aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/README.md77
-rw-r--r--tests/functional/scenario_tests/mls.py59
-rw-r--r--tests/functional/scenario_tests/rbac.py61
-rw-r--r--tests/performance/README.md121
4 files changed, 263 insertions, 55 deletions
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 00000000..c1437a2d
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,77 @@
+# Moon Tests
+## Functional Tests
+### Test Platform Setup
+#### Docker Installation
+```bash
+apt update
+apt install -y docker.io
+```
+
+#### Kubeadm Installation
+see: https://kubernetes.io/docs/setup/independent/install-kubeadm/
+```bash
+apt-get update && apt-get install -y apt-transport-https
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+apt-get update
+apt-get install -y kubelet kubeadm kubectl
+```
+
+#### K8S Initialisation
+```bash
+cd $MOON_HOME
+bash tools/moon_kubernetes/init_k8s.sh
+```
+
+Wait until all the kubeadm containers are in the `running` state:
+```bash
+watch kubectl get po --namespace=kube-system
+```
+
+You must see something like this:
+
+ $ kubectl get po --namespace=kube-system
+ NAME READY STATUS RESTARTS AGE
+ calico-etcd-7qgjb 1/1 Running 0 1h
+ calico-node-f8zvm 2/2 Running 1 1h
+ calico-policy-controller-59fc4f7888-ns9kv 1/1 Running 0 1h
+ etcd-varuna 1/1 Running 0 1h
+ kube-apiserver-varuna 1/1 Running 0 1h
+ kube-controller-manager-varuna 1/1 Running 0 1h
+ kube-dns-bfbb49cd7-rgqxn 3/3 Running 0 1h
+ kube-proxy-x88wg 1/1 Running 0 1h
+ kube-scheduler-varuna 1/1 Running 0 1h
+
+
+#### Deploy Moon
+```bash
+cd $MOON_HOME
+sudo bash tools/moon_kubernetes/start_moon.sh
+```
+
+Wait until all the Moon containers are in the `running` state:
+```bash
+watch kubectl get po --namespace=moon
+```
+
+You must see something like this:
+
+ $ kubectl get po --namespace=moon
+ NAME READY STATUS RESTARTS AGE
+ consul-57b6d66975-9qnfx 1/1 Running 0 52m
+ db-867f9c6666-bq8cf 1/1 Running 0 52m
+ gui-bc9878b58-q288x 1/1 Running 0 51m
+ keystone-7d9cdbb69f-bl6ln 1/1 Running 0 52m
+ manager-5bfbb96988-2nvhd 1/1 Running 0 51m
+ manager-5bfbb96988-fg8vj 1/1 Running 0 51m
+ manager-5bfbb96988-w9wnk 1/1 Running 0 51m
+ orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m
+ wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m
+
+### Launch Functional for Target Module
+```bash
+cd $MOON_HOME
+sudo bash $TARGET_MODULE/tests/functional_pod/run_functional_tests.sh
+```
diff --git a/tests/functional/scenario_tests/mls.py b/tests/functional/scenario_tests/mls.py
new file mode 100644
index 00000000..0e6285c9
--- /dev/null
+++ b/tests/functional/scenario_tests/mls.py
@@ -0,0 +1,59 @@
+
+pdp_name = "pdp_mls"
+policy_name = "MLS Policy example"
+model_name = "MLS"
+policy_genre = "authz"
+
+subjects = {"adminuser": "", "user1": "", "user2": "", }
+objects = {"vm0": "", "vm1": "", }
+actions = {"start": "", "stop": ""}
+
+subject_categories = {"subject-security-level": "", }
+object_categories = {"object-security-level": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {
+ "subject-security-level": {"low": "", "medium": "", "high": ""},
+}
+object_data = {
+ "object-security-level": {"low": "", "medium": "", "high": ""},
+}
+action_data = {"action-type": {"vm-action": "", "storage-action": "", }}
+
+subject_assignments = {
+ "adminuser": {"subject-security-level": "high"},
+ "user1": {"subject-security-level": "medium"},
+}
+object_assignments = {
+ "vm0": {"object-security-level": "medium"},
+ "vm1": {"object-security-level": "low"},
+}
+action_assignments = {
+ "start": {"action-type": "vm-action"},
+ "stop": {"action-type": "vm-action"}
+}
+
+meta_rule = {
+ "mls": {
+ "id": "",
+ "value": ("subject-security-level",
+ "object-security-level",
+ "action-type")},
+}
+
+rules = {
+ "mls": (
+ {
+ "rule": ("high", "medium", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ {
+ "rule": ("high", "low", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ {
+ "rule": ("medium", "low", "vm-action"),
+ "instructions": ({"decision": "grant"})
+ },
+ )
+}
diff --git a/tests/functional/scenario_tests/rbac.py b/tests/functional/scenario_tests/rbac.py
new file mode 100644
index 00000000..1d2cabee
--- /dev/null
+++ b/tests/functional/scenario_tests/rbac.py
@@ -0,0 +1,61 @@
+
+pdp_name = "pdp_rbac1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {"adminuser": "", "user1": "", }
+objects = {"vm0": "", "vm1": "", }
+actions = {"start": "", "stop": ""}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {"admin": "", "employee": "", "*": ""}}
+object_data = {"id": {"vm0": "", "vm1": "", "*": ""}}
+action_data = {"action-type": {"vm-action": "", "*": ""}}
+
+subject_assignments = {
+ "adminuser":
+ ({"role": "admin"}, {"role": "employee"}, {"role": "*"}),
+ "user1":
+ ({"role": "employee"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0":
+ ({"id": "vm0"}, {"id": "*"}),
+ "vm1":
+ ({"id": "vm1"}, {"id": "*"})
+}
+action_assignments = {
+ "start":
+ ({"action-type": "vm-action"}, {"action-type": "*"}),
+ "stop":
+ ({"action-type": "vm-action"}, {"action-type": "*"})
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-action"),
+ "instructions": (
+ {"decision": "grant"},
+ # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ )
+ },
+ {
+ "rule": ("employee", "vm1", "vm-action"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
diff --git a/tests/performance/README.md b/tests/performance/README.md
index 52613d2c..fcb80589 100644
--- a/tests/performance/README.md
+++ b/tests/performance/README.md
@@ -1,69 +1,80 @@
-# Moon Yardstick and Bottlenecks Performance Tests
+# Moon Yardstick/Bottlenecks Performance Tests
The main objective of this document is to describe the performance tests for the Moon project/module.
-Moon is a security managment platform which provides a set of security functions to project the underlying OPNFV infrastructure and/or VNFs.
-Moon is consisted of 2 parts: a master and a set of slaves. The master holds all security-related information and each slave only fetches and holds
-related informations for its local usage from master.
+Moon is a security management platform which provides a set of security functions to project the underlying OPNFV infrastructure and/or VNFs.
+It is consisted of 2 parts: a master and a set of slaves. The master holds all security-related information and each slave only fetches and holds
+related information for its local usage from master.
-## Moon Master Performance Tests
-In this test, we should:
+## Master Performance Tests
+### Pre-requisite
- setup a Moon master service on a physical server
-- create a tenant/scope through the Moon master service
-- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant
+- create a project in OpenStack/Keystone
+- create a MSL PDP with a model of 4 subject security levels and 4 object security levels, the MLS policy will be defined later
-- increase N to find the limit of the security policy (implemented in format of a Docker)
- - create N users and N resources (VMs in our case) in this tenant
- - simulate 2 operation requests per user per second to Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, determine the capacity limit for one Docker
+### Policy Size Test
+Increase the number of users and resources N to find the limit of the security policy
+- create N users and N resources (VMs in our case) in this MLS security policy
+- sends 5 authz requests/second
+- gather performance metrics like CPU, memory, network usages
+Through the iteration, determine the maximal number of N to support 5 requests/second
-- setup 20 user and 20 resources (VMs in our case) for one tenant
- - increase the number of tenants to test the maximal number of tenants on the server
+### PDP Number Test
+- setup 20 user and 20 resources (VMs in our case) for each MLS PDP
+- sends 5 authz requests/second for each MLS PDP
+- increase the number of PDP to test the maximal number of PDP on the master
-- setup 5 tenants of N users and N resources (VMs in our case) in each tenant
- - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server
+### Policy Size Test for 5 PDPs
+- setup 5 PDPs of N users and N resources (VMs in our case)
+- sends 5 authz requests/second for each MLS PDP
+- gather performance metrics like CPU, memory, network usages
+Through the iteration, determine the maximal user/resource number of these 5 PDPs
-- setup 10 tenants of N users and N resources (VMs in our case) in each tenant
- - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server
+### Policy Size Test for 10 PDPs
+- setup 10 PDPs of N users and N resources (VMs in our case)
+- sends 5 authz requests/second for each MLS PDP
+- gather performance metrics like CPU, memory, network usages
+Through the iteration, determine the maximal user/resource number of these 10 PDPs
-- setup 20 tenants of N users and N resources (VMs in our case) in each tenant
- - increase N by simulating 2 operation requests per user per second to the Moon's authorization endpoint
- - gather performance metrics like CPU, memory, network usages
- - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server
-
-## Moon Slave Performace Tests
-In this test, we should:
-- setup a Moon master service on a physical server
-- setup a Moon slave service on a physical server
-- create a tenant/scope through the Moon master service
-- create a MSL security policy with 4 subject security levels and 4 object security levels for this tenant through the Moon master service
+### Policy Size Test for 20 PDPs
+- setup 20 PDPs of N users and N resources (VMs in our case)
+- sends 5 authz requests/second for each MLS PDP
+- gather performance metrics like CPU, memory, network usages
+Through the iteration, determine the maximal user/resource number of these 20 PDPs
-- increase N to find the limit of the security policy (implemented in format of a Docker)
- - create N users and N resources (VMs in our case) in this tenant
- - simulate 2 operation requests per user per second to Moon slave's authorizatoin endpoint
- - gather performance metrics like CPU, memory, network usages of Moon slave
- - throught the iteration, dermine the capacity limit for one Docker of Moon slave
-
-- setup 20 user and 20 resources (VMs in our case) for one tenant through the Moon slave service
- - increate the number of tenants to test the maximal number of tenants on the server of the Moon slave
-
-- setup 5 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service
- - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint
- - gather performance metrics like CPU, memory, network usages of both Moon master and Moon slave
- - throught the iteration, dermine the maximal user/resource number of these 5 tenants/Dockers on the server of Moon slave
-- setup 10 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service
- - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint
- - gather performance metrics like CPU, memory, network usages of both Moon master and slave
- - throught the iteration, dermine the maximal user/resource number of these 10 tenants/Dockers on the server of the Moon slave
+## Master-Slave Performance Tests
+### Pre-requisite
+- setup a Moon master on a physical server
+- setup a Moon slave on a physical server
+- create a project in OpenStack/Keystone
+- create a MSL PDP with a model of 4 subject security levels and 4 object security levels, the MLS policy will be defined later on the master
+
+### Slave Policy Size Test
+Increase the number of users and resources N to find the limit of the security policy
+- create N users and N resources (VMs in our case) in this MLS security policy on the master
+- sends 5 authz requests/second to the slave
+- gather performance metrics like CPU, memory, network usages of the slave
+Through the iteration, determine the maximal number of N to support 5 requests/second of the slave
+
+### Slave PDP Number Test
+- setup 20 user and 20 resources (VMs in our case) for each MLS PDP on the master
+- sends 5 authz requests/second for each MLS PDP to the slave
+Through the iteration, determine the maximal number of PDP to support 5 requests/second of the slave
-- setup 20 tenants of N users and N resources (VMs in our case) in each tenant through the Moon master service
- - increate N by simulating 2 operation requests per user per second to the Moon slave's authorization endpoint
- - gather performance metrics like CPU, memory, network usages of both Moon master and slave
- - throught the iteration, dermine the maximal user/resource number of these 20 tenants/Dockers on the server of the Moon slave
+### Slave Policy Size Test for 5 PDPs
+- setup 5 PDPs of N users and N resources (VMs in our case) on the master
+- sends 5 authz requests/second for each MLS PDP to the slave
+- gather performance metrics like CPU, memory, network usages of the slave
+Through the iteration, determine the maximal user/resource number of these 5 PDPs
+### Slave Policy Size Test for 10 PDPs
+- setup 10 PDPs of N users and N resources (VMs in our case) on the master
+- sends 5 authz requests/second for each MLS PDP to the slave
+- gather performance metrics like CPU, memory, network usages of the slave
+Through the iteration, determine the maximal user/resource number of these 10 PDPs
+### Slave Policy Size Test for 20 PDPs
+- setup 20 PDPs of N users and N resources (VMs in our case) on the master
+- sends 5 authz requests/second for each MLS PDP to the slave
+- gather performance metrics like CPU, memory, network usages of the slave
+Through the iteration, determine the maximal user/resource number of these 20 PDPs