not None def test_get_object_failure(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'invalid name' with pytest.raises(Exception) as exception_info: - cache_obj.get_object(policy_id, name) + cache_obj.get_object(data_mock.shared_ids["policy"]["policy_id_1"], name) assert str(exception_info.value) == '400: Subject Unknown' def test_get_action_success(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'action_name' - action_id = cache_obj.get_action(policy_id, name) + action_id = cache_obj.get_action(data_mock.shared_ids["policy"]["policy_id_1"], name) assert action_id is not None def test_get_action_failure(): from python_moonutilities import cache cache_obj = cache.Cache() - policy_id = 'policy_id_1' name = 'invalid name' with pytest.raises(Exception) as exception_info: - cache_obj.get_action(policy_id, name) + cache_obj.get_action(data_mock.shared_ids["policy"]["policy_id_1"], name) assert str(exception_info.value) == '400: Subject Unknown' +# ==================================================================================================== + +# tests for get (subject_assignment, object_assignment, action_assignment) in cache +# ================================================================================= + +def test_get_subject_assignment_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + subject_assignments = cache_obj.get_subject_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["category_id_1"]) + assert subject_assignments is not None + + +def test_get_subject_assignment_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + subject_assignments = cache_obj.get_subject_assignments(data_mock.shared_ids["policy"]["policy_id_2"], + '', + data_mock.shared_ids["category"]["category_id_1"]) + assert len(subject_assignments) == 0 + + +def test_get_subject_assignment_invalid_category_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + subject_assignments = cache_obj.get_subject_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["invalid_category_id_1"]) + assert len(subject_assignments) == 0 + + +def test_get_object_assignment_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + object_assignments = cache_obj.get_object_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_2"], + data_mock.shared_ids["category"]["category_id_1"]) + assert object_assignments is not None + + +def test_get_object_assignment_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + object_assignments = cache_obj.get_object_assignments(data_mock.shared_ids["policy"]["policy_id_2"], + '', + data_mock.shared_ids["category"]["category_id_1"]) + assert len(object_assignments) == 0 + + +def test_get_object_assignment_invalid_category_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + object_assignments = cache_obj.get_object_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["invalid_category_id_1"]) + assert len(object_assignments) == 0 + + +def test_get_action_assignment_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + action_assignments = cache_obj.get_action_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_3"], + data_mock.shared_ids["category"]["category_id_1"]) + assert action_assignments is not None + + +def test_get_action_assignment_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + action_assignments = cache_obj.get_action_assignments(data_mock.shared_ids["policy"]["policy_id_2"], + '', + data_mock.shared_ids["category"]["category_id_1"]) + assert len(action_assignments) == 0 + + +def test_get_action_assignment_invalid_category_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + action_assignments = cache_obj.get_action_assignments(data_mock.shared_ids["policy"]["policy_id_1"], + data_mock.shared_ids["perimeter"]["perimeter_id_1"], + data_mock.shared_ids["category"]["invalid_category_id_1"]) + assert len(action_assignments) == 0 + + +# ==================================================================================================== + +# tests for helper function in cache +# ================================== +def test_get_policy_from_meta_rules_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + policy_id = cache_obj.get_policy_from_meta_rules(data_mock.shared_ids["meta_rule"]["meta_rule_id_1"]) + assert policy_id is not None + + +# def test_get_policy_from_meta_rules_failure(): +# from python_moonutilities import cache +# cache_obj = cache.Cache() +# meta_rule_id = 'meta_rule_id3' +# policy_id = cache_obj.get_policy_from_meta_rules(meta_rule_id) +# assert policy_id is None + + +def test_get_pdp_from_keystone_project_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + keystone_project_id = 'keystone_project_id1' + pdp_key = cache_obj.get_pdp_from_keystone_project(keystone_project_id) + assert pdp_key is not None + + +def test_get_pdp_from_keystone_project_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + keystone_project_id = 'keystone_project_id2' + pdp_key = cache_obj.get_pdp_from_keystone_project(keystone_project_id) + assert pdp_key is None + + +def test_get_keystone_project_id_from_policy_id_success(): + from python_moonutilities import cache + cache_obj = cache.Cache() + keystone_project_id = cache_obj.get_keystone_project_id_from_policy_id( + data_mock.shared_ids["policy"]["policy_id_1"]) + assert keystone_project_id is not None + + +def test_get_keystone_project_id_from_policy_id_failure(): + from python_moonutilities import cache + cache_obj = cache.Cache() + policy_id = 'policy_id_3' + keystone_project_id = cache_obj.get_keystone_project_id_from_policy_id(policy_id) + assert keystone_project_id is None + + +# def test_get_containers_from_keystone_project_id_success(): +# from python_moonutilities import cache +# cache_obj = cache.Cache() +# keystone_project_id = 1 +# meta_rule_id = 'meta_rule_id1' +# container_id, container_value = cache_obj.get_containers_from_keystone_project_id(keystone_project_id, meta_rule_id) +# assert container_id, container_value is not None + + def test_cache_manager(): from python_moonutilities import cache cache_obj = cache.Cache() @@ -71,5 +228,5 @@ def test_cache_manager(): assert cache_obj.meta_rules is not None assert len(cache_obj.meta_rules) == 2 assert cache_obj.policies is not None - assert len(cache_obj.policies) == 2 - assert cache_obj.models is not None
\ No newline at end of file + assert len(cache_obj.policies) == 1 + assert cache_obj.models is not None diff --git a/python_moonutilities/tests/unit_python/test_configuration.py b/python_moonutilities/tests/unit_python/test_configuration.py index 48699062..10618f1c 100644 --- a/python_moonutilities/tests/unit_python/test_configuration.py +++ b/python_moonutilities/tests/unit_python/test_configuration.py @@ -1,5 +1,57 @@ +import mock_repo.components_utilities as comp_util +import pytest +import requests_mock -def test_get_components(): + +def test_get_configuration_success(): + from python_moonutilities import configuration + assert configuration.get_configuration("components/port_start")["components/port_start"] == comp_util.CONF["components"]["port_start"] + + +@requests_mock.Mocker(kw='mock') +def test_get_configuration_not_found(**kwargs): from python_moonutilities import configuration - assert isinstance(configuration.get_components(), dict) + kwargs['mock'].get('http://consul:8500/v1/kv/components/port_start_wrong', json=[ + ], status_code=500) + with pytest.raises(Exception) as exception_info: + configuration.get_configuration("components/port_start_wrong") + assert str(exception_info.value) == '500: Consul error' + + +# [TODO] this test used to test the invalid response +# it should be un commented and run after refactoring the related part +@requests_mock.Mocker(kw='mock') +def test_get_configuration_invalid_response(**kwargs): + from python_moonutilities import configuration + + kwargs['mock'].get('http://consul:8500/v1/kv/components_port_start', json=[ + {"components_port_start":'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")} + ]) + # with pytest.raises(Exception) as exception_info: + # configuration.get_configuration("components_port_start") + # assert str(exception_info.value) == '500: Consul error' + + +@requests_mock.Mocker(kw='mock') +def test_put_increment_port_failure(**kwargs): + from python_moonutilities import configuration + kwargs['mock'].put('http://consul:8500/v1/kv/components_port_start', json=[], status_code=400) + kwargs['mock'].get('http://consul:8500/v1/kv/components_port_start', json=[ + {'Key': 'components_port_start', 'Value': comp_util.get_b64_conf("components/port_start")} + ], status_code=200) + with pytest.raises(Exception) as exception_info: + configuration.increment_port() + assert str(exception_info.value) == '400: Consul error' + + +def test_increment_port_success(): + from python_moonutilities import configuration + cur_port = comp_util.CONF["components"]["port_start"] + incremented_port = configuration.increment_port() + assert incremented_port == cur_port + 1 + + +def test_get_components(): + from python_moonutilities import configuration + assert isinstance(configuration.get_components(), dict)
\ No newline at end of file |