From 5183b1914430ad43653e6d390da83f0f96682295 Mon Sep 17 00:00:00 2001
From: "francois.cellier" <francois.cellier@orange.com>
Date: Fri, 9 Mar 2018 15:26:38 +0100
Subject: allow to have several policies in perimeter data json definition
Change-Id: Id422a545e2495b3acc3fc6e71496e76dfc2cbd90
---
moon_manager/moon_manager/__init__.py | 2 +-
moon_manager/moon_manager/api/json_import.py | 11 +++----
moon_manager/tests/functional_pod/json/mls.json | 16 +++++-----
moon_manager/tests/functional_pod/json/rbac.json | 16 +++++-----
moon_manager/tests/unit_python/api/test_export.py | 18 ++++++------
moon_manager/tests/unit_python/api/test_import.py | 36 +++++++++++------------
6 files changed, 50 insertions(+), 49 deletions(-)
diff --git a/moon_manager/moon_manager/__init__.py b/moon_manager/moon_manager/__init__.py
index af7fced5..98a98146 100644
--- a/moon_manager/moon_manager/__init__.py
+++ b/moon_manager/moon_manager/__init__.py
@@ -3,4 +3,4 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "4.5.0"
+__version__ = "4.5.1"
diff --git a/moon_manager/moon_manager/api/json_import.py b/moon_manager/moon_manager/api/json_import.py
index a048baee..58ee526b 100644
--- a/moon_manager/moon_manager/api/json_import.py
+++ b/moon_manager/moon_manager/api/json_import.py
@@ -188,19 +188,20 @@ class JsonImport(Resource):
JsonUtils.copy_field_if_exists(json_item_data, json_to_use, "description", str)
json_policy = dict()
# field_mandatory : not mandatory if there is some mandatory policies
- JsonUtils.convert_name_to_id(json_item_data, json_policy, "policy", "policy_id", "policy",
+ JsonUtils.convert_names_to_ids(json_item_data, json_policy, "policies", "policy_id", "policy",
PolicyManager, self._user_id, field_mandatory=len(mandatory_policy_ids) == 0)
logger.info("json_policy {}".format(json_policy))
json_category = dict()
JsonUtils.convert_name_to_id(json_item_data, json_category, "category", "category_id", type_element+"_category",
ModelManager, self._user_id)
logger.info("json_category {}".format(json_category))
- policy_id = None
+ policy_ids = []
if "policy_id" in json_policy:
- policy_id = json_policy["policy_id"]
+ policy_ids = json_policy["policy_id"]
- if policy_id is not None and policy_id not in mandatory_policy_ids:
- mandatory_policy_ids.append(policy_id)
+ for policy_id in policy_ids:
+ if policy_id is not None and policy_id not in mandatory_policy_ids:
+ mandatory_policy_ids.append(policy_id)
if len(mandatory_policy_ids) == 0:
raise InvalidJson("Invalid data, the policy shall be set when importing {}".format(json_item_data))
diff --git a/moon_manager/tests/functional_pod/json/mls.json b/moon_manager/tests/functional_pod/json/mls.json
index d2a5c67c..01ef6deb 100644
--- a/moon_manager/tests/functional_pod/json/mls.json
+++ b/moon_manager/tests/functional_pod/json/mls.json
@@ -15,9 +15,9 @@
"subject_categories": [{ "name":"subject-security-level", "description": "" }],
- "subject_data": [{ "name":"low", "description": "", "policy": {"name" :"MLS policy example"}, "category": {"name": "subject-security-level"}},
- { "name":"medium", "description": "", "policy": {"name" :"MLS policy example"}, "category": {"name": "subject-security-level"}},
- { "name":"high", "description": "", "policy": {"name" :"MLS policy example"}, "category": {"name": "subject-security-level"}}],
+ "subject_data": [{ "name":"low", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}},
+ { "name":"medium", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}},
+ { "name":"high", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "subject-security-level"}}],
"subject_assignments":[{ "subject" : {"name": "adminuser"}, "category" : {"name": "subject-security-level"}, "assignments": [{"name" : "high"}]},
{ "subject" : {"name": "user1"}, "category" : {"name": "subject-security-level"}, "assignments": [{"name" : "medium"}] }],
@@ -32,9 +32,9 @@
"object_categories": [{"name":"object-security-level", "description": ""}],
- "object_data": [{ "name":"low", "description": "", "policy": {"name" :"MLS policy example"}, "category": {"name": "object-security-level"}},
- { "name":"medium", "description": "", "policy": {"name" :"MLS policy example"}, "category": {"name": "object-security-level"}},
- { "name":"high", "description": "", "policy": {"name" :"MLS policy example"}, "category": {"name": "object-security-level"}}],
+ "object_data": [{ "name":"low", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}},
+ { "name":"medium", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}},
+ { "name":"high", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "object-security-level"}}],
"object_assignments":[{ "object" : {"name": "vm0"}, "category" : {"name": "object-security-level"}, "assignments": [{"name" : "medium"}]},
{ "object" : {"name": "vm1"}, "category" : {"name": "object-security-level"}, "assignments": [{"name" : "low"}]}],
@@ -49,8 +49,8 @@
"action_categories": [{"name":"action-type", "description": ""}],
- "action_data": [{"name":"vm-action", "description": "", "policy": {"name": "MLS policy example"}, "category": {"name": "action-type"}},
- {"name":"storage-action", "description": "", "policy": {"name" :"MLS policy example"}, "category": {"name": "action-type"}}],
+ "action_data": [{"name":"vm-action", "description": "", "policies": [{"name": "MLS policy example"}], "category": {"name": "action-type"}},
+ {"name":"storage-action", "description": "", "policies": [{"name" :"MLS policy example"}], "category": {"name": "action-type"}}],
"action_assignments":[{ "action" : {"name": "start"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}]},
{ "action" : {"name": "stop"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}]}],
diff --git a/moon_manager/tests/functional_pod/json/rbac.json b/moon_manager/tests/functional_pod/json/rbac.json
index eddbb654..a75f291b 100644
--- a/moon_manager/tests/functional_pod/json/rbac.json
+++ b/moon_manager/tests/functional_pod/json/rbac.json
@@ -15,9 +15,9 @@
"subject_categories": [{ "name":"role", "description": "" }],
- "subject_data": [{ "name":"admin", "description": "", "policy": {"name" :"RBAC policy example"}, "category": {"name": "role"}},
- { "name":"employee", "description": "", "policy": {"name" :"RBAC policy example"}, "category": {"name": "role"}},
- { "name":"*", "description": "", "policy": {"name" :"RBAC policy example"}, "category": {"name": "role"}}],
+ "subject_data": [{ "name":"admin", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "role"}},
+ { "name":"employee", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "role"}},
+ { "name":"*", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "role"}}],
"subject_assignments":[{ "subject" : {"name": "adminuser"}, "category" : {"name": "role"}, "assignments": [{"name" : "admin"}, {"name" : "employee"}, {"name" : "*"}]},
{ "subject" : {"name": "user1"}, "category" : {"name": "role"}, "assignments": [{"name" : "employee"}, {"name" : "*"}] }],
@@ -32,9 +32,9 @@
"object_categories": [{"name":"id", "description": ""}],
- "object_data": [{ "name":"vm0", "description": "", "policy": {"name" :"RBAC policy example"}, "category": {"name": "id"}},
- { "name":"vm1", "description": "", "policy": {"name" :"RBAC policy example"}, "category": {"name": "id"}},
- { "name":"*", "description": "", "policy": {"name" :"RBAC policy example"}, "category": {"name": "id"}}],
+ "object_data": [{ "name":"vm0", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "id"}},
+ { "name":"vm1", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "id"}},
+ { "name":"*", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "id"}}],
"object_assignments":[{ "object" : {"name": "vm0"}, "category" : {"name": "id"}, "assignments": [{"name" : "vm0"}, {"name" : "*"}]},
{ "object" : {"name": "vm1"}, "category" : {"name": "id"}, "assignments": [{"name" : "vm1"}, {"name" : "*"}]}],
@@ -49,8 +49,8 @@
"action_categories": [{"name":"action-type", "description": ""}],
- "action_data": [{"name":"vm-action", "description": "", "policy": {"name": "RBAC policy example"}, "category": {"name": "action-type"}},
- {"name":"*", "description": "", "policy": {"name" :"RBAC policy example"}, "category": {"name": "action-type"}}],
+ "action_data": [{"name":"vm-action", "description": "", "policies": [{"name": "RBAC policy example"}], "category": {"name": "action-type"}},
+ {"name":"*", "description": "", "policies": [{"name" :"RBAC policy example"}], "category": {"name": "action-type"}}],
"action_assignments":[{ "action" : {"name": "start"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}, {"name" : "*"}]},
{ "action" : {"name": "stop"}, "category" : {"name": "action-type"}, "assignments": [{"name" : "vm-action"}, {"name" : "*"}]}],
diff --git a/moon_manager/tests/unit_python/api/test_export.py b/moon_manager/tests/unit_python/api/test_export.py
index 25097180..0b9cd6a7 100644
--- a/moon_manager/tests/unit_python/api/test_export.py
+++ b/moon_manager/tests/unit_python/api/test_export.py
@@ -24,9 +24,9 @@ SUBJECT_OBJECT_ACTION_DATA = {"models": [{"name": "test model", "description": "
"subject_categories": [{"name": "test subject categories", "description": "subject category description"}],
"object_categories": [{"name": "test object categories", "description": "object category description"}],
"action_categories": [{"name": "test action categories", "description": "action category description"}],
- "subject_data": [{"name": "test subject data", "description": "subject data description", "policy": {"name": "test policy"}, "category": {"name": "test subject categories"}}],
- "object_data": [{"name": "test object data", "description": "object data description", "policy": {"name": "test policy"}, "category": {"name": "test object categories"}}],
- "action_data": [{"name": "test action data", "description": "action data description", "policy": {"name": "test policy"}, "category": {"name": "test action categories"}}],
+ "subject_data": [{"name": "test subject data", "description": "subject data description", "policies": [{"name": "test policy"}], "category": {"name": "test subject categories"}}],
+ "object_data": [{"name": "test object data", "description": "object data description", "policies": [{"name": "test policy"}], "category": {"name": "test object categories"}}],
+ "action_data": [{"name": "test action data", "description": "action data description", "policies": [{"name": "test policy"}], "category": {"name": "test action categories"}}],
"meta_rules": [{"name": "meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]}]}
@@ -41,9 +41,9 @@ ASSIGNMENTS = {"models": [{"name": "test model", "description": "", "meta_rules"
"subject_categories": [{"name": "test subject categories", "description": "subject category description"}],
"object_categories": [{"name": "test object categories", "description": "object category description"}],
"action_categories": [{"name": "test action categories", "description": "action category description"}],
- "subject_data": [{"name": "test subject data", "description": "subject data description", "policy": {"name": "test policy"}, "category": {"name": "test subject categories"}}],
- "object_data": [{"name": "test object data", "description": "object data description", "policy": {"name": "test policy"}, "category": {"name": "test object categories"}}],
- "action_data": [{"name": "test action data", "description": "action data description", "policy": {"name": "test policy"}, "category": {"name": "test action categories"}}],
+ "subject_data": [{"name": "test subject data", "description": "subject data description", "policies": [{"name": "test policy"}], "category": {"name": "test subject categories"}}],
+ "object_data": [{"name": "test object data", "description": "object data description", "policies": [{"name": "test policy"}], "category": {"name": "test object categories"}}],
+ "action_data": [{"name": "test action data", "description": "action data description", "policies": [{"name": "test policy"}], "category": {"name": "test action categories"}}],
"meta_rules": [{"name": "meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]}],
"subjects": [{"name": "testuser", "description": "description of the subject", "extra": {"field_extra_subject": "value extra subject"}, "policies": [{"name": "test policy"}]}],
"objects": [{"name": "test object", "description": "description of the object", "extra": {"field_extra_object": "value extra object"}, "policies": [{"name": "test policy"}]}],
@@ -57,9 +57,9 @@ RULES = {"models": [{"name": "test model", "description": "", "meta_rules": [{"n
"subject_categories": [{"name": "test subject categories", "description": "subject category description"}],
"object_categories": [{"name": "test object categories", "description": "object category description"}],
"action_categories": [{"name": "test action categories", "description": "action category description"}],
- "subject_data": [{"name": "test subject data", "description": "subject data description", "policy": {"name": "test policy"}, "category": {"name": "test subject categories"}}],
- "object_data": [{"name": "test object data", "description": "object data description", "policy": {"name": "test policy"}, "category": {"name": "test object categories"}}],
- "action_data": [{"name": "test action data", "description": "action data description", "policy": {"name": "test policy"}, "category": {"name": "test action categories"}}],
+ "subject_data": [{"name": "test subject data", "description": "subject data description", "policies": [{"name": "test policy"}], "category": {"name": "test subject categories"}}],
+ "object_data": [{"name": "test object data", "description": "object data description", "policies": [{"name": "test policy"}], "category": {"name": "test object categories"}}],
+ "action_data": [{"name": "test action data", "description": "action data description", "policies": [{"name": "test policy"}], "category": {"name": "test action categories"}}],
"meta_rules": [{"name": "meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]}],
"subjects": [{"name": "testuser", "description": "description of the subject", "extra": {"field_extra_subject": "value extra subject"}, "policies": [{"name": "test policy"}]}],
"objects": [{"name": "test object", "description": "description of the object", "extra": {"field_extra_object": "value extra object"}, "policies": [{"name": "test policy"}]}],
diff --git a/moon_manager/tests/unit_python/api/test_import.py b/moon_manager/tests/unit_python/api/test_import.py
index ef2267ed..da7872dc 100644
--- a/moon_manager/tests/unit_python/api/test_import.py
+++ b/moon_manager/tests/unit_python/api/test_import.py
@@ -66,24 +66,24 @@ PRE_DATA = {"models": [{"name": "test model", "description": "", "meta_rules": [
"meta_rules": [{"name": "good meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]},
{"name": "other good meta rule", "description": "valid meta rule", "subject_categories": [{"name": "other test subject categories"}], "object_categories": [{"name": "other test object categories"}], "action_categories": [{"name": "other test action categories"}]}]}
-SUBJECT_DATA = [{"subject_data": [{"name": "not valid subject data", "description": "", "policy": {}, "category": {}}]},
- {"subject_data": [{"name": "not valid subject data", "description": "", "policy": {}, "category": {"name": "test subject categories"}}]},
- {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {"name": "test model"}, "mandatory": True}], "subject_data": [{"name": "one valid subject data", "description": "description", "policy": {}, "category": {"name": "test subject categories"}}]},
- {"subject_data": [{"name": "valid subject data", "description": "description", "policy": {"name": "test policy"}, "category": {"name": "test subject categories"}}]},
- {"subject_data": [{"name": "valid subject data", "description": "new description", "policy": {"name": "test other policy"}, "category": {"name": "test subject categories"}}]}]
+SUBJECT_DATA = [{"subject_data": [{"name": "not valid subject data", "description": "", "policies": [{}], "category": {}}]},
+ {"subject_data": [{"name": "not valid subject data", "description": "", "policies": [{}], "category": {"name": "test subject categories"}}]},
+ {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {"name": "test model"}, "mandatory": True}], "subject_data": [{"name": "one valid subject data", "description": "description", "policies": [{}], "category": {"name": "test subject categories"}}]},
+ {"subject_data": [{"name": "valid subject data", "description": "description", "policies": [{"name": "test policy"}], "category": {"name": "test subject categories"}}]},
+ {"subject_data": [{"name": "valid subject data", "description": "new description", "policies": [{"name": "test other policy"}], "category": {"name": "test subject categories"}}]}]
-OBJECT_DATA = [{"object_data": [{"name": "not valid object data", "description": "", "policy": {}, "category": {}}]},
- {"object_data": [{"name": "not valid object data", "description": "", "policy": {}, "category": {"name": "test object categories"}}]},
- {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {"name": "test model"}, "mandatory": True}], "object_data": [{"name": "one valid object data", "description": "description", "policy": {}, "category": {"name": "test object categories"}}]},
- {"object_data": [{"name": "valid object data", "description": "description", "policy": {"name": "test policy"}, "category": {"name": "test object categories"}}]},
- {"object_data": [{"name": "valid object data", "description": "new description", "policy": {"name": "test other policy"}, "category": {"name": "test object categories"}}]}]
+OBJECT_DATA = [{"object_data": [{"name": "not valid object data", "description": "", "policies": [{}], "category": {}}]},
+ {"object_data": [{"name": "not valid object data", "description": "", "policies": [{}], "category": {"name": "test object categories"}}]},
+ {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {"name": "test model"}, "mandatory": True}], "object_data": [{"name": "one valid object data", "description": "description", "policies": [{}], "category": {"name": "test object categories"}}]},
+ {"object_data": [{"name": "valid object data", "description": "description", "policies": [{"name": "test policy"}], "category": {"name": "test object categories"}}]},
+ {"object_data": [{"name": "valid object data", "description": "new description", "policies": [{"name": "test other policy"}], "category": {"name": "test object categories"}}]}]
-ACTION_DATA = [{"action_data": [{"name": "not valid action data", "description": "", "policy": {}, "category": {}}]},
- {"action_data": [{"name": "not valid action data", "description": "", "policy": {}, "category": {"name": "test action categories"}}]},
- {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {"name": "test model"}, "mandatory": True}], "action_data": [{"name": "one valid action data", "description": "description", "policy": {}, "category": {"name": "test action categories"}}]},
- {"action_data": [{"name": "valid action data", "description": "description", "policy": {"name": "test policy"}, "category": {"name": "test action categories"}}]},
- {"action_data": [{"name": "valid action data", "description": "new description", "policy": {"name": "test other policy"}, "category": {"name": "test action categories"}}]}]
+ACTION_DATA = [{"action_data": [{"name": "not valid action data", "description": "", "policies": [{}], "category": {}}]},
+ {"action_data": [{"name": "not valid action data", "description": "", "policies": [{}], "category": {"name": "test action categories"}}]},
+ {"policies": [{"name": "test policy", "genre": "authz", "description": "description", "model": {"name": "test model"}, "mandatory": True}], "action_data": [{"name": "one valid action data", "description": "description", "policies": [{}], "category": {"name": "test action categories"}}]},
+ {"action_data": [{"name": "valid action data", "description": "description", "policies": [{"name": "test policy"}], "category": {"name": "test action categories"}}]},
+ {"action_data": [{"name": "valid action data", "description": "new description", "policies": [{"name": "test other policy"}], "category": {"name": "test action categories"}}]}]
PRE_META_RULES = {"subject_categories": [{"name": "test subject categories", "description": "subject category description"}],
@@ -104,9 +104,9 @@ PRE_ASSIGNMENTS = {"models": [{"name": "test model", "description": "", "meta_ru
"objects": [{"name": "test object", "description": "description of the object", "extra": {}, "policies": [{"name": "test policy"}]}],
"actions": [{"name": "test action", "description": "description of the action", "extra": {}, "policies": [{"name": "test policy"}]}],
"meta_rules": [{"name": "good meta rule", "description": "valid meta rule", "subject_categories": [{"name": "test subject categories"}], "object_categories": [{"name": "test object categories"}], "action_categories": [{"name": "test action categories"}]}],
- "subject_data": [{"name": "subject data", "description": "test subject data", "policy": {"name": "test policy"}, "category": {"name": "test subject categories"}}],
- "object_data": [{"name": "object data", "description": "test object data", "policy": {"name": "test policy"}, "category": {"name": "test object categories"}}],
- "action_data": [{"name": "action data", "description": "test action data", "policy": {"name": "test policy"}, "category": {"name": "test action categories"}}]}
+ "subject_data": [{"name": "subject data", "description": "test subject data", "policies": [{"name": "test policy"}], "category": {"name": "test subject categories"}}],
+ "object_data": [{"name": "object data", "description": "test object data", "policies": [{"name": "test policy"}], "category": {"name": "test object categories"}}],
+ "action_data": [{"name": "action data", "description": "test action data", "policies": [{"name": "test policy"}], "category": {"name": "test action categories"}}]}
SUBJECT_ASSIGNMENTS = [{"subject_assignments": [{"subject": {"name": "unknonw"}, "category" : {"name": "test subject categories"}, "assignments": [{"name": "subject data"}]}]},
--
cgit